Blake Sobczak, E&E reporter
Published: Wednesday, June 22, 2016
(EVERETT, WA) -- Not long after friendly hackers broke into his water and
power utility in early 2015, Benjamin Beberness had a real danger on his hands.
An "insider threat event" at the Snohomish County
Public Utility District in Washington State, where Beberness serves as chief
information officer, prompted him to scramble his cybersecurity team and design
a response plan.
He also turned to the good-guy hackers who once bypassed his
network defenses in mere minutes via a well-crafted malicious email
(EnergyWire, Oct. 6, 2015).
"Because they knew our environment so well, they were
able to give me some good feedback on how to better mitigate that insider
threat," Beberness said at an event in Washington, D.C., yesterday hosted
by the Lexington Institute, a right-leaning think tank that focuses on national
security and technology policy.
The helpful neighborhood hackers were members of the
Washington National Guard, who stand ready in the event a cyberattack ever
causes widespread physical damage in the state.
The extent to which Guard troops get involved in
cybersecurity depends largely on the resources available and the level of
interest from each governor's office. National Guard units are jointly managed
at the state and federal level, giving their commanders a degree of autonomy
compared to other Defense Department components.
The Department of Homeland Security remains the go-to agency
for helping guard critical infrastructure networks such as the power grid from
cyberthreats. Besieged utilities can also turn to the Department of Energy for
sector-specific advice and expertise.
But these three-letter agencies may not be the first places
state governors turn to during an actual cyber event, according to Col. Shawn
Bratton, cyber operations group commander for the Maryland Air National Guard.
"In my almost 30 years in the National Guard, I've
found that the crisis usually starts smaller: locally and at the state
level," he said. "The governor almost always looks inside the state
for solutions before requesting assistance from outside."
Support from the National Guard doesn't mean letting
soldiers take over private networks, a scenario Bratton described as
"difficult to imagine" given that they'd be unlikely to be invited,
let alone be useful on such unfamiliar turf.
"A far more likely and valuable contribution could be
in the advise-and-assist role" during a cyberattack, he said, such as by
offering a "breakdown of how to recognize malware's presence and advice on
how to mitigate it."
Rep. Sheila Jackson Lee (D-Texas) introduced a bill last
year that would require the Director of National Intelligence to assess the
possibility of creating a Cyber Defense National Guard for protecting critical
infrastructure from online assaults or accidental man-made incidents.
Given the jumble of government agencies that already have a
hand in grid cybersecurity, it's unclear whether the idea of boosting the
National Guard's role will gain traction.
"The Guard, like the military, is being really
stretched," said Daniel Goure, vice president with the Lexington Institute
and a former Department of Defense official. "If [cybersecurity] is
something that the Guard is uniquely capable of doing -- and that it can play a
role that I don't think another institution in this country can play -- how far
do we want to take it?"
