The Washington National Guard is leveraging a decade of investment in cyber security at Camp Murray in Lakewood into projects that could protect state and local governments, utilities and private industry from network attacks.
The aim is to bring to the digital world the kind of disaster response the National Guard already lends to fighting wildfires and floods, said Lt. Col. Gent Welsh of the Washington Air National Guard.
“Just as ‘Business X’ needs the National Guard to come in and fill sand bags, ‘Business X’ might need to call the National Guard if it’s overwhelmed on the cyber side,” Welsh said.
The new task plays to a growing strength in the state’s National Guard, which draws on employees from companies including Microsoft and Amazon to provide special expertise in its network warfare units.
These high-tech citizen soldiers serve in units such as the 262nd Network Warfare Squadron, which carries out worldwide cyber-security missions from a nondescript brick building on Joint Base Lewis-McChord. They’re tasked with protecting Pentagon networks from hackers who steal information or otherwise manipulate Defense Department data.
They represent the Pentagon’s best bet on how wars will be fought decades from now, enabling highly trained information security soldiers to protect national networks from a headquarters along Interstate 5 south of Tacoma.
“A lot of modern and future warfighting is going to take place in these secure facilities as opposed to in forward deployed positions,” said Col. Brian Dravis, commander of the 194th Regional Support Wing, which includes the network warfare squadron.
So far, those assets have largely been out of reach for local governments and utilities because of restrictions on how the military operates in the civilian world. That changed with guidance from the Department of Homeland Security encouraging states to make their own plans for responding to significant cyber incidents.
In July, the Washington National Guard approved a plan outlining how it can assist utilities and local governments in cyber attacks. It identified units that can help local governments take preventive measures to protect themselves, as well as soldiers who could do forensic work to identify attackers or deploy in the middle of an assault.
“We are ready to respond tonight,” Welsh said.
Supporters say this civilian-assistance plan is a major change in the National Guard’s responsibility for cyber security. They’re still puzzling out how the Stafford Act, which governs how the Guard can be tapped for disaster responses, applies to digital security.
Take the City of Seattle, for example. Although it wants the Guard to help find weaknesses in the city’s cyber defenses, it found too many obstacles to a realistic partnership.
“We’re still not able to just say, ‘Hey, can you give us a penetration test?’” said Michael Hamilton, chief of Seattle’s information security systems. “I can’t call them and ask them. They’re the military.”
He has asked to have the National Guard’s 262nd Network Warfare Squadron test Seattle’s cyber defenses, but he couldn’t reach an agreement because the request would have to go from the governor to the Department of Homeland Security.
He’s going to Camp Murray this month to help the Guard define what level of attack should trigger a call-up and response. Those terms remain unclear from leaders in the nation’s capital.
Challenges include determining who should pay for a penetration test and how to create a process for the governor to decide if the request meets a worthwhile use of state resources, Welsh said.
“We’re not going to wait for the feds to hand us everything,” Welsh said.
Down the road, Hamilton sees a role for the Washington National Guard in analyzing reports of cyber attacks against local governments and vital infrastructure, such as hospitals and utilities. Those citizen soldiers might operate out of the Washington Fusion Center, a secure facility in downtown Seattle where federal agencies scan digital networks for threats. The trick would be figuring out which authority they’d serve under because military service members cannot use their resources for normal, local law enforcement purposes.
To Hamilton, the guardsmen represent smart, trained soldiers who could grow from experiences working with civilian agencies such as his to land high-paying private-sector jobs when they leave the service.
“There are jobs out there,” he said. “They have security clearances. They’re qualified.”
Intelligence has emerged as a growth industry for both the Army and Air Force sides of the Washington National Guard over the last decade.
• The 262nd Network Warfare Squadron last year moved into a $5.6 million facility on Lewis-McChord. It belongs to the 194th Regional Air Support Wing, which has more than 1,000 airmen and no aircraft. About half of them perform cyber security and surveillance missions in units such as the 262nd and the 143rd Information Operations Squadron.
Dravis, the wing commander, said air guardsmen often do not have to deploy overseas in the traditional sense. Instead, they can operate from their headquarters.
In the past five years, the 262nd has carried out more than 90 missions for the military commands that oversee forces in the Middle East, Europe and the Pacific. The White House also has been a customer of the wing’s cyber-security teams.
• The Washington National Guard in August opened a $1.5 million Secure Compartmented Information Facility, which enables Army National Guard intelligence soldiers to analyze and contribute to battlefield reports from around the world. It can also be used by different government agencies, such as the National Security Agency.
• This year’s defense budget included $35 million to build an information operations readiness center at the Washington National Guard. It would enable guardsmen to participate in efforts to influence enemy decision-makers through tools such as deception and psychological operations.
From that investment, Dravis is campaigning for the state to develop a drone unit. His 194th Regional Air Support Wing already conducts surveillance missions. He said that a drone capability would round out the assets his air wing commands.
The Army side of intelligence programs in the Guard builds on the 341st Military Intelligence Battalion, which consists of soldiers who speak more than 20 languages. They sometimes deploy to the battlefield and sometimes work from high-level headquarters analyzing field reports.
They can make use of the new Secure Compartmented Information Facility to analyze raw information taken in military exercises around the world. They often translate documents seized in the field and make sense of the “pocket litter” enemy fighters leave behind.
“It’s just wading in reams of data and looking to find those gems,” said Army National Guard Lt. Col. Curt Simonson, 46, of Spanaway.
These intelligence-driven programs should be relatively safe as the Pentagon prepares to cut spending over the next decade. Defense Secretary Leon Panetta in an August visit to Naval Base Kitsap stressed that cyber security would remain a top priority for him as lawmakers reduce overall spending.
That bodes well for the Washington Guard’s intelligence programs, and for the soldiers who might pursue careers in civilian cyber security after leaving the service.
“There’s 0 percent unemployment in this field,” said Barbara Endicott-Popovsky, director of the Center for Information Assurance and Cyber Security at the University of Washington. “There’s a deficit of people in this field.”
She’s working to create a “pipeline” for service members to build on their cyber-security experience and make the transition to civilian work in the same field. For example, a person leaving the military might receive credit for his real-world experience and get preference for civilian internships. He could use the GI Bill to pay him during apprenticeships, Endicott-Popovsky suggested.
“I really want to see soldiers be able to take advantage of it and get themselves careers that have legs,” she said. “Cyber security – I don’t care how old you are – will not be solved in our lifetime.”
Microsoft’s Russ McRee is an example of how the pipeline moves the other way, too – by taking civilian information-security experts and putting them to work for the National Guard at Camp Murray.
He’s a manager of security analytics for online services at Microsoft who has several co-workers serving in the Air National Guard. Some have prior military service; some have served exclusively in the Guard.
“There are extraordinarily capable assets for the Guard and Camp Murray,” he said. “The Air Guard units in particular have some individuals who are literally among the best in the industry who happen to just be in the area serving as Guard resources. They are also technically brilliant.”
He joined the Washington Military Department’s volunteer State Guard in May hoping to work on cyber security in addition to learning how to lend a hand in traditional disasters such as earthquakes and floods.
Now he’s helping Welsh work out criteria for civilian agencies to get cyber help from the Guard, both as prevention and as a response to an attack.
“This is really visionary. No one else is doing this,” said McRee, 45, of Maple Valley.
He stresses that the National Guard would not step in for civilian cyber-security effort unless it is invited.
“It’s specifically for state resources and is not ever, ever, ever intended to be done without very explicit, well-documented requests for permission and review,” he said.
McRee is new to government service, but he finds himself excited to participate in a project for a greater good.
“It’s incredibly refreshing to see the definition of what joint forces should look like. The common goal, that’s what’s amazing,” he said.Adam Ashton: 253-597-8646 email@example.com blog.thenewstribune.com/military