JOINT BASE LEWIS-McCHORD — As the number of cyber attacks on US government and industry has increased in recent years, the government has slowly come to realize that while its highest-end systems may be hardened, critical infrastructure does not always have the same protection.
As a result, the Pentagon is eyeing an expansion of the cyber protection role that National Guard units provide, in particular in the realm of protecting industrial controls — the systems that control power, transportation and communications that keep day-to-day life flowing across the country.
A pilot program comes in the form of the 262nd Network Warfare Squadron, based out of Joint Base Lewis-McChord in Washington state. The squadron, which falls under the 252nd Cyber Operations Group, has a history of patching up cyber vulnerabilities in major systems, including having done work on the B-2 bomber and leading an assessment into a 2010 event where the Air Force lost touch with 50 Minuteman III ICBMs in their silos.
But last year the unit turned it focus more local, running a vulnerability assessment study for the Snohomish County Public Utility District in Washington state. The study helped the utility identify potential vulnerabilities and act to harden its digital defenses.
The unit has 101 people, of which 30 are set up to work on industrial control systems. That kind of local infrastructure support from a Guard unit is unique to the 262nd, according to Lt. Col. Kenneth Borchers, deputy commander of the 252nd.
"It’s a very precious asset, it’s a very small asset," Borchers told reporters about his industrial control team during a March 4 visit to the base. He pointed to the December 2015 shutdown of the power grid in large chunks of Ukraine as proof that attacks on infrastructure are being coordinated and weaponized in a way they hadn’t been before.
The Snohomish County program provides a potential blueprint for how the Guard can help local industry and government increase their cyber protections, said Maj. Gen. Bret Daugherty, the adjutant general for Washington.
He said the team was able to get into the controls for Snohomish County and identify weak points that would have affected the power for the county, and in the process found ways to ensure that if a cyber event did occur, the utility would be able to restore power more quickly.
"We’re very interested in doing some more of that kind of work. … We anticipate doing more of these missions in the future," Daugherty said, noting that lessons learned from the Snohomish County assessment will drive how they do industrial control programs in the future.
The problem for now is that the 262nd is a bit of an island of knowledge, with limited bandwidth. And while it would hypothetically be possible for a governor from another state to tap them in a crisis under the emergency compact between state Guard bureaus, the ideal solution is to spread this expertise to other units, Borchers said.
"The right answer is, we need to be able to export this capability and we need to be able to train other people to do this in other Guard units and other cyber units across the nation," he added. "That’s what we’re trying to move toward, is training others to do the same thing."
The unit features a number of employees from major tech firms, including Google, Cisco and Microsoft. Getting tech professionals to take part in military service, in whatever capacity is possible, has become a signature issue for Secretary of Defense Ash Carter, and he praised the unit during his visit to the base.
"They'll go somewhere, solve that problem, make a critical infrastructure in a particular place or a particular sector of the economy secure, and they can, they can go work elsewhere," Carter told reporters during the trip. "I want to do more, establish more units like this. This is a pathfinding way of doing things. Brings in the high-tech sector in a very direct way to the mission of protecting the country."
And that highlights another benefit of having a Guard unit do this kind of threat assessment instead of private industry. One of the guardsmen involved in the Snohomish event owns a cyber security firm and, according to Borchers, said he would have charged the county $150,000 for the assessment that occurred. Instead, the 262nd assessment cost the county only $20,000.