Monday, November 23, 2020

S 4833 Introduced – NG Cybersecurity Operations

Last month Sen Hassan (D,NH) introduced S 4833, bill that would authorize cybersecurity operations and missions to protect critical infrastructure by members of the National Guard.

The bill would amend 32 USC 502(f)(1) to specifically include “cybersecurity operations or missions undertaken by the member’s unit at the request of the Governor of the State concerned to protect critical infrastructure” in what actions could be included in duties to which a member of the National Guard could be assigned.

Moving Forward

Neither Hassan nor her single cosponsor Sen Cornyn (R,TX) are members of the Senate Armed Services Committee to which this bill was assigned for consideration. This means that the bill, even if it had been introduced earlier in the session, would not have been likely to have been considered by the Committee.

I see nothing in this bill that would have drawn any significant opposition. If it were considered in Committee, it would almost certainly draw significant bipartisan support.


This is a perfect example of a piece of legislation that would authorize a government agency to do something which it was already doing. National Guard cyber units have been in active support of State agencies across the country and there have been numerous news reports of their support of cyber operations concerning critical infrastructure.

The interesting thing here is where this ‘authorization’ was placed in the United States Code. As currently constituted §502(f)(1) reads:

“(f)(1) Under regulations to be prescribed by the Secretary of the Army or Secretary of the Air Force, as the case may be, a member of the National Guard may—

(A) without his consent, but with the pay and allowances provided by law; or

(B) with his consent, either with or without pay and allowances;

be ordered to perform training or other duty in addition to that prescribed under subsection (a).”

The placement of the cyber operations language in this subsection, specifically ensures that a member of the National Guard can only be individually ordered to take part in “cybersecurity operations or missions” when those missions are “undertaken by the member’s unit”. Thus, an individual with cyber expertise in say an artillery unit could not be ordered to provide cybersecurity services for a private sector company owned by his National Guard unit commander. Not saying that that would happen….

No comments:

/* Use this with templates/template-twocol.html */