Last month Sen Hassan (D,NH) introduced S 4833, bill that would authorize cybersecurity operations and missions to protect critical infrastructure by members of the National Guard.
The bill would amend 32 USC 502(f)(1) to specifically include “cybersecurity operations or missions undertaken by the member’s unit at the request of the Governor of the State concerned to protect critical infrastructure” in what actions could be included in duties to which a member of the National Guard could be assigned.
Moving Forward
Neither Hassan nor her single cosponsor Sen Cornyn (R,TX) are members of the Senate Armed Services Committee to which this bill was assigned for consideration. This means that the bill, even if it had been introduced earlier in the session, would not have been likely to have been considered by the Committee.
I see nothing in this bill that would have drawn any significant opposition. If it were considered in Committee, it would almost certainly draw significant bipartisan support.
Commentary
This is a perfect example of a piece of legislation that would authorize a government agency to do something which it was already doing. National Guard cyber units have been in active support of State agencies across the country and there have been numerous news reports of their support of cyber operations concerning critical infrastructure.
The interesting thing here is where this ‘authorization’ was placed in the United States Code. As currently constituted §502(f)(1) reads:
“(f)(1) Under regulations to be
prescribed by the Secretary of the Army or Secretary of the Air Force, as the
case may be, a member of the National Guard may—
(A) without his consent, but
with the pay and allowances provided by law; or
(B) with his consent, either
with or without pay and allowances;
be ordered to perform training or other duty in addition to that prescribed under subsection (a).”
The placement of the cyber operations language in this
subsection, specifically ensures that a member of the National Guard can only
be individually ordered to take part in “cybersecurity operations or missions”
when those missions are “undertaken by the member’s unit”. Thus, an individual
with cyber expertise in say an artillery unit could not be ordered to provide
cybersecurity services for a private sector company owned by his National Guard
unit commander. Not saying that that would happen….
Posts
No comments:
Post a Comment