HR 2982 Introduced - National Guard Cybersecurity Support Act

Last month Rep Kim (D,NJ) introduced HR 2982, the National Guard Cybersecurity Support Act. The bill would specifically allow members of the Army and Air Force National Guard to conduct ‘cybersecurity operations’ to protect critical infrastructure. This is a companion bill to S 70 that was introduced in January. As I had predicted the Senate bill has not seen any action in committee.

Moving Forward

Kelly and two of his four co-sponsors {Rep Wilson (R,SC) and Rep Kelly (R,MS)} are members of the House Armed Services Committee, the Committee to which this bill was assigned for consideration, so there could be sufficient influence to see the bill considered in Committee. I see nothing in this bill that would engender any significant opposition. The bill should receive broad, bipartisan support in Committee. If this bill moves to the House floor, it would be considered under the suspension of the rules process. This means limited debate, no floor amendments and a super majority would be required for passage.

Commentary

My comments on S 70 apply equally to this bill. I would like to add a new observation that also applies to both bills. They both rely on 42 USC 5195c(e) for their definition of ‘critical infrastructure’. That definition reads:

“In this section, the term ‘‘critical infrastructure’’ means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

This was deliberately written as broadly as possible, and for most applications that is helpful. It provides federal officials the maximum amount of leeway in addressing security concerns or responding to incidents. But as cybersecurity attacks are increasingly becoming more widespread and costly, there will be a need for federal government agencies to limit the deployment of their resources and rely more on the growing cybersecurity industry in the country to handle the all but the most critical facility attacks.

This bill may not be the place to start considering the limitations of federal cyber response capabilities, but it is a discussion that will have to be had.