WASHINGTON, D.C. – U.S. Senator Joni Ernst (R-IA), Chairman of the Emerging Threats and Capabilities Subcommittee on the Senate Armed Services Committee, along with Senators Chris Coons (D-DE), Deb Fischer (R-NE) and Kirsten Gillibrand (D-NY), today introduced the DoD Emergency Response Capabilities Database Enhancement Act of 2017, legislation that updates a current law and requires the Department of Defense to track cyber capabilities important to national security and domestic response found in the National Guard and Reserve forces within one year.

A 2016 Government Accountability Office (GAO) report found that “National Guard units have developed capabilities that could be used, if requested and approved, to support civil authorities in a cyber incident; however, the Department of Defense (DOD) does not have visibility of all National Guard units' capabilities for this support.” Specifically, GAO recommended, “To ensure that decision makers have immediate visibility into all capabilities of the National Guard that could support civil authorities in a cyber incident, the Secretary of Defense should maintain a database that can fully and quickly identify the cyber capabilities that the National Guard in the 50 states, three territories, and the District of Columbia have and could be used--if requested and approved--to support civil authorities in a cyber incident.”

“The reality is that cyber warfare is an emerging and ever-evolving battlefield, and we must use all available tools to protect our nation’s security, including those that already exist in our National Guard units,” said Senator Ernst, a combat veteran of the National Guard. “Many of our guardsmen work in the cyber and IT field in their civilian careers, and we must present more opportunities to harness their skillset to advance our nation’s cyber initiatives.”  

“Aggressive Russian cyber activities, China’s 2015 hack into the Office of Personnel Management, and efforts by Iran and non-state groups all demonstrate that we must make greater efforts to strengthen our cyber defenses,” said Senator Coons. “The National Guard, including Delaware’s 166th Network Warfare Squadron, is an important reservoir of cyber knowledge and expertise. Yet the Pentagon does not have adequate understanding of all Guard unit cyber skills, which could inhibit our response to a major cyberattack. This bill will create a database so the Department of Defense can fully and quickly identify National Guard Cyber capabilities, allowing for a prompt response by civil authorities to a future a cyber incident.” 

“Our National Guard is uniquely positioned to recruit and retain some of our best cyber warriors, and this bill would help make sure that our military is taking advantage of this extraordinary talent,” said Senator Gillibrand. “We need to do everything we can to keep our nation’s cyber defense strong and effective, and I urge all of my colleagues to support this bill.”

Twice at Senate Armed Services Committee hearings, Senator Joni Ernst pressed the Commander of the U.S. Cyber Command and Director of the National Security Agency, Admiral Michael Rogers, on the use of National Guard units’ cyber capabilities and specifically asked him what he was doing to better track their capabilities.

During her questioning last month, Senator Ernst followed up with Admiral Rogers from a previous hearing where he was unable to answer why the Department of Defense (DOD) was not tracking National Guard Cyber Capabilities in a new system, and Admiral Rogers responded, “...I am the first to acknowledge that after talking to OSD and the services, that I don’t have a good answer for you and I will get you something in writing in the next week or so.” “OSD” refers to the Office of the Secretary of Defense.

Later, Admiral Rogers answered Senator Ernst in a written response stating, “in compliance with the 2007 NDAA requirement, DOD built a module in DRRS that tracks emergency response capabilities; however, the module does not include cyber capabilities across the National Guard.” Referring to the Defense Readiness Reporting System.

The DoD Emergency Response Capabilities Database Enhancement Act:

  1. Requires DOD specifically track, within one year, cyber capabilities found in the National Guard and Reserve forces identified by DOD to be important to matters of national security and domestic response.
  2. Allows DOD to update or utilize existing systems to track the capabilities if it’s faster and more cost effective.

Click here to view the bill.