The Cyber Edge Home Page

  • A civilian cyber corps could support two of U.S. Cyber Command’s three primary missions: defend Defense Department networks to ensure their data is held securely and defend critical infrastructure.
     A civilian cyber corps could support two of U.S. Cyber Command’s three primary missions: defend Defense Department networks to ensure their data is held securely and defend critical infrastructure.

Incoming: A Model for Building a Civilian Reserve Cyber Corps

The Cyber Edge
December 1, 2017
By Maj. Gen. Earl D. Matthews, USAF (Ret.)

A civilian reserve cyber corps deserves strong consideration as a way to add more capacity to the cyber work force, which the nation has struggled to do for a number of years. The Civil Reserve Air Fleet (CRAF) could serve as a model for the corps and ultimately help the U.S. government and the Defense Department shore up their shortfall of cyber resources.

The CRAF program was initiated after the Berlin Airlift and falls under the Department of Transportation, which is responsible for developing plans for a national emergency preparedness program. CRAF uses aircraft from U.S. airlines that have contractually committed to support Defense Department airlift requirements during emergencies when the need for airlifts exceeds the capability of military aircraft. This actually happens every day, given the sustained combat operations and the number of humanitarian crises the United States faces.

CRAF has three main segments: international, national and aeromedical evacuation. The international segment is divided further into the long-range and short-range sections; the national segment is divided into the domestic and Alaskan sections. The role of CRAF aircraft is to augment the Air Mobility Command’s (AMC’s) long-range intertheater C-5s and C-17s during periods of increased airlift needs through three stages. Stage I is for minor regional crises; Stage II is for major theater war; and Stage III is for periods of national mobilization. Assignment of aircraft to a segment depends on the nature of the requirement and the performance characteristics needed.

The commander of the U.S. Transportation Command (TRANSCOM), with approval of the secretary of defense, is the activation authority for all three CRAF stages. During a crisis, if the AMC needs additional aircraft, it asks the TRANSCOM commander to take steps to activate the appropriate CRAF stage.

Each stage is used only to the extent necessary to provide the amount of civil augmentation airlift needed by the Defense Department. Aircraft must be ready 24 to 48 hours after the AMC assigns a CRAF mission. The air carriers continue to operate and maintain the aircraft with their resources, but the AMC controls the CRAF missions.

Applying this framework to cybersecurity would be a little more complicated because a civilian cyber corps would not be simply augmenting the capacity of one command, such as the AMC. However, it could have the same effect when applied either narrowly or broadly to support two of U.S. Cyber Command’s (CYBERCOM’s) three primary missions: Defend Defense Department networks to ensure their data is held securely, and defend critical infrastructure. Additionally, oversight of the cyber initiative should come from the Department of Homeland Security, just as CRAF is overseen by the Transportation Department.

Similar to CRAF, the civilian cyber program would have multiple stages where assignment of capability to a segment would depend on the nature of the requirement and the specific capability needed. At a minimum, the program should initially focus on providing certified ethical hacker support to address shortfalls in supervisory control and data acquisition (SCADA) penetration testing and other types of testing against Defense Department networks and critical infrastructure. We should add threat analysts and forensics investigators to the mix, too. Anyone in the civilian cyber corps would need to pass a background check because most would need security clearances to work against certain mission systems.

The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, published by the National Institute of Standards and Technology in August, could serve as a guide for the corps. The framework could provide a common lexicon that categorizes and describes cybersecurity work by category, specialty area and work role. As cyber roles evolve, the government and the private sector could build on this resource to develop additional publications or tools. These items would define or provide guidance on different aspects of work force development.

Bringing in the best talent, technology and processes from the private sector to benefit the government and the Defense Department not only helps deliver more comprehensive, secure solutions but also better protects our country. This innovative initiative will strengthen our digital defenses and ultimately enhance our national security.

Maj. Gen. Earl D. Matthews, USAF (Ret.), the former director of cyberspace operations in the Air Force’s Office of Information Dominance and Chief Information Officer, is vice president of the Enterprise Security Solutions Group for DXC Technology, U.S. Public Sector. The views expressed here are his own.

Departments: 

Share Your Thoughts:

I would love to discuss this personally with General Matthews. I have worked for several years as the founder and past president of our local Cyber Incident Response Coalition and Analysis Sharing group (CIRCAS) and with the State of Washington and we have made significant progress on just such a corps as he is describing here.

Additionally, we have been talking with the State of Michigan which has also developed a similar model cyber reserve corps and are working on refining the deployment/maintenance/logistics/liabilities, etc.

We have worked with FEMA to create ESF2 cyber resource types to be deployable in a State declared critical infrastructure cyber emergency and are written into the State's comprehensive emergency management plan in a cyber annex.

We have exercised this option in large functional and table-top exercises and will be continuing that exercise cycle on 7 December.

We all benefit from sharing our ideas, so I would hope General Matthews (whose last name is pretty perfect!) would contact me at his earliest convenience.

Best Regards,

David Matthews, CISSP, DRFS, CSFA

Share Your Thoughts: