The U.S. Government Accountability Office (GAO) released a report on Tuesday that found that the U.S. Department of Defense (DoD) needs to identify the National Guard’s cyber capabilities and address challenges in its exercises.
The GAO report said that DoD doesn’t have the visibility of all National Guard unit capabilities for full support in cyber incidents. GAO found three types of cyber capabilities that exist in National Guard units, including communication directorates, which operate and maintain the National Guard’s information network; computer network defense teams, which protect National Guard information systems and could serve as first responders for a state’s cyber emergencies and provide surge capacity to national capabilities; and cyber units, which conduct cyberspace operations.
The GAO said that the DoD didn’t have total visibility over all National Guard units because the department has not maintained a database that identifies the National Guard unit’s cyber-related emergency response capabilities, which is required by law. The GAO’s report said that without such a database, DoD may not have timely access to those capabilities when requested by civil authorities during a cyber incident.
The GAO recommended that the DoD maintain a database that identifies National Guard cyber capabilities, conduct a tier 1 exercise to prepare its forces in the event of a disaster with cyber effects, and address challenges from prior exercises. The DoD said that the organization only partially agreed with the recommendations, saying that its current mechanisms and exercises are sufficient to address the issues highlighted in the report.