Does America Need a Civilian Cybersecurity Corps?

Cyber workforce people

The answer to that question is “yes,” according to a white paper released today by New America, a non-partisan think tank. The white paper argues that while the United States has been engaged in cybersecurity for more than a generation, there are still “organizational and human gaps” that leave the country insecure.

To strengthen the nation’s cybersecurity posture, New America proposed the creation of a Civilian Cybersecurity Corps, which would pull civilian volunteers and part-time talent into areas of “public cybersecurity concern.” The program would be modeled after cybersecurity organizations in other nations and “proven models in other domains of security and safety inside the United States.” The Corps’ end goal would be to improve collaboration and cooperation across the wider cybersecurity community to tackle core security needs that are unmet through existing infrastructure.

New America maintained throughout the paper that the Corps is an achievable program, rather than a far-fetched proposal.

“For all its potential value, the policy and financial requirements to make a Cyber Civilian Corps a reality are far less daunting than so many other cybersecurity or policy challenges,” argued the paper’s authors–Natasha Cohen, cybersecurity policy fellow at New America, and Peter Warren Singer, strategist and senior fellow at New America.

“It is also a concept that doesn’t fit within any one ideological framework,” which the authors said is “important during our hyper-partisan times.”

What Would the Civilian Cybersecurity Corps do?

The Corps would not replace the Department of Homeland Security’s (DHS) role in defending the country against cybersecurity threats, New America explained. Instead, it would “augment existing programs to raise the security level of the ecosystem writ-large and provide additional needed resources on three key areas:

  • Education and Outreach;
  • Testing, Assessments, and Exercises; and
  • On Call Expertise and Emergency Response.”

The authors stressed that the Corps’ work would be focused on the public good, not private sector institutions–except in the instance of a declared state of emergency. This distinction, according to the paper, limits potential concerns from companies already operating in the cybersecurity field. New America further stressed that the program would be designed to “serve the currently underserved, not the typical clientele of existing vendors.”

How Would it Be Organized?

DHS would serve as the supervisory agency for the Corps, and would be tasked with organizing and funding the Corps since it presently lacks an auxiliary unit. The paper further explains that the Corps would not be akin to the General Services Administration’s 18-F or U.S. Digital Services operations, which rely on technology industry professionals joining the government for full-time work on a long-term basis.

“[T]he need goes beyond the hiring of full-time employees and the self-limiting pool this means,” the authors explained. “The Corps would be an auxiliary, allowing it to tap a larger pool of talent for use on a period, and as needed, volunteer basis.”

Additionally, the authors believe that the program should be made of up both adult and youth members. The adult element would be made up of volunteers with either cybersecurity or general IT skills that are willing and able to provide their services for public interest. The youth element would include those under the age of 18 or 21 who are interested in developing cybersecurity skills. New America pointed out that in addition to providing more volunteers for the Corps, it also would help develop the pipeline for future cybersecurity talent.

The authors also argued that cybersecurity firms should encourage their workers to volunteer for the Corps. The paper explained that “much as in fields that range from medicine to law, firms should welcome the participation of their talent in such pro-bono programs, as it doesn’t just aid their communities, but provides their workforce with expanded experience and knowledge that they can bring back into their work.”

How Would the Corps Be Created?

New America said the Corps should be created through legislation that would build upon the bipartisan proposal for a National Emergency Technology Guard (NETGuard), which was part of the Homeland Security Act of 2002. “Due to DHS disorganization and disinterest at the time, the NETGuard did not launch, leaving the nation with the gap discussed above,” the authors said.

Relatively speaking, the funding estimate by New America would make the Corps a cheap program.  The think tank estimates that $50 million would create the foundation for an organization with roughly 250,000 members across all 50 states.

“In cybersecurity, the problems are hard and the threats ever-changing,” the paper concluded. “That means there are no simple answers or silver-bullet solutions. But one thing is clear: It is time to re-evaluate not just what is and isn’t working in cybersecurity today, but also to be willing to take new approaches. Part of this is to be open to building new organizations to fill key gaps that existing ones have and will be unable to fill.”

Recent