Empower the National Guard for Cyber Defense
As cyber threats grow in scale and sophistication, America’s most critical and vulnerable systems – our power grids, water supplies, and gas pipelines – are increasingly in the crosshairs. These systems, known as Operational Technology (OT), are the invisible backbone of our daily lives – they’re what makes critical infrastructure, critical. Yet when it comes to cyber defense, OT has too often been treated as an afterthought, overshadowed by traditional IT-focused cybersecurity strategies and left exposed to adversaries intent on sowing disruption. Underinvestment has been matched with under preparation. OT networks are too often left unmonitored, and incident response plans are under-developed, or often nonexistent. Speedily addressing these vulnerabilities is a national security imperative. Fortunately, we have a ready resource available to lead OT-related cybersecurity preparation and incident response in the U.S. National Guard.
Why the National Guard? No other federal force combines local presence, dual federal-state authority, and deep operational ties with civil and private-sector counterparts the way the Guard does. With units in every state and territory, the Guard is uniquely suited to respond swiftly and cooperatively to attacks on critical infrastructure assets in communities across the country. The Guard has well built, well prepared, and capable cyber-focused units already that offer a strong foundation to build from.
I was honored recently to be tasked with creating national OT incident response plans as part of the 91st Cyber Brigade of the Virginia National Guard, in conjunction with other federal policymakers to help address the nation’s shortcomings in OT incident response. I am now working with these partners to build out the concept of the National Guard as a critical cyber incident response resource. This mission stems from a Congressional mandate to U.S. CYBERCOM to improve OT defenses and response. I am confident that with the ideas that we are developing, the personnel we are hiring and training, and with new authorities and reforms from Congress and the executive branch, the Guard can scale its mission to provide this badly needed line of defense, leaving our nation much safer.
This mission will require purpose-built training. The National Guard must regularly train in realistic, OT-specific environments that simulate the complexity of power grids, chemical plants, and rail networks. Traditional IT cybersecurity training doesn’t prepare a team to triage rolling failures across a regional electric grid. The Guard needs persistent, large-scale training tailored to the OT threat landscape; exercises like Virginia’s Cyber Fortress must be emulated and expanded. Congress should institutionalize and fund national-level, OT-focused cyber exercises to ensure consistent readiness, and units from every state in the country need to receive this training.
In parallel, Guard units must be trained not only to detect and respond to incidents, but to work with a vast web of stakeholders, from private infrastructure owners and ISACs to federal agencies and state government entities. The Cybersecurity and Infrastructure Security Agency (CISA) is well placed to coordinate among federal responders, and to take the lead on setting priorities and requirements for different industries, but the Guard should serve as a ready response force, and a resource to help critical infrastructure operators with threat hunting and security assessments. The Guard shouldn’t replace technical remediation experts, but it should provide the necessary personnel to supplement their work, maintain operational continuity, and ensure a synchronized strategy when critical systems are under attack. Guard units are trusted in their communities and are well placed to establish trusted relationships quickly with entities that come under attack.
To support this mission, we should establish a specialized National Cybersecurity Center of Excellence (NCCoE) for OT systems anchored within the Guard, led by a high-performing unit, like the 91st Cyber Brigade. Such a center would bring together the Guard, Department of Defense writ large, NIST, CISA, infrastructure operators, and technology partners to test solutions, set standards, and train for the future, and certify responders. It would serve as the nucleus of national OT cyber preparedness and response. Each state should have at least one unit trained through this program to be on the ready, ensuring consistency of response even when attacks have impacts across state lines.
We are at a strategic inflection point. The threats are real, and the weaknesses are known. The National Guard offers a scalable, trusted, and already-embedded force that can dramatically strengthen our national posture. By making the Guard the lead responder for OT cyber incidents, CISA the lead coordinator and policy-setter, building a robust training architecture, and investing in a Guard-based OT NCCoE capable of training responders nationwide, we can forge a resilient, whole-of-nation strategy that bridges federal authority, state agility, and private-sector expertise. The time to act is now, before the next crisis makes the cost of inaction unmistakable.
Robert M. Lee is a recognized pioneer in the industrial cybersecurity community. He is CEO and co-founder of Dragos, a global technology leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments.
This article was originally published by RealClearDefense and made available via RealClearWire.
