This April, a bipartisan group of senators hailing from Tennessee, Nevada, and California introduced the Civilian Cyber Security Reserve Act (CCSRA) with the goal of establishing a pilot program to provide civilian personnel trained
Senator Marsha Blackburn, one of the co-sponsors, stated in a press release: “The complexity of the cyber domain creates the need for mission-capable personnel ready to confront these new challenges. Creating a reserve corps similar to our National Guard or Army Reserve will allow our national security agencies to have access to the qualified, capable, and service-oriented American talent necessary to respond when an attack occurs. The Civilian Cyber Security Reserve Pilot project represents a big step in strengthening America’s cybersecurity posture.”
The proposed legislation would form a volunteer, invitation-only Civilian Cybersecurity Reserve force composed of civilians with prior Federal Government or uniformed service experience and an active security clearance, to be appointed by the heads of the U.S Department of Homeland Security (DHS) and U.S. Department of Defense (DOD) to temporary federal civil service roles.
By providing the DOD and DHS with the ability to rapidly scale up their cybersecurity forces on an as-needed basis, the legislation intends to help maximize the value of personnel that have already been trained and cleared to handle classified materials, who have left government service to pursue other opportunities. The bill additionally leaves members of the Selected Reserve free to serve the cybersecurity needs of the military, avoiding the creation of additional staffing shortages.
The bill comes at a time of growing need, with the Government Accountability Office (GAO) repeatedly warning about the shortage of trained, experienced cybersecurity and information technology assets. With large-scale attacks like the recent SolarWinds breach impacting both the public and private sector, the ability to rapidly surge cybersecurity capabilities will go a long way toward providing additional resilience in the inevitable event of the next large-scale cyberattack.