The National Guard and U.S. Cyber Command (CYBERCOM) have formed a partnership to open lines of communication between state and local governments and the military’s top cyber force to address the top priority of the command - the 2020 elections.
The partnership’s effort begins with the Cyber 9-Line – a list of nine questions used by the National Guard when responding to a cyber event in order to relay information quickly to CYBERCOM. It is the first step in an information exchange program created in late 2019, which links the command with National Guard units.
The Maryland National Guard used the Cyber 9-Line to share details of a ransomware attack in January 2020 on Dorchester County, but the system has broader implications as states prepare for the general election in November.
Gen. Paul Nakasone, who heads CYBERCOM, said last month that the organization had “an important role in keeping the 2018 elections safe, secure, and legitimate.” He added that “ensuring the same outcome for the 2020 elections is my top priority.”
The Cyber 9-Line provides CYBERCOM with: 1) the date/time of the incident; 2) classification of the information’s sensitivity; 3) information about critical infrastructure and key resources affected; 4) the attack’s origin; 5) a rating of severity; 6) a narrative of the incident; 7) request for support/escalation; 8) associated reporting; and 9) indicators of compromise.
CYBERCOM can send relevant information back quickly to the state or locality through the National Guard. The Cyber 9-Line can also be used to provide information for the unclassified Big Data Platform, a tool for state and local governments to access information and improve their cyber defenses.
“This level of cooperation and feedback provides local, state and Department of Defense partners with a holistic view of threats occurring in the United States and abroad,” said U.S. Army Brig. Gen. William Hartman, CYBERCOM’s Election Security Group lead and Cyber National Mission Force Commander, in an article on the organization’s website. “Dealing with a significant cyber incident requires a whole-of-government defense; bidirectional lines of communication and data sharing enables the collective effort to defend elections.”
“Currently most states and territories have Cyber 9-Line training planned or are establishing accounts,” said the June 9 joint article by the U.S. Cyber Command and National Security Agency (NSA) Election Security Group Public Affairs. “To date, 12 states have completed the registration process.” In an email, CYBERCOM’s public affairs office said information on which states have completed the process is not publicly available.