The Pentagon doesn't have full visibility into what the national guard could do, a GAO report finds.
The National Guard could help civil authorities deal with a cyber event, but not if the Pentagon doesn't know specifically what capabilities it has.
Currently, the Pentagon doesn't have a clear understanding of how the National Guard can contribute to cyber response, according to a Government Accountability Office report.
The National Guard has communications directorates, computer network defense teams and cyber units that could contribute to a coordinated response, GAO found. But the Pentagon doesn't have a database that lists the National Guard's capabilities, though it's required by law to do so.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The National Guard, with staff in each state, territory and the District of Columbia, is "in a unique position to recruit and retain" people with cyber expertise, and can coordinate responses with people in various regions throughout the United States, the report said.
But without a database listing its assets, "DOD may not have timely access to these capabilities when requested by civil authorities during a cyber incident."
The Pentagon should also conduct a cyber response exercise that includes various national-level groups and combat commanders, GAO recommended.
DOD partially concurred with the recommendations and said it does track capabilities across the National Guard at the unit level. It said it understood the need for including public and private entities in response exercises, though "DOD exercises are typically classified because they can reveal capabilities, readiness or plans for military forces that must be protected."
The watchdog conducted the audit between June 2015 and September 2016.