The Civilian Cyber Corps would be modeled on the Civil Air Patrol and volunteer firefighters.
The government should supplement its cadre of cyber professionals with a nationwide network of civilian volunteers who could help respond during digital attacks, according to a proposal released Wednesday.
During the massive ransomware attack that hit Atlanta earlier this year, for example, a pre-vetted group of civilian cyber volunteers could have taken care of the many low-sensitivity tasks necessary to get city services up and running again, freeing up city IT staff for higher value work, according to the proposal from Natasha Cohen and Peter Singer with the New America think tank.
The Civilian Cyber Corps could also help with education, training and penetration testing at rural school districts and hospitals and other places that might otherwise not receive those services, the proposal states.
The program that Cohen and Singer suggest would be modeled on the Civil Air Patrol, which patrolled for German submarines during World War II and now assists with search and rescue missions. Other models are volunteer firefighter organizations and the Michigan Cyber Civilian Corps, which has about 100 members but has not been fully activated.
Because the corps would be comprised of unpaid volunteers, Singer and Cohen estimate a congressional appropriation of just $50 million would be sufficient to build a 25,000-member corps spread across all 50 states. The Civil Air Patrol, the writers note, received just $43 million in federal funding during the most recent fiscal year.
The program would be managed by the Homeland Security Department, which is the lead agency for civilian government cybersecurity, but local divisions would also have relationships and written agreements with state governments.
That national system will make it easier to tackle some administrative issues, such as ensuring volunteers are legally protected during emergency response operations, as opposed to expecting each state to stand up its own civilian cyber corps, the authors write.
A national system would also make it easier to deliver federal funds to the program and save costs through economies of scale, the report states.
Local offices, however, would have to be designed around the unique needs of states and localities, the report states.
The authors also oppose models that place volunteer cyber teams under state defense organizations or National Guard units because that would give a military cast to cyber operations that are generally wholly civilian and might limit the applicant pool.