"The National Guard, through its existing relationships within every state and territory, is in a unique and important position to help solve what I call the ‘cyber response capability gap.' That gap is the space that exists between what we acknowledge as a threat and our actual capability to do something about it," explained Col. Gent Welsh, former Chief Information officer for the Washington National Guard.

Enter the Joint Forces Defense Assessment Team. Thus far, Washington has used this team to conduct cyber-emergency planning and to search for vulnerabilities within state networks under the direction of the governor. Per mission, there are typically between five and eight team members, representing the State Guard, Air National Guard and Army National Guard for Washington.

"Right now, there is no agency within the federal or state government that has the mission to protect our nation's critical cyber infrastructure and in my opinion, nowhere in our nation's history has a problem been so acknowledged (cyber threats) but yet no comprehensive effort put forth to resolve it in a meaningful and collaborative way," stated Welsh, who has been in the Washington Air National Guard for more than two decades.

"For example, national leaders have talked about a ‘cyber 9/11' but yet the nation still lacks a response force to manage the consequences of a devastating series of attacks which could target our critical infrastructure, not just military infrastructure, and the management and response processes are still in their infancy," Welsh continued.

This is part of the reason why Washington was the first state to find a role for the National Guard in its cyber-security efforts. Given that so many of the state's citizen soldiers work in a technology field in their civilian careers, it made sense to take advantage of that knowledge when they were serving in uniform.

"We want to work on proactive efforts, as well as a response to a cyber attack," explained Russ McRee, who works at Microsoft when he is not serving as a staff sergeant (who is poised to graduate from Officer Candidate School soon) with the Washington State Guard. His job at the software giant is remarkably similar to the role he plays at Camp Murray as both involve him assessing and analyzing threats.

"Where are the gaps? Where a threat meets a vulnerability and then becomes a risk? That's what we're seeking out," said Lt. Col. Thomas Muehleisen, the current Chief Information officer. "I feel fairly good about what we're doing nationally but it starts to break down somewhat at the state level and we're ready to improve that."

Recently, during one such assessment for a large state agency, McRee and his team identified approximately $800 million in identified risk. That figure is calculated by adding up what said agency would have to do in order to recover and restore any lost records, which could run upwards of $200 per lost record, per individual.

"We take on the role of the bad guy and try to compromise systems, find ways in and then take that assessment and information and advise the agency with the intent that now they have the weaknesses," McRee explained.

The cyber team has also worked with 25 other government agencies and private sector partners statewide to lead a cyber exercise that resulted in a standardized response if there was a major cyber threat or incident.

Moving forward, the cyber-security team would ideally like to have staff on duty every day to monitor and compare threat data ... but that is still a work in progress.

"Our duty is to defend the citizenry of our state and that's not just during a flood or combat situation - this is the new frontier. It's active threat and not getting better anytime soon," McRee said.