New CCC restores computer security, not trees

By JINGING NIE
Capital News Service

LANSING — Michigan’s Civilian Conservation Corps. — the CCC —  helped restore the state’s forests in the 1930s.

Now, a new CCC – the Cyber Civilian Corps – has emerged to help restore the security of local governments, companies, schools and other organizations against cyber attacks.

Launched in 2014, the Michigan Cyber Civilian Corps is the first of its kind in the United States.

The team was formed by Gov. Rick Snyder and designed to assist government and industry in the event of a  massive cyber attack.

Under the Michigan Cyber Disruption Response Plan, the volunteer corps is activated only when the governor declares a state of emergency. None has been declared since 2014, and the corps never deployed.

But now lawmakers have passed a measure allowing any Michigan organization to request a corps volunteer to help itwith a cyber security problem. Snyder is expected to sign it into law this week.

It also gives volunteers immunity from lawsuits under certain circumstances.

The bill formalizes the structure of the Michigan Cyber Civilian Corps, which will work within the Department of Technology, Management and Budget.

Right now the group has 70 cyber experts who have agreed to help.

“We’re hoping to double the size of volunteers,” said bill sponsor Rep. Brandt Ident, R-Oshtemo.

Volunteers must be information security professionals who are residents of Michigan. They must have two years experience and basic security certification.

Applicants also need to pass a series of tests  to join the team, said program leader Ray Davidson. “Exams include basic tests about networking and computer security, and two tests each in digital forensics and incident response.”

The volunteers also benefit.

“We provide ongoing training that some employers don’t provide, so it’s a win-win for employers and the employee and for us,” Davidson said. “We try and offer something they can’t get anywhere else — the training, networking and the ability to give back to the community because there are still good people in the world.”

Davidson said with the new law, the corps can be activated at a lower level of alert.

Volunteers will work with municipal, educational, nonprofit or business organizations in need of expert assistance during a “cybersecurity incident.”

“Business could request us to come in, say they get all their computers like a ransomware attack,” Davidson said.

The volunteers come from throughout the state.

The government has declared 16 industries as critical infrastructure, and the corps will try to represent them all, Davidson said.  

“We try to have people that actively work in security organizations, not just in Information Technology but computer security particularly and most of these people we get, they don’t just do security at work,. It’s their hobby also,” he said.

The bills also offers immunity for volunteers during their deployment under the Government Liability for Negligence Act. That protects volunteers from getting sued if they inadvertently cause a problem but doesn’t protect them from lawsuits if they try to do damage.

“It is a pretty standard Good Samaritan legislation,” Davidson said.

Iden said organizations can request o volunteers from the Department of Technology, Management and Budget to help them fight a cyber attack for up to 10 days.