National Guard units already play a large role in state governments’ cybersecurity activities, such as protecting election systems, but the threat of ransomware to cripple a state or city organization is a growing concern for uniformed personnel, the top military official overseeing the National Guard across the United States said.
While Americans are long used to seeing guardsmen and women roll into to disaster-stricken areas after a hurricane or wildfire, deployments following cyberattacks are increasingly common, Air Force Gen. Joseph Lengyel said Friday on a conference call with reporters, likening the recent ransomware incidents in Texas and Louisiana to a “cyber storm,” though not quite a “cyber hurricane.”
“We’re seeing the whole of the first responder networks come to assist and mitigate the damage and get everything back up and running, and the National Guard is part of that response,” he said.
Lengyel said he could not provide any updates on either the Texas or Louisiana attacks, but noted both states’ governors called their National Guards “almost immediately” after the first ransomware infections were detected. In Louisiana, where Gov. John Bel Edwards declared a statewide emergency after several school districts were hit just weeks before the start of the new academic year, Lengyel credited Guard members with mitigating the damage quickly enough to ensure schools could open on time.
“What we bring in is generally expertise and knowledge and cyber skills,” the general said, noting that many members of National Guard cyber units have day jobs in IT or software development.
He said that trend is seen more often in regions with a strong tech sector, though the National Guards in Texas and Louisiana, where Edwards has aggressively recruited the IT industry, have two of the more robust cybersecurity teams. There are about 70 Guard members responding to the attacks against the Louisiana schools, and about 50 responding to the Texas incident, Lengyel said.
“National Guard members can go on-site,” he said. “They have several goals. One is to try to find out where [the attack is] coming from, help salvage the IT systems that were impacted, and get things back up and running.”
But building out the cybersecurity abilities of Guards in every state remains a national concern. While the states with large populations and vibrant tech industries have larger pools of personnel to draw on, Lengyel said those capacities are less developed. Yet the general echoed other officials’ concerns that ransomware is a growing threat to state and local governments, especially small ones that are ill-equipped to repel aggressive cyberattacks on their own.
“It’s an expanding problem set we have to deal with,” he said. “[Hackers have] targeted things that don’t have a lot of security, don’t have a lot of people. Their targets are maybe more likely to pay a ransom because they don’t have other options.”
None of the Louisiana school districts or Texas communities affected in the recent attacks are reported to have paid their hackers’ demands, though several local governments across the United States have paid steep ransoms this year. Between April and June, the average ransomware payment from a government victim was $338,700.
The near-certainty that governors will call on their National Guards to assist in response to future cyberattacks also poses a recruiting challenge, Lengyel said.
“We will grow our cyber capacity as the Army and the Air Force need us to,” he said. “In the National Guard, we’ll use it when not mobilized [federally] to be used by the governors. Frankly that’s one of the things that makes us good to do this. We can attract people who are working in a civilian sector and bring them into the military cyber domain.”