Governors across the country have called up their states’ National Guard units to provide cybersecurity support in response ransomware attacks, elections and other events at least 41 times since 2018, according to research this week from the think tank Third Way.
A map created by the centrist policy outfit shows that since February 2018 — when the Colorado National Guard was deployed to aid the response to a ransomware incident affecting the state’s transportation agency — units in 26 other states have been activated dozens of times.
The Colorado National Guard joined the state’s ransomware recovery after then-Gov. John Hickenlooper became the first governor to sign an emergency declaration because of a cyberattack. Since then, Hickenlooper’s model has been followed several more times by Lousiana’s John Bel Edwards, who signed emergency orders after attacks in July and November of 2019, and Texas Gov. Greg Abbott, who declared an emergency after an August 2019 incident that crippled nearly two dozen local governments.
Cybersecurity has become an increasingly large component of the National Guard’s duties. According to the Defense Department, there are 59 dedicated cyber units spread across 40 states’ Army and Air National Guard organizations.
North Carolina has seen the most activations, with eight, seven of which were ransomware responses. During a virtual conference last December, Maria Thompson, then the state’s top cybersecurity official, said her office had been making increased use of military cyber units to work alongside civilians.
In total, Third Way counted 23 ransomware-related deployments, and 17 that provided election-security assistance during the 2020 cycle, though some states, notably Washington, had been bringing in National Guard units to help defend elections since at least 2016. (One additional deployment was categorized as “other.”)
The National Guard’s cybersecurity duties are likely to expand further in the coming years. The defense spending package Congress passed included measures that ordered the Defense and Homeland Security departments to update the National Cyber Incident Response Plan to incorporate the National Guard’s roles. It also authorized a pilot program that would allow a guard unit from one state to assist across state lines.