National Guard looks to help states help with ransomware response

government security 

The National Guard is contemplating expanding its cybersecurity vulnerability assessment pilot following recent ransomware attacks in Texas and Louisiana.

Organizations in Texas and Louisiana are dealing with the aftermath of ransomware attacks on IT systems in businesses, financial institutions and school districts. The National Guard's cyber units were called in along with other first responders to mitigate the "cyber storm," Gen. Joseph Lengyel, National Guard Bureau chief, told reporters during an Aug. 23 news briefing.

"It's a bit of a cyber storm, it's not a hurricane," Lengyel said, explaining that a cyber hurricane would be a national event while a storm is more localized. It's one of the few times the National Guard's cyber capacity has been called on for state events, including election security.

Louisiana and Texas will do an after-action analysis, and the National Guard will evaluate what was found, what was learned and what mistakes were made and share those lessons with the rest of the Guard.

"We have skill sets already in place that do cyber analysis of vulnerabilities of various critical infrastructure," Lengyel said, adding that the hope is to expand those capabilities nationwide.

The National Guard is running a pilot program with three states -- Hawaii, Washington and Ohio -- with a 10-person cyber mission assurance team checking federal installations for vulnerabilities from reliance on outside utilities, such as electricity and water, Lengyel said. That pilot is expected to run another six to eight months, at which point the Guard will decide whether it should be expanded nationwide.

The National Guard has been working to increase its cyber capabilities, relying heavily on former military staff and civilians to improve its cyber capabilities as lawmakers warn of increased threats to IT infrastructure.

Cyber warrior training concerns are not new. The Government Accountability Office previously found Cyber Command's 133-team Cyber Mission Force was behind on training, particularly at the National Guard and Reserve levels.

The National Guard wants to change that and ensure the training, qualifications and capabilities of cyber warriors are comparable.

"I advocate for a standard baseline of training for all our military cyber warriors to make sure that they all have the same joint training," Lengyel said. We want to ensure "U.S. Cyber Command Gen. [Paul] Nakasone understands exactly the training and expertise that they bring."

Part of the issue, however, is on the state level, Lengyel said. The state emergency response system varies between states, he said, which in some cases may be necessary.

"Everybody's cyber response packages look a little bit different. Texas has this joint cyber response team with eight people, both Army and Air (Force). The way Louisiana does it may be a little bit different," he said. "Because the military organizations in the states are different, some of the way we actually get them trained, their training apparatus may not be standardized."

For Louisiana and Texas, the Guard is there purely to help with defense -- not offensive operations -- and stop the spread of damage. Lengyel said that while he's unsure whether responding to such attacks will become a regular practice for the National Guard, the threat will continue to evolve.

"If it's not ransomware or some [other] attack now, that threat will morph to adapt as we provide security for it," Lengyel said. "We will grow our cyber capacity as the Army and Air Force need us to grow it" and will be available for state governors to call on.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.