National Guard looks to help states help with ransomware response

The National Guard is contemplating expanding its cybersecurity vulnerability assessment pilot following recent ransomware attacks in Texas and Louisiana.

Organizations in Texas and Louisiana are dealing with the aftermath of ransomware attacks on IT systems in businesses, financial institutions and school districts. The National Guard's cyber units were called in along with other first responders to mitigate the "cyber storm," Gen. Joseph Lengyel, National Guard Bureau chief, told reporters during an Aug. 23 news briefing.

"It's a bit of a cyber storm, it's not a hurricane," Lengyel said, explaining that a cyber hurricane would be a national event while a storm is more localized. It's one of the few times the National Guard's cyber capacity has been called on for state events, including election security.

Louisiana and Texas will do an after-action analysis, and the National Guard will evaluate what was found, what was learned and what mistakes were made and share those lessons with the rest of the Guard.

"We have skill sets already in place that do cyber analysis of vulnerabilities of various critical infrastructure," Lengyel said, adding that the hope is to expand those capabilities nationwide.

The National Guard is running a pilot program with three states -- Hawaii, Washington and Ohio -- with a 10-person cyber mission assurance team checking federal installations for vulnerabilities from reliance on outside utilities, such as electricity and water, Lengyel said. That pilot is expected to run another six to eight months, at which point the Guard will decide whether it should be expanded nationwide.

The National Guard has been working to increase its cyber capabilities, relying heavily on former military staff and civilians to improve its cyber capabilities as lawmakers warn of increased threats to IT infrastructure.

Cyber warrior training concerns are not new. The Government Accountability Office previously found Cyber Command's 133-team Cyber Mission Force was behind on training, particularly at the National Guard and Reserve levels.

The National Guard wants to change that and ensure the training, qualifications and capabilities of cyber warriors are comparable.

"I advocate for a standard baseline of training for all our military cyber warriors to make sure that they all have the same joint training," Lengyel said. We want to ensure "U.S. Cyber Command Gen. [Paul] Nakasone understands exactly the training and expertise that they bring."

Part of the issue, however, is on the state level, Lengyel said. The state emergency response system varies between states, he said, which in some cases may be necessary.

"Everybody's cyber response packages look a little bit different. Texas has this joint cyber response team with eight people, both Army and Air (Force). The way Louisiana does it may be a little bit different," he said. "Because the military organizations in the states are different, some of the way we actually get them trained, their training apparatus may not be standardized."

For Louisiana and Texas, the Guard is there purely to help with defense -- not offensive operations -- and stop the spread of damage. Lengyel said that while he's unsure whether responding to such attacks will become a regular practice for the National Guard, the threat will continue to evolve.

"If it's not ransomware or some [other] attack now, that threat will morph to adapt as we provide security for it," Lengyel said. "We will grow our cyber capacity as the Army and Air Force need us to grow it" and will be available for state governors to call on.