Close-up of boots at parade showing the U.S. National Guard defending against cyber attacks
U.S. National Guard's Evolving Mission Includes Assisting Local Governments Experiencing Cyber Attacks

U.S. National Guard’s Evolving Mission Includes Assisting Local Governments Experiencing Cyber Attacks

Cyber attacks on municipalities have been on the rise in the past year, particularly in smaller cities that have inadequate resources to deal with them. In the smallest of towns and cities, local government relies on state and federal resources to deal with remediation in the wake of a breach. For some, those resources now include the National Guard.

Established at the national level in 1903, the National Guard is a reserve military force called upon for certain domestic emergencies; primarily, recovery efforts when natural disasters and major terrorist attacks occur. With cyber attacks evolving to target both the digital and physical infrastructure of towns and cities, states are now able to justify deploying the Guard to assist in supporting and protecting these vital services.

The National Guard’s evolving mission

As little as a few years ago, cyber defense was not even on the radar of most National Guard agencies. In the past two years, cyber brigades have begun to spring up around the country as the need for proactive defense and response to nation-state cyber attacks has become clear.

Though each state has its own National Guard agency, many of these cyber brigades are responsible for covering multiple states. For example, the Army Nation Guard’s 91st Cyber Brigade is based in Virginia but is tasked with overseeing cyber response units in 30 states.

These brigades are also often consolidated efforts, bringing together personnel and resources from multiple National Guard branches (such as the Army and Air Force). In total the National Guard has nearly 4,000 service members dedicated to cyber security spread across 59 units in 38 states, and anticipates adding more through 2022.

An example of the sort of incident that these cyber units respond to is the coordinated ransomware attacks that hit 22 small towns and cities in Texas in August. These localities were relying on a combination of state and federal resources and outside contractors to support local IT departments with very thin resources. Texas National Guard personnel and resources were put to use to help get vital services back online.

Not all states are currently covered by cyber battalions, but many of these have plans in place to establish them in the near future. National Guard leaders are also seeking to align and standardize state procedures given that attackers are capable of crossing state borders in the course of a campaign.

Additionally, the National Guard has already begun a three-state pilot program that conducts checks of federal facilities that rely on state utilities. The Cyber Mission Assurance team inspects facilities in Hawaii, Ohio and the state of Washington to verify that they will not be unable to fulfill their mission should a state or locality’s networks and utilities be compromised.

The National Guard Bureau held a media roundtable at the Pentagon on Nov. 5 to discuss mission alignment, with commanders and advisers from various states in attendance. Ideas that were proposed included standardizing training of personnel and mandatory qualifications, as well as requiring that states file mandatory reports detailing their response procedures whenever cyber attacks on government infrastructure occur.

Another idea that was previously proposed is the formation of a National Guard Cyber Protection Team that would have a branch in each of the 10 Federal Emergency Management Agency (FEMA) territories. Army General Frank J. Grass, the National Guard’s senior officer, has suggested that each state will have its own individual cyber response unit at some point.

Training for cyber attacks

Though the formation of specialized cyber battalions is relatively new, the National Guard has been actively training for cyber attacks on national resources since 2012. The annual Cyber Guard event is a multi-state joint training exercise that simulates a major earthquake in southern California followed by a coordinated nation-state cyber attack that shuts off electrical power to multiple states along the coasts.

National Guard members only serve for one weekend per month and two weeks each summer, unless they are called to active duty. Many Guard members involved in cyber response have “day jobs” in related IT fields and supplement the force with a variety of cybersecurity skill sets acquired in their civilian training. Naturally, tech centers such as California are richer in these civilian resources than states that are dominated by more rural populations, which makes standardized training important.

In addition to incident response at the state and local level, National Guard members are expected to be playing an active role in deterring election interference in 2020. Though election security is not part of the agency’s regular mission, the extraordinary circumstances created by the 2016 election interference campaign have prompted the Guard to step into a supporting role. The agency will assist with network analysis and active monitoring for cyber attacks during the day of the election in some states, and was deployed in a similar capacity for the elections in 2018.

Necessary preparations

The National Guard joins agencies throughout the American government in being forced to rapidly modernize and train up cyber warriors. Threat actors backed by nation-states have made great strides in recent years and are now able to cause physical manifestations of damage by way of digital cyber attacks – cutting off power, manipulating traffic signs, and even potentially taking control of a nuclear power plant’s reactor among other possibilities that can cripple critical infrastructure.

The US government does not presently have a central cyber security agency, which has forced each department and branch of the military to cope with cyber attacks individually for the most part. As of 2014, the Department of Homeland Security (DHS) has some level of blanket responsibility under the Federal Information Security Modernization Act, but only governs the information security policies of federal systems that are not considered a national security risk.

A task force called the Cyberspace Solarium Commission was formed in early 2019 to develop a national unified cyber security strategy and possibly a cyber command agency, but so far nothing concrete has been proposed.

In the interim, the National Guard is serving as something of a stopgap to get effective federal cyber security support to state and local governments that are running behind the curve in terms of cyber capabilities.