Twenty-seven states got their feet wet during the 2018 mid-terms, the bureau’s chief told reporters at the Pentagon on Tuesday, and he expects more will be engaged next year.
“The election network security is a very state-centric thing,” said Air Force Gen. Joseph Lengyel. “It’s not military responsibility, or National Guard responsibility, to secure it. We’re an additive measure.”
The Illinois guard played a key role in 2018, teaming with their state board of elections, Illinois’s adjutant general said.
“We also had the command-and-control cell at our state intelligence center, with our state police,” Air Force Brig. Gen. Richard Neely said. “That way, when we saw an incident come in, we identified it there and we triaged it.”
Guard members can scan networks for suspicious activity, then determine whether something is a glitch or an attack. From there, they can try some preliminary fixes to get things back online, or send more serious hacks to the state’s IT experts ― and get state or federal law enforcement involved, where necessary.
They didn’t see any true attacks during that election, he said.
“If we’re doing our business correctly, we’re hopefully seeing that beforehand, before an attack actually occurs,” he added.
Washington state is doing some homework heading in the election, its adjutant general said, putting together a 10-person team to develop a plan, look for vulnerabilities in their network and then monitor for anything strange.
Then, come election night, Army Maj. Gen. Bret Daugherty said, troops will be “on hand to respond if all of our efforts have failed and the bad guys find their way in.”
Whether each state and territory’s guard personnel are activated for the election is up to their governors, but in the mean time, units are getting prepared for bigger things.
Currently, the guard is piloting a Cyber Mission Assurance Team concept, 10-person groups of soldiers and airmen. They will focus on Defense Department and other federal installations, to assess their vulnerabilities and come up contingencies to get everything back online after a breach.
It’s expected to run in Ohio, Washington and Hawaii through next year, Lengyel said.
Multiple state guard bureaus have been on the front lines of other attacks in the past year, according to Lengyel.
Responding to ransomware across states is a new mission for the National Guard and it doesn’t show signs of going away anytime soon.
Earlier this year, 54 Louisiana public schools experienced a ransomware attack, where hackers ― often through a link in an email ― take online systems hostage and demand payment to return them.
It happened twice in Texas, as well, to 23 county government systems.
“Now, it’s turned into what we would call a battle drill,” Air Force Mag. Gen. Tracy Norris, Texas’s adjutant general said, part of their standard training.
And in Colorado, according to U.S. Cyber Command’s National Guard adviser, the state had to respond to an attack on its department of transportation network.
“States are going to experience a number of attacks and they might increase, they might not,” Col. Sam Kinch said. “What we have seen is a greater effort from Cyber Command to do a higher number of persistent engagement activities, So when we have information that leads us to going after a threat, we have seen our operational tempo increase significantly over the past year."
In any case, Lengyel said, there are agreements in place to make sure every state can call on cyber troops to help with an attack, including memoranda of understanding with neighboring states.
“I would tell you that every state has some cyber capability,” he said. “If they don’t, then they have an agreement with somewhere else to borrow it.”