Recent ransomware attacks in Texas and Louisiana are causing the National Guard to rethink some of its training policies for its cyber units.
Last month, Louisiana was forced to declare a state of emergency after a handful of its school districts’ networks were hacked. Similarly, a few days ago hackers held more than 20 Texas local governments’ networks hostage.
National Guard Chief Gen. Joseph Lengyel called the events a “cyber storm” and the multi-state attack is highlighting the need for more standardized policies and training for cyber units across the force.
“I have questions about us in terms of making sure we are able to provide the best capacity to not only the military sector, but also the domestic sector,” Lengyel said in a Friday phone call with reporters. “Everybody’s cyber response packages look a little bit different. Texas has this joint cyber response team and it has eight people both Army and Air. The way Louisiana does it is a little different in the way we train them and the way they plug into the civilian networks are all a little different.”
While the structures themselves are different and may need retooling, Lengyel said the way members of the Guard are trained and the apparatuses they use may not be standardized.
“That’s a goal of mine,” Lengyel said. “As we look across the enterprise we need to make sure that we can articulate the training and the qualifications and the capabilities of our cyber warriors.
He added that sometimes cyber units have special training from civilian skill sets that the Guard needs to share with units across the nation.
One way the Guard will start to standardize training and capabilities across states is to require Texas and Louisiana to conduct reports on their cyber responses to the attacks.
“It will be an evaluation of what happened, why we think it happened,” Lengyel said. “We’ll also look at what we learned, what mistakes did we make, if any. They will write it up and we’ll share it with the other 54 states and territories, plus the District of Columbia. We have skillsets already in place that do cyber analysis. We have units that do analysis of various critical infrastructure.”
The Guard is also running a three-state pilot program called the Cyber Mission Assurance team, which checks on federal installations that rely on utilities provided by the states. The team ensures the agencies’ missions are not compromised if something goes wrong because of cyber vulnerabilities.
That team is supposed to help the interlinking between state and federal responses.
Outside of the criticisms, Lengyel said he thought the response in Louisiana and Texas was a success.
“In these particular cases it’s reported that the cities and districts have not paid ransoms and they’ve used their ability to mitigate the attack and rebuild,” Lengyel said. “Once you identify a threat people are more likely to build security, and security for software and tech networks will probably propagate more and there’s a market for that.”
Lengyel added that there are many areas in the nation that are still vulnerable to cyber attacks. He said the hackers looked for weak systems and that governments need to be on their toes as the threats evolve.
“That attack will morph,” Lengyel said. “Things that are well protected tend not to be attacked as much. The big worries are around if we are building utilities that are protected, like water systems and electrical grids. People are spending a lot of time thinking about how to protect those systems and keep them from cyber attack and vulnerabilities that could be devastating to society. Having cyber capabilities all across the nation is needed. We will grow our cyber capabilities as the Army and Air Force need us to grow it. We will use it, when not mobilized, for the governors in the domestic sense.”
As of the beginning of 2019 The National Guard had 3,880 cyber service members in 59 cyber units in 38 states, but that number is scheduled to grow.