Historically called in following natural disasters and during emergencies, National Guard cybersecurity units can help municipalities in the digital realm

Amid the busyness of news events this week, it might have been easy to miss that yet another massive cyberattack exposed the data of tens of millions of people. On Tuesday, T-Mobile announced that the information of nearly 48 million prospective, current and former customers was stolen. 

“Some of the data accessed did include customers’ first and last names, date of birth, SSN and driver’s license/ID information for a subset of current and former post-pay customers and prospective T-Mobile customers,” reads a statement issued by T-Mobile earlier this week.

Specifically, the records of approximately 7.8 million current post-paid customers and a little more than 40 million former or prospective customers were involved in the cyberattack, according to the company. 

It’s the latest in a series of notable recent data breaches. 

In the last few years, the rate of cyberattacks has increased dramatically—in July 2020, for example, research from RiskBased Security found a more than 650 percent increase in malicious activity compared to the same month in 2019. A study by the cybersecurity company Deep Instinct noted that malware attacks increased in 2020 by nearly 360 percent and ransomware was up 435 percent over 2019. 

Cybercrimes have become so commonplace in modern society that news of a serious data breach might not even reach the frontpage. And while the latest target might have been a cellular carrier, cities and counties are often in the crosshairs. Research from Barracuda Network shows that municipalities were targeted by 44 percent of ransomware attacks last year. 

With cyberattacks increasing, many municipalities lagging in digital defense spending—of more than 500 government leaders polled in the study, Government Index for IT Modernization, a quarter said their agency was not prepared for threats. 

Filling this void, states are increasingly turning to the National Guard. 

“Governors have the authority to activate and pay the National Guard to provide response and remediation of cyber incidents; cyber defense analysis; cyber incident response planning; and security planning, threat assessment and interagency planning,” according to a brief by Aaron Clarke, executive coordinator of the national think tank Third Way. 

“Based on publicly available information, governors activated the National Guard at least 41 times since 2018 to provide cybersecurity-related support to state and local governments,” Clark wrote. 

Traditionally, guard units are called to respond to emergencies like physical threats or in the aftermath of natural disasters. Their deployment into the digital realm was initialized about five years ago through the establishment of a National Guard Cyber Protection Team, according to a news brief issued in 2015 by the Department of Defense. The teams provide cyber capability in each of the 10 multistate Federal Emergency Management Agency (FEMA) regions. 

An example of this capability can be seen through the Connecticut National Guard’s response last school year to a cyberattack on the Hartford school district that delayed the city’s opening day.  

“This was a severe attack that affected approximately 300 servers, 3,500 computers and 40 schools, but thankfully, the team’s rapid response and assessment in cooperation with the city ensured a swift restoration of services,” said Air Force Brig. Gen. Gerald McDonald, deputy commissioner of the Connecticut Military Department, in a statement issued soon after servers were restored by service members the following day. “Our Joint Cyber Response Team is comprised of soldiers and airmen with military and corporate experience in several cybersecurity and information technology domains.” 

The day after the attack, “the team restored services to the fire and police departments along with schools and their transportation services while also assisting the city’s IT department with immediate triage, incident response, crisis management and mission command,” the statement says. After, Guard members reviewed logs to try to figure out where the attack originated and looked for vulnerabilities in the city’s infrastructure to prevent future attacks. 

Notably, the SamSam ransomware attack on Colorado’s Department of Transportation in February of 2018 marked the first time the National Guard was called to respond to a cyberattack, according to Clark’s report.  

While there have only been two reported times when the Guard was activated this year, “27 states activated (24 states were accounted for in this study) the National Guard at least once to either provide cybersecurity support to the state’s election efforts or to respond to a cyber-attack. North Carolina had the highest number of activations with eight, followed by Louisiana with four,” Clark noted.