Posts in Category: Cybersecurity

Guard cyber teams key asset in cyber defense

Story by Sgt. 1st Class Jon Soucy, National Guard Bureau

ARLINGTON, Va. - National Guard members continue to be an integral element in cyber defense, the Guard's top general said during a recent roundtable discussion at the Pentagon on the cyber mission set.

"When I first joined the National Guard cyber was not part of our vocabulary," said Air Force Gen. Joseph Lengyel, chief of the National Guard Bureau. "Now, it's one of our daily battlegrounds."

Pennsylvania Army National Guard cyber team members monitor computer networks during elections in the state Nov. 5, 2019. Cyber teams from throughout the National Guard have remained a key part of cyber defense, said Guard officials, and have responded to ransomware attacks in Texas and Louisiana and worked in direct support of U.S. Cyber Command. (Photo Credit: Staff Sgt. Zane Craig)
Pennsylvania Army National Guard cyber team members monitor computer networks during elections in the state Nov. 5, 2019. Cyber teams from throughout the National Guard have remained a key part of cyber defense, said Guard officials, and have responded to ransomware attacks in Texas and Louisiana and worked in direct support of U.S. Cyber Command. (Photo Credit: Staff Sgt. Zane Craig)

More than 3,900 troops make up the Guard's cyber element, said Lengyel, adding that includes traditional part-time units as well as full-time units that work directly for U.S. Cyber Command.

"The Air National Guard always provides two [cyber protection teams], and on the Army side, the Army [National Guard] always provides one, that are continuously mobilized and doing duty for U.S. Cyber Command and the cyber mission force," said Lengyel.

Guard cyber teams have also responded in support of local and state authorities, including earlier this year in Texas and Louisiana.

"In May, one county -- Jackson County -- got hit with ransomware," said Army Maj. Gen. Tracy Norris, the adjutant general of the Texas National Guard. "It disrupted county services. People weren't able to transfer property, the police doing a background check weren't able to pull up that information."

County officials realized that a response to the attack was beyond the scope of their information technology staff and looked to the Guard for assistance, said Norris.

"We had people out there within 12 hours to do an assessment on what had happened and to get that county back online," said Norris. "We helped them get to a recovery point where their IT professionals could come in and get the county back to where it could deliver services."

That, it turned out, was just a dress rehearsal. A month later 22 Texas counties were hit with ransomware attacks, and again the Texas Guard was called out.

"Immediately the [Texas] Department of Emergency Management called over to us and we got people on the phone to assess and figure out where to go to start [responding to the attack]," said Norris.

From there, a team of 50 or so Soldiers and Airmen responded to get the networks back online, said Norris, adding it took about two weeks to get everything back to normal.

Jackson County, the county hit in the May attack, was also one of the 22 counties hit in June, but the attackers were quickly stopped.

"They did not get past [the network] firewall," said Norris, adding that was in large part because of measures Guard members had put in place after the earlier attack.

Similar attacks occurred in Louisiana in July. Those attacks affected five parishes -- the Louisiana equivalent to a county -- and 54 schools.

"It was two weeks prior to school [starting for the year]," said Kenneth Donnelly, executive director of the Louisiana Cyber Security Commission. "Mainly it affected the parish school board systems for [grades] K through 12."

Louisiana National Guard cyber teams were called in.

"The governor declared a state of emergency, which allowed us to expand our [response] capability," said Donnelly. "We were able to use those [Guard] assets and were able to build the capability and capacity in Louisiana to get on the ground quickly and recover the parishes' school systems before school started."

The response also mitigated attacks in other parts of Louisiana.

"We were able to prevent seven other parishes from being severely impacted by the ransomware attack," said Donnelly.

That was, in part, because of assistance from the Louisiana Guard.

"This is the new norm," he said. "We currently have ongoing two additional cyberattacks that took place recently and we have the same resources on the ground right now."

Because of that "new norm," cyberattacks are often treated no differently than a hurricane or other large-scale disaster and the Guard is brought in to assist, said Lengyel.

"When they first developed cyber, people thought there really is no domestic mission for a governor to use a cyber force in state capacity," he said. "Now, we're seeing how wrong that could be."

But unlike a natural disaster, Guard cyber teams can be brought in ahead of time to mitigate possible attacks and were key to doing just that during recent elections.

"In 2018 the Guard was on duty in 27 states either monitoring the networks or on standby in case something happened," said Lengyel.

Plans are already underway for similar support during the 2020 elections.

As part of that, Guard teams would begin by assessing the network for any vulnerabilities, said Army Maj. Gen. Bret D. Daugherty, the adjutant general of the Washington National Guard, which has a large cyber element.

After that, said Daugherty, any vulnerabilities would be addressed.

"This is all side by side with Department of State IT people who do the keyboard entry," he said.

Finally, if needed, a team would then monitor the network.

"We [would] have that team on hand leading up to and during the election to monitor the network for any bad actors who may be trying to hack in, doing whatever we can to keep that from happening," said Daugherty.

If any hacking activity were to occur, it would then be turned over to law enforcement officials, said Lengyel.

"Once we find a crime scene in the cyber domain, we turn it over to law enforcement or call in the FBI," he said.

The Guard's ability to operate in the cyber domain is just another skill set Guard members bring to the fight, whether overseas or at home, Lengyel said.
"It's the role of the men and women of the National Guard to be able to offer these kinds of services to our governors to respond to a domestic event," he said. "Whether it's a hurricane, a fire or a cyber event, it's just another military skill set we can transfer into use."

10 Tips to Avoid Cyberthreats

Realize that you are an attractive target to hackers. Don’t ever say “It won’t happen to me.”

Practice good password management. Use a strong mix of characters, and don’t use the same password for multiple sites. Don’t share your password with others, don’t write it down and definitely don’t write it on a post-it note attached to your monitor.

Never leave your devices unattended. If you need to leave your computer, phone or tablet for any length of time—no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well.

Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Double check the URL of the website the link takes you to: bad actors will often take advantage of spelling mistakes to direct you to a harmful domain.

Sensitive browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer or a cafe’s free WiFi—your data could be copied or stolen.

Back up your data regularly, and make sure your anti-virus software is always up to date.

Be conscientious of what you plug in to your computer. Malware can be spread through infected flash drives, external hard drives and even smartphones.

Watch what you’re sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you’re on vacation—that could help them gain access to more valuable data.

Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised.

Two-factor or multi-factor authentication is a service that adds additional layers of security to the standard password method of online identification. Without two-factor authentication, you would normally enter a username and password. But, with two-factor, you would be prompted to enter one additional authentication method such as a Personal Identification Code, another password or even fingerprint. With multi-factor authentication, you would be prompted to enter more than two additional authentication methods;after entering your username and password.

This article first appeared in the October 2019 edition of The Dispatch on page 19.