An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : News : Article View
NEWS | Nov. 14, 2019

Guard cyber teams key asset in cyber defense

By Sgt. 1st Class Jon Soucy National Guard Bureau

ARLINGTON, Va. – National Guard members continue to be an integral element in cyber defense, the Guard’s top general said during a recent roundtable discussion at the Pentagon on the cyber mission set.

“When I first joined the National Guard cyber was not part of our vocabulary,” said Air Force Gen. Joseph Lengyel, chief of the National Guard Bureau. “Now, it’s one of our daily battlegrounds.”

More than 3,900 troops make up the Guard’s cyber element, said Lengyel, adding that includes traditional part-time units as well as full-time units that work directly for U.S. Cyber Command.

“The Air National Guard always provides two [cyber protection teams], and on the Army side, the Army [National Guard] always provides one, that are continuously mobilized and doing duty for U.S. Cyber Command and the cyber mission force,” said Lengyel.

Guard cyber teams have also responded in support of local and state authorities, including earlier this year in Texas and Louisiana.

“In May, one county – Jackson County – got hit with ransomware,” said Army Maj. Gen. Tracy Norris, the adjutant general of the Texas National Guard. “It disrupted county services. People weren’t able to transfer property, the police doing a background check weren’t able to pull up that information.”

County officials realized that a response to the attack was beyond the scope of their information technology staff and looked to the Guard for assistance, said Norris.

“We had people out there within 12 hours to do an assessment on what had happened and to get that county back online,” said Norris. “We helped them get to a recovery point where their IT professionals could come in and get the county back to where it could deliver services.”

That, it turned out, was just a dress rehearsal. A month later 22 Texas counties were hit with ransomware attacks, and again the Texas Guard was called out.

“Immediately the [Texas] Department of Emergency Management called over to us and we got people on the phone to assess and figure out where to go to start [responding to the attack],” said Norris.

From there, a team of 50 or so Soldiers and Airmen responded to get the networks back online, said Norris, adding it took about two weeks to get everything back to normal.

Jackson County, the county hit in the May attack, was also one of the 22 counties hit in June, but the attackers were quickly stopped.

“They did not get past [the network] firewall,” said Norris, adding that was in large part because of measures Guard members had put in place after the earlier attack.

Similar attacks occurred in Louisiana in July. Those attacks affected five parishes – the Louisiana equivalent to a county – and 54 schools.

“It was two weeks prior to school [starting for the year],” said Kenneth Donnelly, executive director of the Louisiana Cyber Security Commission. “Mainly it affected the parish school board systems for [grades] K through 12.”

Louisiana National Guard cyber teams were called in.

“The governor declared a state of emergency, which allowed us to expand our [response] capability,” said Donnelly. “We were able to use those [Guard] assets and were able to build the capability and capacity in Louisiana to get on the ground quickly and recover the parishes’ school systems before school started.”

The response also mitigated attacks in other parts of Louisiana.

“We were able to prevent seven other parishes from being severely impacted by the ransomware attack,” said Donnelly.

That was, in part, because of assistance from the Louisiana Guard.

“This is the new norm,” he said. “We currently have ongoing two additional cyberattacks that took place recently and we have the same resources on the ground right now.”

Because of that “new norm,” cyberattacks are often treated no differently than a hurricane or other large-scale disaster and the Guard is brought in to assist, said Lengyel.

“When they first developed cyber, people thought there really is no domestic mission for a governor to use a cyber force in a state capacity,” he said. “Now, we’re seeing how wrong that could be.”

But unlike a natural disaster, Guard cyber teams can be brought in ahead of time to mitigate possible attacks and were key to doing just that during recent elections.

“In 2018 the Guard was on duty in 27 states either monitoring the state.gov networks or on standby in case something happened,” said Lengyel.

Plans are already underway for similar support during the 2020 elections.

As part of that, Guard teams would begin by assessing the network for any vulnerabilities, said Army Maj. Gen. Bret D. Daugherty, the adjutant general of the Washington National Guard, which has a large cyber element.

After that, said Daugherty, any vulnerabilities would be addressed.

“This is all side by side with Department of State IT people who do the keyboard entry,” he said.

Finally, if needed, a team would then monitor the network.

“We [would] have that team on hand leading up to and during the election to monitor the network for any bad actors who may be trying to hack in, doing whatever we can to keep that from happening,” said Daugherty.

If any hacking activity were to occur, it would then be turned over to law enforcement officials, said Lengyel.

“Once we find a crime scene in the cyber domain, we turn it over to law enforcement or call in the FBI,” he said.

The Guard’s ability to operate in the cyber domain is just another skill set Guard members bring to the fight, whether overseas or at home, Lengyel said.

“It’s the role of the men and women of the National Guard to be able to offer these kinds of services to our governors to respond to a domestic event,” he said. “Whether it’s a hurricane, a fire or a cyber event, it’s just another military skill set we can transfer into use.”

 

 

Related Articles
LTC Michael Antonas of the Ohio Army National Guard presented a challenge coin Feb. 26 to four Hacking for Defense students at Carnegie Mellon University in Pittsburgh for their work on a project to help recruiting efforts.
Ohio Army National Guard Hacking a Recruiting Challenge
By Chierren Denman, | May 23, 2025
PITTSBURGH – The Ohio Army National Guard Recruiting and Retention Battalion partnered with four Hacking for Defense students at Carnegie Mellon University (CMU) to increase Armed Services Vocational Aptitude Battery (ASVAB)...

U.S. Army National Guard Soldiers with the 166th Regiment - Regional Training Institute completed a Combat Lifesaver course at Fort Indiantown Gap, Pennsylvania, Dec. 16-20, 2024.
Pennsylvania Guard Medical Training Sites Consolidate, Aligning Training Efforts
By Sgt. 1st Class Shane Smith, | May 23, 2025
FORT INDIANTOWN GAP, Pa. — In a significant step toward streamlining Army medical training operations and enhancing readiness, the Medical Simulation Training Center (MSTC) here has consolidated under the 166th Regiment –...

Air Force Gen. Steve Nordhaus, chief of the National Guard Bureau, joins reserve component senior leaders to appear before the Senate Appropriations Committee Subcommittee on Defense during a presidential review of the National Guard and reserve forces fiscal year 2026 budget in Washington, May 22, 2025.
Nordhaus to Senate: ‘National Guard Delivers Incredible Value to America’
By Master Sgt. Zach Sheely, | May 23, 2025
WASHINGTON —Appearing before the Senate Appropriations Committee Subcommittee on Defense Thursday, the National Guard Bureau’s senior leader emphasized the Guard’s value to America.Air Force Gen. Steven Nordhaus, the 30th...