Cyberwarfare / Nation-State Attacks , Endpoint Security , Forensics
National Guard Cybersecurity Units Ready to Protect ElectionSo Far, 10 States Are Calling on the Guard for Help
National Guard units are commonly called up to help deal with the aftermath of a natural disaster. And they played a role in responding to the COVID-19 pandemic and civil unrest. But in the weeks leading up the 2020 election, some states are calling out the National Guard to help protect the election process from online attacks and interference.
See Also: LIVE Webinar | Stop, Drop (a Table) & Roll: An SQL Highlight Discussion
Ten states have already committed to using their Army or Air Force National Guard cybersecurity units to help protect the integrity of the election process, with another 30 contemplating making the move, says U.S. Air Force Col. George Haynes, chief of cyberspace operations for the National Guard Bureau. The units are not responding to any specific threats; they’re acting in their role as their state's cybersecurity support system, he says (see: US Election Hack Attacks Traced to Russia, China, Iran).
"We've got approximately 4,000 National Guardsmen that we would identify as cyber operational personnel within 59 units that are dedicated to a specific federal cyber mission," Haynes tells Information Security Media Group.
The 59 units - spread among 54 U.S. states and territories - can be called into service by the states or the federal government.
If a state decides to bring in Guard members for election security efforts, they don't have to notify the federal government, Haynes explains. That’s because the units are under state control unless the federal government activates them for national duty.
So far, Colorado, North Carolina, Washington and Ohio are among the states that have acknowledged National Guard troops will be working on election security.
"Foreign disinformation campaigns and cyber intrusion are only going to increase leading up to the election, and state and local election officials must embrace the proactive election security measures in order to stay secure," says Tom Kellermann, the head of cybersecurity strategy at VMware Carbon Black who formerly served as a cybersecurity adviser to President Barack Obama.
National Guard cybersecurity forces operate much like their colleagues who focus on more kinetic activities. They are called upon when state resources are insufficient to address an issue.
Haynes says the units called up to work on election security will offer general support, such as “looking at the infrastructure to determine if there are additional vulnerabilities or avenues that they can help to further defend or secure."
The federal government has no plans to activate any state National Guard cyber units for election-related tasks, but if the U.S. National Security Agency were to request help from the Department of Defense for a cybersecurity issue, the National Guard could be used in that capacity, Haynes says.
"We call it defense support to civil authorities. If that goes through, then we work with the DoD very closely, and we have plans in place that the National Guard can be leveraged to be put on active duty in support of those requests," Haynes says (see: National Guard Prepping for November Election Security Role).
National Guard cyber teams can help states make adequate election security preparations, Haynes says.
"If you plan properly and you execute properly, you know on the actual day of the election, there's going to be a lot less risk or a lot less stress," he says.
The Department of Homeland Security and other federal agencies share intelligence data with the states to help them prepare, he adds.
Kellermann notes: “The National Guard teams will conduct network intrusion analysis and engage in cyberthreat hunting to ensure that the electoral systems are hardened and not compromised prior to November. Areas of particular concern and focus for these teams should include preventing digital disenfranchisement of citizens as seen in attempts to hack voter rolls, as well as protecting against subsequent integrity attacks."
The primary threats the troops are defending against can be found with a simple online search, Haynes says.
"As far as specific threats, as we know, there are a plethora of actors out there - ranging from nation-state actors down to garage hackers - that could cause problems," he says.
The number of National Guard units assigned to election security can be adjusted depending on threat levels, he notes.
The National Guard and its state and federal partners conduct tabletop exercises and have regular calls with state election stakeholders as part of the planning process so everyone understands the Guard's capabilities in various situations, Haynes says.
"So we are very close with our mission partners and DoD and in the Department of Homeland Security and the state to make sure we know what our capacities are, what our capabilities are and what processes we could use to quickly leverage that capacity in support of DHS, or whether they need to support another state, or just within a state itself," Haynes says.
A nationwide training exercise for National Guard cyber units, called Cyber Shield 2020, is being conducted this month. But unlike past events, this year’s is being conducted virtually.
Always on Guard
For the midterm election in 2018, 27 states activated their National Guard cybersecurity units, Hayes notes. This year, some states may choose to activate National Guard units that do not specialize in cybersecurity to handle such tasks as handing out masks, he adds.
The National Guard cyber units also lend a hand in other circumstances. For example, they recently assisted the Haywood County school district in North Carolina by conducting a forensics investigation after the district was hit with a ransomware attack in August (see: As Classes Resume, Schools Face Ransomware Risk). And the Louisiana National Guard helped three schools hit with a cyber incident.
When not called upon to perform a specific cyber mission, these units function much like other Guard units, training one weekend per month and two weeks out of the year.
During these periods, they help backup full-time cyber forces in the military, NSA and other government agencies. And they can be called up for full service by their state or by the federal government during a time of national or regional crisis.
Many National Guard members come into the service with security and IT credentials.
"We have a wide spectrum of people that come in with skill sets,” Haynes says. “Some are Microsoft Office specialists. Some have been doing a lot of computer tinkering. Some have credentials for cybersecurity with Cisco or with an industry certification like certified information systems security professional."
Some cybersecurity professionals who join the National Guard may receive a direct commission, becoming an officer without having to undergo the usual warfighting training.