N.D. National Guard prepares to defend cyberspace
BISMARCK -- The North Dakota Information Technology Department in May noticed unusual activity on a server. Forensic work revealed cyber attackers had compromised the server, which contained the personal information of workers and employers who f...
BISMARCK -- The North Dakota Information Technology Department in May noticed unusual activity on a server. Forensic work revealed cyber attackers had compromised the server, which contained the personal information of workers and employers who filed incident reports or payroll reports online with North Dakota Workforce Safety and Insurance from 2006 to 2013.
Prior to that, the North Dakota University System in February of 2014 learned someone had gained unauthorized access to a server containing the private information of 291,465 current and former students and 784 faculty and staff members.
The breaches cost the Information Technology Department in man hours, and they have the potential to affect citizen stakeholders, said Dan Sipes, deputy chief information officer for the department. Though those are the only two breaches that have hit the state in recent years, Sipes said the potential exists for more problems.
“Obviously, we’re under attack on a daily basis,” Sipes said.
Cybersecurity breaches don’t impact just hacked organizations. Individuals can become victims of identity theft. Businesses and government agencies can lose money, reputation and control of important computer systems. Cybersecurity also has been identified by President Barack Obama as one of the most important national security challenges faced by the United States.
North Dakota Army National Guard Lt. Col. Ray Knutson said cybersecurity is at the “forefront of everybody’s mind.”
“Cybersecurity is a topic of concern for everyone, whether civilian or military,” he said. “Lots of people have gotten those messages from different agencies or companies that their data has been stolen.”
Beginning in 2018, North Dakota will have a new ally in protecting military and civilian government computer network infrastructure. The National Guard Bureau last week announced North Dakota will be one of several states to complement a regional Army National Guard Cyber Protection Team.
The cybersecurity forces are relatively new additions to the National Guard. The first full-time CPT unit, the 1636th Cyber Protection Team, was established in 2014 in Maryland. Additional units later were announced in California, Georgia, Indiana, Michigan and Ohio.
The North Dakota unit was announced along with other planned CPTs in Alabama, Arkansas, Colorado, Illinois, Kentucky, Louisiana, Minnesota, Mississippi, Missouri, Nebraska, New Jersey, New York, South Dakota, Tennessee, Texas, Utah and Wisconsin.
Each CPT includes 39 Guard soldiers. North Dakota will provide seven soldiers to a shared CPT that also will include Colorado, South Dakota and Utah. Each CPT unit is aligned with FEMA regions, and North Dakota is part of Region VIII.
Knutson said the North Dakota unit will include a commissioned officer at its head, three warrant officers and three non-commissioned officers. Who will serve on the unit remains to be seen, but Knutson said the soldiers will be among the “best and brightest,” with extensive training and certifications. Recruiting may begin as soon as late 2016.
“Our expectation is that we’ll draw people from across the state,” he said.
Knutson said the mission is so new that many details about the CPT - including what it will be doing and where it will be based - are not yet clear. However, he said it will have a defensive - rather than offensive - mission, meaning it will be involved in protecting systems rather than attacks.
The Air National Guard also will have 12 Cyberspace Operations Squadrons that will participate nationally in cyber protection, but North Dakota will not have a squadron. The National Guard Bureau has said 23 states will have Air or Army National Guard cyber units by 2019.
If needed, state governors will be able to call upon CPTs or cyber squadrons to provide cyber protection on government networks. States without their own units will have access to such resources through Emergency Management Assistance Compacts with other states.
The National Guard’s announcement comes only months after Gov. Jack Dalrymple moved forward on a plan to enhance cybersecurity in North Dakota. The governor in September formed a state Cybersecurity Task Force to help address cyber threats facing the nation and potential impact on state government. The task force is charged with reviewing the state’s cybersecurity policies and practices and making policy and resource recommendations to ensure the security of the state’s networks and systems.
Dalrymple, in a statement, expressed appreciation for the announcement of the formation of a cyber protection team in North Dakota.
“The North Dakota National Guard has an outstanding service record, both home and abroad, and it’s not at all surprising that they have been selected to play a critical role in this important work,” he said. “Cybersecurity is a growing challenge facing our country today, and I’m pleased to see that the Department of Defense is taking measures to better safeguard cyberspace infrastructure.”
Sipes said he hasn’t talked to anyone at the National Guard yet about what the cyber unit will be doing. The Information Technology Department already partners with other federal agencies, and Sipes always is interested in new ways to help protect state data and systems.
“It’s definitely a good direction for the state, and I think we’ll benefit from it,” he said.
Knutson said the National Guard is known for assisting in floods, fires, tornadoes and other emergency situations. Getting involved in cyber protection is just part of the evolution of the Guard.
“This is just another one of those situations where we can provide assistance,” he said.