Cyber-soldiers and -airmen of the Arizona National Guard can now help protect school districts against data-loss, ransomware, and other vulnerabilities, thanks to a recent blanket agreement between the state emergency management agency’s Cyber Joint Task Force and the Arizona Department of Education.
Under the agreement, any of the state’s more than 670 public and charter districts can request assistance at no cost from the Arizona National Guard to proof their computer networks against hackers.
“Working with larger schools, [they] often have a pretty robust [Information Technology] staffs, but smaller schools may not,” said Army Lt. Col. Leslie King, a Signal Corps soldier and officer-in-charge of the CJTF’s four-person vulnerability assessment team. “Regardless of district size, IT staffs usually do a great job making the ‘ones-and-zeroes’ flow smoothly around a network. We advise an IT staff how to put virtual barbed wire around that data — to protect employees, students, and more.”
In April, officials at the 89-school Tucson Unified School District in Arizona announced that ransomware hackers had in January threatened the district with the release of confidential data regarding 150 student and employees. Data was later discovered uploaded to the “dark web” —an anonymous portion of the internet. The breach included Social Security numbers, medical records and other private information that hackers can use for theft and fraud. The district serves approximately 47,000 students.
In June, officials of the New York City Schools reported a data breach that compromised the personal information of approximately 45,000 students, employees and vendors. The district serves approximately 1 million students, across 1,851 schools and programs.
The blanket agreement in Arizona cuts the administrative red-tape that would otherwise be required, were the state adjutant general to review and approve each individual school’s request. It is similar to other such agreements already established by the Arizona Department of Emergency and Military Affairs — the state agency that oversees the Arizona National Guard — with non-school state, county, and municipal entities.
“Call it a ‘whole-of-state cyber-security program,’” King said.
Commercial entities are not eligible for CJTF assistance, King said, because they have other options to hire security consultants, services, or staff.
In terms of military support to civilian agencies, King said, the Guard’s role in responding to cyber-threats isn’t much different than responding to wildfires and earthquakes.
“The threat of cyber-attack can become an emotional event for some civilian organizations,” King said, “and it can be comforting to see a friendly face in uniform — even if it’s via Microsoft Teams.”
Military personnel and veterans might recognize the CJTF team’s testing protocol as similar in format to a unit-maintenance or physical-security inspection.
After an in-brief with school personnel via video-teleconference, CJTF personnel on State Active Duty, state technician, and individual training status probe a school’s network remotely, before generating a report on specific steps that school IT personnel should take to fix or patch any problems.
“We scan a network for vulnerabilities, using various malware tools and techniques,” King said. “We don’t read anyone’s email content, or any actual documents — instead, we’re looking for exposures that would allow threat-actors to access that data.”
The state-funded National Guard vulnerabilities team comprises approximately one-quarter of the larger, 20-member Cyber Joint Task Force. Other task-force personnel focus on incident response, and surge as-needed during state, regional, and national events and exercises. The Arizona National Guard is a regular participant in the Cyber Dawn civil-military cyber defense exercises conducted annually in California.
During real-world events such as state and national elections, the CJTF often posts liaisons at the state operations center, but usually operates out of its own offices. Under Emergency Management Assistance Compacts, cyber personnel can even respond — whether remotely or in-person — to incidents in other states.
“In virtual incident-response, rather than physically send a soldier or airman, we can send a script to upload,” King said.
All Arizona National Guard personnel are eligible to join the state’s Cyber Joint Task Force, regardless of military occupational specialty.
“We don’t use [Department of Defense]-specific tools, and we can teach you what we do use. If you’re a truck driver in the Guard, but a network security technician in your civilian job, I definitely want to meet with you,” King said.Read comments