Maryland gets cyber assist from National Guard during pandemic
- By Lauren C. Williams
- May 27, 2020
Maryland Governor Larry Hogan called in the National Guard to help his state -- not just with its pandemic response but also with cybersecurity assessments.
Maryland learned a hard lesson a year ago when a devastating ransomware attack hobbled Baltimore city's networks, so it is taking precautions to keep IT networks secure.
Col. Reid Novotny, Maryland National Guard's Joint Staff= lead for IT and cyber, said ransomware attacks “have affected hospitals that are treating COVID patients."
Novotny wouldn't name the hospital or county but said notices were disseminated to ensure "patients and the residents of that county that went to that hospital were assured that everyone was up and working."
Maryland Chief Information Security Officer Chip Stewart confirmed that the state has seen an increase in malicious activity but didn't specifically address the hospital ransomware activity.
"Maryland has noticed an increased frequency of attempted cyber-attacks as have many other states throughout the country, ranging from phishing emails to sophisticated attempts to bypass security measures," he wrote in an email.
The state has established a security operations center to monitor infrastructure threats, and the guard, per Stewart, is performing "routine external assessments of the state's websites and networks to identify issues proactively."
Maryland’s Department of Information Technology continues to engage in proactive security that includes regular patching and vulnerability management, as well as ongoing penetration testing to identify weaknesses before adversaries can exploit them.
But despite those efforts, attacks accumulate, Stewart said.
"From an attacker standpoint, things are worse, with the number and sophistication of attacks increasing every day," he said. "As with everything in security, defense-in-depth is the answer."
That includes technical controls, management and oversight for security awareness and training for state employees "to extend our firewall to the end-users, which is critical in preventing these attacks," he said.
As the pandemic's impact spread, Maryland's CISO selected a number of data repositories and websites, such as those for the state health and labor departments, for support. The Maryland Guard produced a report with suggestions to fix vulnerabilities found during the assessments.
As of May 15, the Maryland National Guard has provided over 3,000 man-hours to four different state agencies across four counties, or about $1 million in commercial value of cyber support, according to Novotny.
The National Guard's cyber role isn't limited to the pandemic. The guard has been instrumental in providing election security support as the threat to voting infrastructure rises, and helping municipalities combat garden-variety ransomware.
But the guard's capabilities are mired in complex policy and culture norms that make calling in cyber units for network help more complex than having guards stack sandbags to prevent flooding after a hurricane.
"It should be no different that when there is a hurricane and you need to have a National Guard troop help you with sandbagging or something to the like of driving a Humvee down the streets of Baltimore," Novotny said. "It is often very difficult in the policy world that we live in to have a National Guard troop do the same in cyberspace."
However, that could change post-COVID, as government agencies' responses to the pandemic are scrutinized.
"There will be a lot of change and churn coming out of this specific incident to further clarify who is responsible for what and when in responding to a national emergency or state emergency under [the Federal Emergency Management Agency], in coordination with [the Department of Homeland Security], with the National Guard and all the other federal and local stakeholders," Novotny said.
"The actual law is there," he said, referring to the Stafford Act which has cyber listed as one of the critical infrastructure threats FEMA can respond to. "This is a cultural movement and an ability to get around some internal policies in the DOD. But we will continue to advocate but this doesn't inhibit us from helping the state of Maryland."
This article was first posted to FCW, a sibling site to GCN.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.