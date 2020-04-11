Boots on the ground looks more like fingertips on the keyboard for one team in North Carolina’s militia.
And those fingers are flying for some members of the North Carolina National Guard as the threat of cyberattacks continues growing.
Since 2018, the NCNG’s Cyber Security Response Force has been called in on more than 35 incidents in North Carolina and other states, according to Lt. Col. Matt DeVivo, spokesman for the NCNG.
And the team has been busy this year, with attacks increasing because of elections, the Republican National Convention scheduled in Charlotte this August, and even the coronavirus pandemic, according to NCNG Capt. Steven Schmidt.
Why the coronavirus pandemic?
“Globally there’s definitely been an uptick (in cyberattacks), going back to November (or) December when coronavirus popped up in China," Schmidt said in a telephone interview.
And, as reports of COVID-19 — the disease caused by the new coronavirus — increase, panic and curiosity make people more likely to open a malicious link, Schmidt said.
“When you get an email and it’s talking about COVID-19 (and) someone dying in your area, it makes it that much more enticing to click on a malicious attachment or malicious link,” he said. That's how malicious software can get installed and be used to steal data and/or lock files.
Another problem piggybacks on the telecommuting options that many employers have deployed recently, often using virtual private networks or teleconferencing systems, Schmidt said.
“In that shift, organizations are trying to get their systems online and they’re not necessarily following the best cybersecurity practices,” he said.
And personal home computers may be more vulnerable than company-issued computers, which are now sharing the home network.
“Now, as an attacker, I would go after the weaker of the two, establish a footprint there and go after the work computer,” Schmidt said.
One incident Schmidt and his team responded to recently occurred on March 18, when the city of Shelby — just west of Charlotte — experienced a malware attack.
Like most instances, Schmidt said, it began with a phishing email attack. These emails look innocent and may even appear to come from a known associate, but they contain malicious software designed to disrupt, damage or gain unauthorized access to a computer system.
That can allow the attacker to access the network and install ransomware, software designed to block access to a computer system or computer files until money is paid via an untraceable Bitcoin payment.
“(With) ransomware, it effectively shuts down networks, servers, computers, all of that stuff,” Schmidt said. The attack in Shelby did not impact its 911 system, but it affected payroll, billing and email services, according to shelbystar.com.
Schmidt said the team was able to build servers and get the city’s computers back online over the course of two weeks.
“What I’ve seen in the past two or three years is that most of our governments know how to go back to pen and paper processes,” Schmidt said. “So it’s not that those services are shut down. It just makes providing those services more difficult.”
The Cyber Security Response Force includes a team of 10 full-time cyber professionals and more than 400 Army and Air Guard cyber specialists, according to a NCNG news release.
“They bring real-world experience as well as professionalism to incidents, and provide a calming voice in what can often be a chaotic and stressful cyber-attack environment,” N.C. Army National Guard Lt. Col. Seth Barun said in the release.
However, the NCNG’s cyber security team is not limited to reacting to incidents.
Sgt. Manuel Bennett, 29, is among 18 of the Guard’s cyber specialists called up to help out during Super Tuesday on March 3.
“During the election process, we’re in place,” the Greensboro native said recently in a telephone interview. “Because things do happen, so we’re not reactive, we’re proactive.”
The group evaluated the latest information on potential threats and prepared response strategies.
Officials would not talk specifics about what potential threats they encountered.
Team members generally have different expertise, including prevention, assessment, incident response and forensics, “the art and science of how an attack was made,” according to the news release.
Its members work closely with state and local emergency managers, elections officials and the N.C. Department of Information Technology, as well as private vendors, such as Spectrum or Microsoft.
“It’s a whole team effort … civilians (are) involved, too,” Barun said during a telephone interview.
Bennett, who was deployed twice to Afghanistan while serving in the Army, said the team was sent out during Hurricane Dorian to set up a system to allow 911 communications. “We’re not driving trucks around, but it’s still the mission.”
North Carolina has an advantage because there are so many technology-based companies here.
“We’re very lucky to have that talent and the breadth of the private sector,” DeVivo said in a phone interview.
“We’ve helped neighboring states,” he said. “The cyber community across the nation is pretty cooperative."
In one instance, Barun said, the team was able to share what it learned with other entities.
“Six other agencies called and said they were able to stop the attack,” he said.
And, Bennett added, “We can always find something that can help us in the future.”
