The North Carolina National Guard (NCNG) is a part of the State Emergency Response Team and provides resources available to the state to prevent, protect against, mitigate, respond to and recover from various incidents, natural disasters, and cyber intrusions. The NCNG Cyber Security Response Force (CSRF), N.C. Emergency Management (NCEM) and N.C. Department of Information and Technology (NCDIT) work together to defend the state against malicious cyber threats every day of the year.The NCNG CSRF, NCEM, and NCDIT, as a part of the state cyber protection response coordinate with the Department of Homeland Security and other federal, state and local agencies when appropriate.
NC Guard's Chief Information Officer, Lt. Col. Robert Felicio, explains the details of how the CSRF interacts with state agencies.
"This response force can perform a lot of functions, some of them are preventative, and some of them are reactive," Felicio said. "From a preventative perspective, they can do cybersecurity assessments to help before attacks occur in their network environment. On the reactive side of the house, after an attack takes place, we assist in managing the response through the chaos."
The CSRF continues to be relevant by training municipalities and counties in the state finding the best solutions to implement for their particular cyber environment.
"I think an important note is when we do respond, we help to identify indicators of compromise, themes, and patterns," said Lt. Col. Seth Barun, NC National Guard's Chief of Cyber Operations. "In a recent incident within hours of sharing information with our partners, we identified six other agencies with similar malicious traffic and were able to get out in front of it before the attack."
CSRF's goal is to provide capabilities to the state response team and support the defense of state networks. Law enforcement cyber teams at the federal, state, and local level focus on the perpetrators.
"The beauty of working together is that it doesn't matter who they [local or state agency] reach out to because we all know immediately what is going on," said Tom McGrath, NC Emergency Management's Cyber Manager, who works as part of the team at the NC Information Sharing and Analysis Center -- the state's fusion center which gathers and shares information on a variety of threats. "We are able to get together when necessary to bring in law enforcement."
Felicio stresses the importance of their structure within the Cyber team.
"Our primary mission is to support state entities and get them back to pre-event conditions and help them respond and recover to the point where their services are again operational," said Felicio.
As for Felicio, the best possible solution can be addressed through help with other state partners.
"What we've seen across the country is that many malicious cyber-attacks look alike and have similar themes that can link an attack that happened in California with one in Texas or North Carolina," said Felicio. "So as a team, we can reach out to those states and try to connect those dots [themes, indicators, and patterns] and immediately share information with our local, state and federal cyber partners to collaborate on solutions."
Getting cyber protection down to the local municipality level can be challenging, but is an important role for the CSRF, NCEM, and NCDIT.
"There are plenty of tools out there that you can get for free, and when set up correctly and monitored, they are going to do the job," Barun said. "Many local agencies do not have the money in their budget for cyber protection, so we try to show them what tools to use and help them optimize what they already have because it's more than having the best equipment, it is maintaining the tools/ equipment that you have and keeping the system up-to-date with patching.
Everyone gets annoyed when they have to reset their computer for patching, but the best thing you can do for cybersecurity is to allow those controlled installs and updates to occur," Barun said."
McGrath emphasizes the need to train and interact with all the state's cyber teams.
"The important thing we say at NCEM is that during an incident is not the time you should be exchanging business cards," he said. "So, rehearsing and having productive cyber symposiums, networking with other cyber experts and documenting performance makes our state better prepared for attacks."
The future of cyber forces within the North Carolina National Guard, NCEM and NCDIT and other state agencies will grow with innovations and future advancements in technology.
"I think the senior leadership of N.C. Department of Public Safety, NCEM, the NC Guard, and NCDIT get it, and are focused on cyber," McGrath said. "It's that commitment from our state leaders knowing the importance of cyber protection and our strong partner agencies that will help protect our state from cyber threats."