Those of us who lead cyber security teams dread the day that we pick-up our cell phone at 2 am and see the caller ID says “CyberSOC”. You quickly harken back to those days when you were parents getting late night calls from your kids; remember what your mother told you, “Nothing good ever happens after midnight.” You take a deep breath, let out a sigh, and take the call, to learn that they have discovered what they think might be a breach. As one of my colleagues likes to say, it makes your “pucker-factor” go up considerably.

We all work hard to put incident response (IR) plans in place, run exercises and penetration or red team tests, all to prepare for the day when that call comes. But most of us also

 secretly hope that our IR plans are like insurance policies, something you have but never want to use for a real situation. While some people thrive for the rush of those moments, like those who work in emergency rooms, most of us would rather practice and never have to play in an incident response game.

There are many ways an incident response can be done. You can be fortunate enough to have internal resources to handle it. You can have contracts with companies who provide those critical services. You can have a combination of both. But for smaller companies, these options may prove to be too costly and be out of reach. There are free services offered by DHS-CISA, DOE, and others. But even those are limited and could be difficult to get in the event of a nationwide cyber

 event. But there is another resource that is becoming more available in every state– the Army National Guard (ANG).

Over the last several years, the ANG in conjunction with other federal partners and military branches has steadily expanded their cyber unit capability across the country. They have full-time members dedicated to cyber security as well as reservists who use their regular job technology skills to serve the ANG. Many don’t know that these cyber teams are a resource you can call on to help respond to cyber threats and incidents. The State of Nebraska has one of these units. In fact, the Nebraska unit has already helped local companies who have been hit by cybercrime. They can provide forensics, help you analyze your network to stop the spread of malware, and get you started on recovery. You just need to know how to activate them.

Each state has unique rules for how to request those services. In Nebraska, ANG support needs to be authorized by the Governor. Since not everyone has a hotline to the Governor’s cell phone, it simply starts with a call to each county’s Emergency Management Agency office. They use their established protocol to make those requests on your behalf. In some cases, they can be ready to respond in as little as 3-4 hours. But how do you ensure you get the best response time? That’s easy. Just like we develop relationships with our vendors or our local law enforcement, you develop a relationship with them.

" There are many ways an incident response can be done—it can be internal resources, contracts with companies that provide critical services, or a combination of both. But there is another resource that is becoming more available in every state– the Army National Guard (ANG). "

In 2019, the Nebraska Guard reached out to NPPD to request our participation with them in a cyber exercise called Cyber Flag. The exercise called for a joint civilian/ANG team to work together to defend against a simulated cyber-attack. The simulation included a live cyber range with both business and operational technology networks to defend. The civilian team represented the “company” being attacked and the ANG was being brought in to help. The two-week event gave the ANG the training they needed to support their mission and allowed us as civilians to see them in action. It provided tremendous benefits to both teams and established that relationship.

 After its conclusion, we continued to meet regularly and build on what we started in Cyber Flag. Later that year, we developed an idea that could take things a step further. Why not design and execute a similar event to Cyber Flag in Nebraska? We would invite other cyber teams from Nebraska businesses to work with the ANG and get experience on a live cyber range, something we don’t often get to do. The motto quickly formed; “By Nebraska, for Nebraska.” The event would be called Cyber Tatanka.

Why Tatanka? Tatanka is Lakóta for “big beast” or buffalo.The “Tatanka” provided “life” for the Lakóta and other Native American tribes. This massive animal was revered. The Lakóta gleaned everything from the animal to provide food, shelter, clothing, and tools. Beyond the physical, the buffalo provided deep spiritual connection to the earth and the sky and carried the heavy burdens of the people.Cyber systems and technology of today provides “life” for all of us everyday so the name stuck.

After a couple of years of starts, stops, and a global pandemic, in June of 2022, the first Cyber Tatanka exercise was held. The event included 11 civilian teams from state and county governments, andindustry, ANG units from four different states, a team from the Czech Republic Army, and a team of cyber experts from the Ukrainian military who participated remotely from the Ukraine. The military and civilian teams blended into multiple teams to defend systems on a live cyber range against a red team provided by the range design firm over the course of 4½ days. The exercise showed how civilians and the ANG can work together to make Nebraska and other states more cyber secure. It went so well that planning is underway to hold this as an annual event.

If you are a small business in need of cyber security support and services, you might not need to look any further than your own backyard. I encourage you to reach out to your state ANG to see if they have a cyber unit. If they do, it’s a close to home resource that might just come in handy one day when the phone rings early in the morning.