Minnesota governor activates National Guard amid St. Paul cyberattack

Minnesota Gov. Tim Walz on Tuesday activated the state national guard to help respond to a cyberattack on the state’s capital city.

According to an announcement by Walz’s office, the national guard’s help was needed because an ongoing cyberattack against St. Paul was larger and more complex than city staff were able to handle.

At a press conference Tuesday, St. Paul Mayor Melvin Carter said the city noticed “suspicious activity” early last Friday, triggering an investigation.

“We now know this was not a system glitch or technical error,” Carter said Tuesday. “This was a deliberate, coordinated digital attack carried out by a sophisticated external actor intentionally and criminally targeting our city’s information infrastructure.”

Carter, who has issued an emergency declaration, said the city is using its emergency operations center to run a “whole of government response,” which includes the assistance of two private cybersecurity firms, along with state and federal law enforcement agencies.

“We are committed to working alongside the City of Saint Paul to restore cybersecurity as quickly as possible,” Walz said in a statement Tuesday. “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul.”

Carter said the cyberattack shut down Wi-Fi access in city buildings, disrupted the city library’s collections management systems and suspended access to a “wide range” of city applications. He said 911 services are operating normally.

St. Paul Chief Information Officer Jaime Wascalus, who’s leading the city’s response to the cyberattack, said during the press conference Tuesday that teams are “working around the clock to understand the full scope of the situation and our plan for the restoration of services.”

The mayor said the emphasis of the investigation is to maintain operation of the city’s services, discover if any data has been stolen and to restore services. He declined to answer questions about the threat actor or its motives.

The city’s chief information security officer, Stefanie Horvath, said during the press conference that the city took “defensive measures” to limit the attack’s reach and that it is only affecting city systems.

“It’s been a long 24 hours, as you can imagine” she said.

Governors have increasingly called in their National Guard units to support cyber responses in recent years. One 2021 report showed that governors had made such calls for help more than 40 times since 2018.

In 2018, John Hickenlooper, who was Colorado’s governor at the time, became the first governor to sign an emergency declaration because of a cyberattack. He was followed by Louisiana’s John Bel Edwards, who signed emergency orders after attacks in July and November of 2019, and Texas Gov. Greg Abbott, who declared an emergency after an August 2019 incident that affected nearly two dozen local governments.

Cybersecurity has become a larger component of National Guard duties as cyberattacks have become more sophisticated and expensive. There are more than 50 dedicated cyber units in the National Guard, according to the Department of Defense.

At an event in Washington last year, Major General Joe Jarrard, who was then the director of operations with the National Guard Bureau, said that the federal Cybersecurity and Infrastructure Security Agency relies on his bureau to meet the needs of states responding to cybersecurity incidents, as well as for training and other resources.

The bureau hosts national and regional cyber exercises aimed at supporting states. Some Guard members also sit in on state meetings for incident response planning, Jarrard said.