Growing team of IT professionals volunteering to help communities, school districts respond to cyberattacks

Wisconsin Emergency Management's Cyber Response Team has more than 400 members sharing information on cyber threats, helping systems recover from attacks

Cyber Response Team member works on a training exercise
A member of Wisconsin Emergency Management’s Cyber Response Team works on a computer exercise during a quarterly training in Madison. Photo courtesy of Wisconsin Emergency Management

When a tornado or flood hits a community, it’s not uncommon to see volunteers from across the state respond to the call for help by local officials.

Now a growing group of IT professionals are answering that same type of call when a Wisconsin school district or municipality is hit by a cyberattack.

“Cyber preparedness and planning is an all-hazards activity, not unlike the kind of activity and planning we do for tornadoes or floods,” said Eric Franco, cybersecurity preparedness coordinator for Wisconsin Emergency Management. “People coming together to help clear debris or do search-and-rescue after a tornado, it’s the same response principle (for cyberattacks), just a different checklist.”

Stay informed on the latest news

Sign up for WPR’s email newsletter.

This field is for validation purposes and should be left unchanged.

Franco coordinates WEM’s Cyber Response Team, a group of volunteer IT professionals from local and county government, other public entities like school districts and some private businesses that share information on attempted cyberattacks. The team originally launched in 2015 and over the last two years, participation has more than doubled in size to over 400 members.

Franco said notifying the team about attempted attacks helps everyone in the group protect their systems against a similar strike. And when an attack does make it through, around 150 of the members have volunteered to help local governments or school districts work through restoring their operations.

“A lot of those systems have relatively small IT departments across the state,” Franco said. “The idea was to be able to stand up volunteers who would be able to respond to cyber incidents locally or remotely and to provide assistance to those public sector entities.”

In addition to WEM staff, the Cyber Response Team also receives help from the state Department of Justice’s cyber and financial crimes unit and the Wisconsin National Guard’s defensive cyber operations.

Dan Honore, director of information technology for the Village of Pleasant Prairie, has been a volunteer leader for incident response since the Cyber Response Team got started. He said ransomware is the most common form of attack on a system in recent years.

“A lot of school districts and even some state, local and tribal governments, they fall prey to ransomware,” he said. “Unfortunately it’s a very difficult thing to come back from if you’ve not done the right thing beforehand, meaning that you’ve got good back-ups.”

He said the Cyber Response Team helps identify the source of the ransomware, which in most cases is a phishing email, and helps local officials get their systems back up and running, whether through restoring a back-up or in some cases buying brand-new equipment.

Honore said some of the incidents have been simpler, for example when a high school student hired an online company for what’s called a denial of service attack on their school district’s website.

“It would throw so much traffic at the network that it couldn’t handle any legitimate requests. So this student hired this service, probably for like $25, to do a denial of service to the school district during an online exam,” he said. “Eventually, we were able to narrow it down to a specific individual and that individual received a visit from the sheriff.”

Franco said school districts in particular are vulnerable to cyberattacks because many don’t have enough funding for cybersecurity measures or large IT departments. And he said it’s not just the threat of having a network shut down.

“Payroll may not be able to be made, vendor payments might not be able to be made,” he said. “Students who might have access needs, that medical data could be compromised. Home addresses of children with needs that might be targeted by potential bad actors. You don’t necessarily know the full scope of what the danger is.”

Honore thinks the Cyber Response Team has grown in size because IT departments are drawn to the chance to not have to face cyber threats on their own. He said team members are able to access training opportunities at reduced prices and network with others across the state.

He was personally drawn to the chance to learn new ways to improve his own work and protect his village’s system. But Honore said the most rewarding part has ended up being the chance to help school districts and others who are in crisis and can’t afford to pay a private IT company to restore their system.

“Especially when you get in the school districts, they’re just shut down. They can’t do anything for days and weeks,” he said. “It’s really nice to know that you can help them when they need help.”

You make WPR possible! WPR t-shirt $12/month. Give now.

Trustworthy news, world-class music and Wisconsin stories … made possible by people like you.