US National Guard Deployed to Combat Ransomware Attacks in Minnesota and Texas
Summary
The United States National Guard has been activated in multiple states to respond to ransomware attacks that overwhelmed local government cybersecurity capabilities. In Minnesota, Governor Tim Walz authorized the deployment of 15 cybersecurity experts from the National Guard to Winona County after a ransomware attack disrupted emergency and critical services. The governor cited the incident’s “scale and complexity” as exceeding the county’s internal and commercial response capabilities. This was Winona County’s second cyberattack of 2026. A separate deployment was also made to Mower County for a similar incident.
In Texas, the governor called upon nearly 40 Army and Air Guard cyber personnel following a significant ransomware attack that impacted local municipalities and law enforcement departments. Guard cyber experts provided support for assessment, response, and recovery efforts across the affected agencies.
The deployments underscore a growing pattern of state governments turning to military resources to fill critical gaps in local cybersecurity incident response capacity.
Sources
The Record — Minnesota sends National Guard after local cyberattack
CBS News — Minnesota National Guard deployed to Winona County after cyberattack
Commentary
The fact that governors are now routinely activating military cyber units to bail out county IT departments tells you everything about the state of local government cybersecurity in the US. These aren’t sophisticated nation-state attacks — they’re ransomware campaigns hitting underfunded, understaffed local agencies that can’t handle a serious incident alone.
The National Guard’s cyber mission is proving its value here, but this is a band-aid over a structural problem. Counties and municipalities need sustained investment in cybersecurity infrastructure, not just emergency military deployments after the damage is done. Winona County being hit twice in one year is a particularly damning data point. If the first incident didn’t trigger meaningful security improvements, what will the second one change?
