When a city like St. Paul faces a significant cyber incident, the Minnesota National Guard is one of the state-level assets that can be brought to bear to help contain and remediate the threat. That support is neither automatic nor unlimited. Understanding the capabilities, authorities, and friction points between municipal IT teams and Guard cyber forces is essential for a rapid, safe, and legally sound response.

What the Guard brings to the table The National Guard has spent the last decade building cyber protection teams and related units that can perform incident response tasks, host- and network-level forensics, threat hunting, and vulnerability assessments. Those teams are populated by service members who often work in civilian cyber roles and so can bridge operational, technical, and organizational gaps quickly. They can operate from state facilities or remotely, and they can augment local capacity when an incident exceeds municipal resources.

How state activation works in practice A governor, acting under state authority, can activate Guard assets to provide Defense Support of Civil Authorities in response to emergencies. That state activation keeps the Guard under gubernatorial control, which is critical for civil-military coordination and for preserving local legal authorities and privacy constraints. Department of Defense policy and national guidance also frame how military cyber capabilities support civil authorities in cyber incidents, clarifying that DoD support is normally in a supporting role to civilian-led response efforts. These authorities and frameworks must be understood and acknowledged before a Guard response is effective.

Precedents and expectations Governors and state IT shops have used Guard cyber forces for defensive efforts in the recent past, for example to protect election infrastructure and other high-risk systems that attract nation-state level interest. Those activations illustrate two important points: the Guard can provide hands-on monitoring and defensive operations, and states typically formalize the relationship in advance through orders or memoranda so missions and timelines are clear. Expect a similar approach for municipal support: a formal request, clearly scoped mission, and tight coordination with federal partners when needed.

Operational caveats local leaders should know

  • Scope and limits. Guard cyber teams typically operate on government networks and with authorization. They do not replace local incident response teams. Their role is to surge capacity, provide specialized forensics, and coordinate with federal partners when the incident crosses thresholds for federal involvement.
  • Legal and privacy constraints. Guard personnel are subject to military and state regulations. Any forensic work that accesses protected data or involves criminal investigation must be coordinated with entities such as the state Bureau of Criminal Apprehension and the FBI to avoid contaminating evidence or violating privacy laws.
  • Command relationships and communications. Because the Guard is a state asset unless federalized, city and county CIOs must ensure requests for assistance go through the right channels. Pre-established points of contact and a shared incident response playbook reduce delays. Minnesota has already invested in mechanisms to improve whole-of-state coordination through public-private and interagency forums, which helps expedite Guard integration when requested.

Practical steps for St. Paul IT and city leadership (what to do now) 1) Pre-approve engagement pathways. Build standing memoranda of understanding or addendums to the city incident response plan that identify how and when the Minnesota National Guard will be requested. Include legal counsel, the state coordination cell, and the state fusion or investigative partners. This avoids confusion during a live incident. 2) Define mission scope and boundaries ahead of time. Agree on what Guard teams will and will not do: systems they can access, data handling rules, forensic evidence preservation, and timelines for handoff back to city staff. Clear scope protects civil liberties and ensures continuity of operations. 3) Maintain analog continuity plans. For critical public-facing services such as payments, permit processing, and public library access, have analog fallback procedures and pre-scripted communications templates to use if online services are taken offline for containment. This reduces pressure to rush risky technical actions. 4) Conduct regular joint exercises. Include Guard cyber personnel, state IT, the Bureau of Criminal Apprehension, and your municipal teams in tabletop and technical exercises. Exercises surface gaps in evidence handling, role clarity, and interagency communications so they are not surprises during a crisis. 5) Fund and staff resilience. Use state and federal grant channels like the State and Local Cybersecurity Grant Program to shore up baseline defenses and to hire or retain forensic and incident response talent so the city is not wholly dependent on surge support. Minnesota’s statewide planning structures are intended to help prioritize those investments.

Communication and public trust When the Guard is involved, public messaging must be clear about why military cyber forces are supporting a municipal response and what protections remain in place for residents. Avoid technical jargon. Explain: who is managing the incident, what systems are affected, whether personal data may have been exposed, and how the city is preserving services while restoring systems. Pre-approved public information procedures that align city, state, and Guard public affairs teams prevent mixed messages that erode trust.

Final cautions for city leaders The Guard is a powerful surge capability, but it is not a substitute for investment in prevention. Treat Guard support as part of a layered strategy: improve patching and identity hygiene, harden internet-facing services, run regular phishing-aware training, and keep up-to-date backups and tested recovery processes. Guard teams augment and accelerate recovery, but they do not remove the need for municipal ownership of security and continuity.

Bottom line St. Paul can and should plan for productive, lawful, and effective collaboration with the Minnesota National Guard. That collaboration is most useful when it is pre-planned, scoped, and exercised. Build the relationships now, write the playbooks, and fund the basics. When the next serious incident arrives, the difference between orderly recovery and chaotic response will be the preparation you do today.