A major cybersecurity incident has thrown the city of St. Paul, Minnesota, into a state of emergency, prompting a response from local and state leadership. Starting last Friday, city officials began observing what was initially believed to be unusual digital behavior across municipal systems.

Tuesday, Minnesota Governor Tim Walz had activated the Minnesota National Guard’s cyber division, citing the attack’s complexity and scope as beyond the capabilities of city staff to address alone.

Mayor Melvin Carter confirmed in a press conference that the breach was a “deliberate, coordinated digital attack carried out by a sophisticated external actor,” forcing the city to shut down many public services to prevent further damage.

Though emergency functions such as 911 remain active, residents cannot access online services.

The city’s emergency operations center is now overseeing a full-scale response involving private cybersecurity firms, state officials, and federal law enforcement agencies.

Why It Matters: The St. Paul cyberattack highlights the escalating threat posed by digital intrusions targeting local governments. Growing municipal reliance on interconnected IT systems for public services means cyberattacks are becoming more disruptive. The National Guard’s deployment underscores the severity of the breach and brings into question the cyber capabilities of local governments.

• National Guard Cyber Unit Activated: Governor Tim Walz announced Tuesday that the Minnesota National Guard’s cyber forces were being deployed to assist the City of St. Paul in containing the cyberattack and restoring services. These highly trained military cyber personnel are working with local and federal authorities to contain the breach and complete system restoration. Similar activations have become common in recent years, as digital threats escalate beyond the capabilities of municipal IT teams.

• Scope of the Disruption Widens: The attack has forced city officials to disable critical systems across departments. Officials have emphasized that 911 and emergency operations remain intact, but non-emergency services have been significantly hindered. According to Chief Information Officer Jaime Wascalus, teams are working to map the breach’s extent and prioritize restoration.

• Severity of Attack Prompts ‘Nuclear Option’: Cybersecurity expert Bryce Austin, CEO of TCE Strategy, described the city’s decision to shut down major systems as a last-resort tactic, indicative of a serious and possibly uncontrollable threat. Similar strategies have been used in other high-profile municipal cyberattacks, suggesting that St. Paul may be dealing with an advanced and persistent threat actor.

• Parallels to Past Attacks in Other Cities: St. Paul is not the first American city to face this kind of attack. Prolonged cyber incidents in Atlanta (2018), Dallas (2023), and Columbus (2024) have resulted in financial loss and legal challenges. In Columbus, hundreds of thousands were impacted, and the city has yet to fully recover or publicly disclose the details of the breach over a year later. These precedents suggest that St. Paul may face extended disruptions and long-term consequences, particularly if sensitive data has been compromised.

• Broader Trend in Cybersecurity Defense: The growing frequency of cyberattacks on municipalities has reshaped the National Guard’s mission, with over 50 cyber units now operating across the U.S. According to the Department of Defense, these units regularly participate in regional and national cybersecurity exercises and provide surge capacity during real-world incidents. Major General Joe Jarrard previously emphasized that the federal Cybersecurity and Infrastructure Security Agency (CISA) relies heavily on National Guard resources for both planning and emergency response.

Go Deeper -> Minnesota governor activates National Guard amid St. Paul cyberattack – StateScoop

Cybersecurity professional provides insight into St. Paul cyberattack – KARE 11