IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Wisconsin’s Volunteer Cyber Team Explodes in Membership

The volunteer group can assemble a response team seven minutes after a request for help — usually from a small city, county or school district. The number of participants has grown alongside the number of attacks.

People sitting in a classroom working on laptops while a teacher instructs from the front of the room.
CRT members participate in quarterly training.
Wisconsin Emergency Management
An influx of volunteers have joined a statewide group to defend small public entities against cyber attacks in Wisconsin. The extra help has proven to be critical as the team has responded to more cyber incidents than ever before in 2023, primarily coming to the aid of small school districts.

The Wisconsin Cyber Response Team started in 2015 as a collaboration between the state’s Division of Enterprise Technology, the Wisconsin Department of Military Affairs and the Wisconsin Department of Justice. About a year ago, administration was transferred to Wisconsin Emergency Management (WEM), a division of the Department of Military Affairs.

In the last two years, membership has expanded from 119 volunteers to a current roster of 457. In 2023, the group had responded to 27 incidents as of October, compared to 19 incidents in all of last year.

Eric Franco, the cybersecurity preparedness coordinator for Wisconsin Emergency Management, spoke with Government Technology about the key factors contributing to the CRT’s success.


Franco says it made sense for the administration of CRT to change hands to emergency management when viewing cybersecurity in an all-hazards context.

“Historically cyber has been relegated to law enforcement, IT and business,” said Franco, adding that while DET oversees state systems, the department has no jurisdiction over municipalities or counties. “We observed a pretty significant capability and response gap within the context of emergency management, so it was an opportunity for us to step back and identify some areas where we could provide different vectors for risk reduction statewide.”

He said the “secret sauce” to growing the CRT was cherry picking the best practices from existing structures in emergency management and applying them to cybersecurity, with significant assistance from volunteers.

“Quite frankly, our membership base has exploded mostly because of word of mouth,” said Franco. “A lot of the districts and counties have either received direct services or someone they knew received direct services, and they want to be involved in some way, shape or form.”


Wisconsin Emergency Management has used the Homeland Security Grant Program to subsidize the group’s training, a resource Franco deems “a game-changer.” A partnership with the Wisconsin National Guard also allows the CRT to provide expertise for a quarterly training program.

This fall, the CRT expanded its partnership with the University of Wisconsin-Whitewater’s cybersecurity program. According to Franco, the university will bolster the CRT’s quarterly training program and give additional support to the team when possible. This partnership will mutually benefit both agencies.

“We’re going to provide avenues for public-sector placements for their students, and also try and build a sensible and vetted conduit for sustainability for membership and networking,” Franco said.


When an initial call to the CRT is received, it undergoes triage with incident response leads in a private channel on Slack.

The team then broadcasts a call on the same platform, requesting volunteers to pre-register to assist with the incident. Franco estimates that it takes 7-8 minutes to assemble a team and set up a meeting. They also collaborate with citizen partners, DET partners, and DOJ partners as needed.

The CRT primarily serves school districts, but also supports counties and municipalities. They protect public-sector critical infrastructure, including public utilities, schools and government services. They have also expanded their reach to support agribusiness in rural areas. In 2023, the CRT responded to 16 cyber incidents involving K-12 school districts, six involving municipalities, three involving county government agencies and two incidents in higher education.

“The nice thing about it is, you know, if you have a county that is hit with a ransomware incident, if they don’t have the resources to have a third-party cybersecurity forensics team, we have one that we can stand up,” said Franco.


The focus of the CRT is on professionalism and confidentiality. Volunteers must submit an application that details their experience, education and professional certificates addressing cybersecurity events or incidents. They are bound to a non-disclosure agreement, and have to provide their TSA Known Traveler Number.

“We don’t blame the victim, right? I mean, we’re there to support that person as if that person's network was indeed our own,” said Franco. “That’s the kind of ownership we take with each of these incidents.”
Nikki Davidson is a data reporter for Government Technology. She’s covered government and technology news as a video, newspaper, magazine and digital journalist for media outlets across the country. She’s based in Monterey, Calif.