Guardsman conduct large-scale cyber training
- By Mark Pomerleau
- May 09, 2016
The potential threat to infrastructure was one focus of the recent Cyber Shield 2016, a national cyber exercise in which National Guard units took part along with Army, Reserve and Marine Corps cyber warriors.
“Cyber Shield is an exercise that takes national level incident response and takes industry partners and matches them up with National Guard units and allows industry partners to use that National Guard response techniques to help them in the event of a cyber intrusion in their environment,” an explanatory video made public by Army Cyber Command’s YouTube channel stated.
“Industrial Control Systems -- things like water treatment plants, energy grids, the power utility company uses these controls to turn gates on and off or valves on and off,” are all controlled by connected cyber systems, explained Lt. Col. Henry Capello, of the Louisiana Army National Guard and Cyber Shield 2016 exercise commander. “If a bad person was able to do something to a petroleum plant or a pipeline, it would allow the gas to leak or allow the pressure to build up until it explodes. There could be man-made attacks that could cause catastrophic events with potential loss of life.” Bad actors could also infect water supplies with dangerous chemicals or prevent necessary chemicals from entering the supply, causing bacteria to grow Capello said.
The exercises, in their fifth rotation, took place a Camp Atterbury in Indiana with the first week consisting primarily of training and the second week focusing on simulated exercises in which nationally certified red teams tested the skills of blue or friendly forces’ defense of networks.
“These soldiers and these teams come in with a baseline of training and they leave with a higher level of training and also have a collective event, which they can share information and tactics, techniques and procedures with each other,” Lt. Col. Daniel Snowdall, Cyber Shield assistant exercise director, said https://www.youtube.com/watch?v=mZeXguu3V6k
Many in the Guard and Reserve are considered, as Secretary of Defense Ashton Carter says, a “huge treasure” given that many of them work in the cybersecurity field in their civilian jobs. “There’s a great untapped, not yet fully tapped resource … which is our Guard and Reserve” that will help DOD utilize “the best technology embedded in our military – defending [the network] so that others can’t disrupt it or exploit it, using cyber offensively as necessary and required,” Carter last year told lawmakers, regarding the unique skill sets they can bring to the military.
“The problem is, is if you look at both the air and the Guard we have civilian skill sets that we use that actually gives us an advantage when we come to the table to do various tasks in the cyber realm because there’s not [an] ICS operator that comes from the military – there’s no [military occupational specialty] for that…But in the civilian world they have a lot of them,” Capello said. “So we have soldiers who have that experience from the civilian world and yet we don’t have them from the military. But our soldiers, since they are both civilian and a Guardsman, have both. Now the flip side of that is some states don’t have that so this is an opportunity to bring all those people together and give them that training so that we can make them a little bit more versatile.”
In terms of real scenario training, blue teams had to defend the “virtual playground” of a “cyber city.” These training exercises are important in terms of providing actual networks to test newfound skills or maintaining and honing capabilities that might wane if gone unused. “A cyber range is a place where we go to practice our skills just like a rifle range. Well, this cyber range is just as important to us,” Capello said. “By having a cyber range we can allow the bad things to happen every day and practice defending it and because it’s in a range environment we don’t have to worry about damage to live production systems.”
This year’s exercise also included industry partners such as water and electrical utilities for the first time, as a means of providing real-world interactions that cyber teams would collaborate with during a crisis.
They also help provide a better picture for analysts and commanders to conceptualize and operationalize a new space. “In the military, traditional warfighting military, everyone knows that intelligence drives operations…part of the reason we’re losing the fight or [we’re] not as adequate as we should be in the fight is because we have not brought in those intel assets to say, ‘Hey, let me tell you what we believe the enemy’s going to do and use intel as a force multiplier,” said Maj. Barbara Mesaros, deputy director of Intelligence for the South Carolina Army National Guard, who added that cyber “terrain” is just like any terrain, be it on land, sea or air.
Another national cyber exercise is set to kick off later this summer. The annual Cyber Guard exercises, scheduled for June, “is designed to exercise the interface between the Department of Defense -- the active and Reserve and Guard components -- that are focused on the cyber mission, and to partner with other elements of the U.S. government as well as state and local authorities,” U.S. Cyber Command Commander Adm. Michael Rogers said last year.
Cyber Guard is also held up as a necessary exercise in helping to plan and defend the nation as a whole – both military and civilian authorities – from cyber incidents, according to Lt. Gen. James “Kevin” McLaughlin, deputy commander of the U.S. Cyber Command, speaking at a recent AFCEA Defensive Cyber Operations Symposium in Washington, D.C.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.