Vermont Guard gears up for major cyber exercise
- By Mark Pomerleau
- Jun 30, 2016
The Vermont National Guard is gearing up for a cyber exercise to test its cyber warriors and civilian agencies in various aspects of cyber defense and response in the event of an attack on critical infrastructure. And Vermont’s units are looking for a cyber range to help them prepare.
The National Guard’s objectives in the Vigilant Guard exercise, as it’s called, are to test Guard member’s response capability, game integration into state incident command structure, test response and recovery to a critical infrastructure event such as a power grid and establish a power grid system response framework for all Vermont power companies. More specifically, the exercise – which will take place from Wednesday, July 27 through Tuesday, Aug. 2 – is designed to test a unified incident response to a malware attack and an attack on SCADA control systems executed through the implantation of an infected USB thumb drive.
The exercise will involve Guard units from multiple states as well as civilian and federal agencies. Other Guard units across the country as well as active duty military and federal agencies have recently participated in similar events. In the event of a coordinated cyber attack on the U.S. and critical infrastructure, economic resources, property and even life can be lost. Gaming how all the various agencies and personnel – ranging from several government and military agencies to the private sector, which owns the vast majority of the nation’s critical infrastructure – respond is imperative for setting the rules of the road. As several officials have said, a national crisis is not the time to be exchanging business cards; all the players must be familiar with each other and protocols when an incident occurs.
Cyber Shield, which took place in the spring involved coordination between Guard units from several states and industry in the event of a simulated attack. National Guard units are under the authorities of their perspective governors and in the event of a crisis, can be called upon to respond.
Such was the case in the annual Cyber Guard exercise that took place recently in Suffolk, Va. Cyber Guard games a national incident of cyber consequence and involves participants from Cyber Command, Homeland Security Department, the FBI, private industry and many others. National Guard units participated as well with one of the 13 total Guard units present being the California Guard. In the simulation, the governor of California activated the Guard to conduct incident response on critical infrastructure – in this case, local ports that had been crippled to a standstill, leaving container ships hauling commercial goods stranded at sea.
Secretary of Defense Ashton Carter has lauded the members of the National Guard’s cyber units as a “huge treasure” given that many of their personnel work in the cybersecurity field in their civilian jobs.
The Vermont National Guard, whose role in the exercise will take place on July 30, has asked for assistance in building its cyber training range. This range, according to a contract announcement and award, will simulate an intrusion within a power distribution company network. While the physical location of the exercise will take place in Vermont, a virtualized network will be located at the contractor’s site location.
According to the government’s notice for contractor support in constructing a cyber range to host the exercise, the virtualized network must be capable of replicating a power utility company’s operations network such as SCADA systems. The government, in turn, will provide five to10 workstations or laptops for the exercise.
The importance of building these networks, or cyber ranges, is to provide a safe space to conduct operations without affecting operational networks. “A cyber range is a place where we go to practice our skills just like a rifle range. Well, this cyber range is just as important to us,” said Lt. Col. Henry Capello, of the Louisiana Army National Guard and Cyber Shield 2016 exercise commander. “By having a cyber range we can allow the bad things to happen every day and practice defending it, and because it’s in a range environment we don’t have to worry about damage to live production systems.”
Officials within the Defense Department have long wanted a persistent training environment to maintain skills. Exercises such as Cyber Guard are held only once a year, which officials say is not often enough. “I need teams that can do this rapidly more than once a year, that can pull on partners, that have a distributed network, that have assessors, that have an adversary that is adaptable and is expandable to what we need to improve our readiness,” Maj. Gen. Paul Nakasone, Cyber Command Cyber National Mission Force commander, said at the exercise. “That’s the next step for us in cyber mission forces.”
“The broader challenges we have is this team is still a young force. … The reason the persistent training environment is so important is to give teams like those that are supporting the war on ISIL more realistic opportunities to do their work and train in a realistic environments prior to actually doing it in combat,” Cyber Command deputy commander Lt. Gen. James “Kevin” McLaughlin, said in Congressional testimony recently, using another acronym for ISIS.
High-level DOD officials are hopeful that the Joint Staff facility that has hosted the Cyber Guard exercises will play a larger role going forward to spin up these cyber ranges for training. “We’re really building a cyber training highway here,” Maj. Gen. John Charlton, vice director for Joint Force Development, said of the Joint Staff facility. The facility provided a private network for Cyber Guard exercise participates to play on as to not compromise operational networks. All told, the exercise took up 48,000 square feet of reconfigurable space, over 1,150 workstations and planning and engineering that took between 10 and 12 months.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.