Broadening the Cyber Defense Network
When the hacktivist group Hacktovia caused significant disruptions to the World Peace Conference at the Hynes Convention Center in Boston, Massachusetts, Army National Guard Soldiers from the New England States answered the call for help.
In this fictional scenario conducted during Cyber Yankee 18, Guard Soldiers came together to execute realistic cyber defense exercises.
Cyber Yankee 18 – a two-week, regionally focused training – was hosted by the Massachusetts Army National Guard last June at the Regional Training Institute on Camp Edwards. The goal of the exercise is to create a lifelike cyber environment where Soldiers could apply their skills as cyber defenders while building upon the relationships between the National Guard, federal government, State government and industry partners in New England.
Started four years ago, Cyber Yankee was created in response to a need for a more regionally focused exercise.
“We really didn’t have anything that we considered to be low cost, focused on domestic support and regionally focused,” COL Michael Tetreault of the Rhode Island Army National Guard said. “It became an exercise almost out of necessity. We needed an exercise that could train our traditional Guard folks working in the field of cyber where they could take everything that they’ve been learning and put that to use in an annual training environment.”
Along with COL Tetreault, the exercise was planned and executed by Cyber Yankee Exercise Director COL Richard Berthao of the Massachusetts Army National Guard and Cyber Yankee Deputy Director LTC Woody Groton of the New Hampshire Army National Guard.
With approximately 200 participants, Cyber Yankee 18 included Soldiers and Airmen from the Massachusetts, New Hampshire, Rhode Island and Vermont National Guard. There were also government agency and industry participants, including the Department of Homeland Security, Federal Energy Regulatory Agency, Massachusetts Water Resource Authority and the New Hampshire State Police.
“The exercise allows the cyber Soldiers and Airmen to train on cyber defense skills in a realistic environment with a realistic scenario,” LTC Groton said. “One of the key successes this year was how we enhanced the realism by working with industry partners. It makes for better training for Guard members.”
Given the smaller size of the event, planners were able to create a flexible and tailored environment that could be adjusted to meet the specific needs of the participants.
LTC Groton explained, “It’s big enough that we can meet the training values, but it’s small enough that we can react very quickly to any issues that come up, make changes and continue with the training.”
“We control the exercise,” said COL Tetreault. “We can tailor the pace to ensure that each team is learning at the level they need to be learning. My favorite aspect of this exercise is that we, as a region, can get together as a [planning-group], and we all have an active role in what we want the exercise to be.”
During the exercise, participants were broken up into three teams: Blue, Red and White. The Blue team was deemed the “good guys,” and assisted a compromised civilian partner in the scenario. The Red team played the “bad guys,” who attacked the Blue team. Members of the White team evaluated how the Blue team was responding to the Red team’s attacks. Based on the White team’s evaluations, the exercise was adjusted for maximum benefit.
“The White team coordinates with the Red team to pace the exercise based on how the attacks are going,” explained COL Tetreault, who acted as the White Cell officer in charge. “Is the team doing well? Could they be attacked more frequently or aggressively? Or are they struggling? If so, we need to back down a little to give them an opportunity to reorganize and prepare to get their processes in place for more efficiency at completing their mission.”
The exercise layout proved successful. Soldiers left the event with an improved expertise in cyber defense.
“I thought it was excellent this year,” COL Tetreault said. “Each year we continue to build on the lessons learned from the prior year. The things that didn’t work, we made sure we don’t repeat those mistakes again the following year.”
SSG Michael Kinney of Detachment 2, 146th Cyber Warfare Company, Maine Army National Guard, played a supporting role on the Red team during Cyber Yankee 18. As it was his first time participating in the exercise, he said that he appreciated the opportunity to develop his cyber skills.
“It was a good exercise,” he explained. “I learned a lot, even if it was just how much I don’t know about some of the tools we were using. I enjoyed getting to work with our counterparts from other States and seeing everyone involved.”
Among the many beneficial aspects of the Cyber Yankee exercise is the fact that it is performed on an unclassified level. This allows important lessons learned throughout the exercises to be shared with outside organizations.
“We can share information, not just amongst ourselves, but with our State partners and with some of our industry partners that we bring into exercises,” COL Tetreault said. “Even if you weren’t in the exercise, you can benefit from the sharing of that information.”
The exercise showcased the importance of teamwork in cyber operations – teamwork between both the team members and their civilian counterparts.
“Cyber is a team sport,” COL Tetreault said. “One person can’t do it all by themselves. It’s not just the hands-on-keyboard work, but it’s also how they exercise their leadership principles, how they exercise their concepts and their processes that they put in place to go through and defend the network. It’s about being able to follow proven processes and it’s also about combining cyber-experts with intelligence-experts.”
Within the three participating teams, one team was less experienced than the others. This was clear on the second day of the exercise, when that team began falling behind. Because of the flexibility built into the exercise, the planners were able to adjust the teams to ensure the teams were on an even playing field and each individual team member could benefit from the experience.
“We realized that [the team] just needed some more talent in their cell,” said COL Tetreault. “We were able to cross level from one of the high performing teams over to the lower performance team with some talent to help mentor them and get them where they needed to be.”
COL Tetreault continued, “The Soldiers actually really appreciated that because instead of getting frustrated, they requested assistance and we were able to maximize the learning. The underperforming team ended up really feeling like they got a lot out of the exercise and benefited from being there.”
With plans for Cyber Yankee 19 already in the works, Soldiers have noted an eagerness to continue to increase their cyber skills and experience insightful interactions with their State, federal and local counterparts during future exercises.
Interested in joining the Army National Guard Cyber Force? Find out more here
“The skills involved with cyber, if you don’t use them, you lose them,” SSG Kinney said. “You may remember general concepts, but the actual steps that go into each individual piece – whether you are on offense or defense – are critical. Having an opportunity to do this every year is great. I’m already looking forward to next year.”
By Staff Writer Tatyana White-Jenkins