National Guard Units Train to Defend Against Cyber Attacks
JOINT BASE CAPE COD, Mass. --
More than 400 eyes stare at a sea of laptops in a series of rooms here. These eyes belong to the participants of Cyber Yankee 2018, an exercise in which National Guard cyber units and civilian agencies train to react and defend some of the area’s critical networks against domestic cyberattacks.
Army Capt. Lee Ford, the assistant team lead for Cyber Yankee and a member of the Massachusetts Army National Guard’s Defensive Cyber Operations Element, said many people are mystified by what a cyber unit would train on and do not realize how the success of such units could directly affect the public or troops in the field.
“They look at those in cyber and think, ‘Oh, they are just behind computer screens not doing anything. Well, those guys behind there could be the ones defending you getting your orders properly, [or] your position, where you’re located,” he said. “Technology is engrossed in every facet of our lives -- texting mom over in California or ensuring clean water inside your faucets. Technology is in every industry.”
During the Cyber Yankee exercise, the Red Cell -- the bad guys -- attacks sites defended by the Blue Cell. The Blue Cell’s mission is to make sure the exercise region remains operational in the face of attacks against a water supply networking system, a power company and a Defense Department network.
The cyber teams are prepared for battle.
“We have a bunch of network monitoring software out there,” said Army Staff Sgt. Ryan Beaudoin of the Rhode Island National Guard’s DCOE. “A lot of it is based on skill, too. You have different people that are good at certain things.”
Many of the soldiers and airmen on these cyber teams come from civilian backgrounds in defense or intrusion detection, working for organizations such as IBM, Akamai or the Massachusetts Institute of Technology.
Army Spc. Adam Wong works for MIT’s Lincoln Laboratories and is also a network and host base forensics analyst with the New Hampshire Army National Guard’s 136th Cyber Security Support Team Detachment.
“In the event of an intrusion, I will analyze malware files,” he said. “I’ll conduct forensics, try to attempt to reverse-engineer the malware and figure out what it’s doing, and also trace back into the network logs and try to figure out how it got there.” Wong said the group is learning to hone its skills as a team and to adapt to work in panic mode.
Military analysts on the team provide different angles on how to fight the scenarios.
“We can come in and we can analyze, look up that threat, see if they’ve had any issues in the past, see what they’re motivated by -- is it money, is it political affiliation or something like that?” said Army Staff Sgt. Tara O’Keefe, a military intelligence analyst with the Massachusetts Army National Guard’s 136th Cyber Company.
Air Force Staff Sgt. Benjamin Crowley, a Vermont Air National Guard alternate communications security manager with the 158th Communications Flight, said he volunteered for this exercise because it offered more hands-on training than he is used to.
Crowley’s unit focuses on protecting the technology that effects the communications between F-16 fighter jets and the ground forces.
“It’s huge. Everything is integrated into cyber -- a lot of the operating systems that we work on, a lot of the tools that we work on,” he said. “It’s good to have that knowledge.”
Army Sgt. Colton Williams, with the Massachusetts Army National Guard’s 126th Cyber Protection Battalion, is a military police officer retraining as an information technology specialist. “The level of skills of these individuals, it blows me away,” he said.
He said he believes this training is important because the network is everywhere and the Guard needs to be able to activate stateside to help the nation’s citizens.
“There’s no dedicated front line, so having a soldier that’s capable of operating both on the home front and overseas [is] absolutely necessary,” Williams said.