By Staff Sgt. Kelvin Green, ARARNG 119th MPAD
and Capt. Kyle Key, National Guard Bureau Public Affairs
NORTH LITTLE ROCK, Ark. - With cyber attacks occurring more frequently and becoming more complex, the National Guard is stepping up its efforts to defend critical infrastructure networks and develop the next generation of Cyber Warriors.
More than 300 Soldiers, Airmen and civilians from 35 states, Puerto Rico, Guam and the District of Columbia converged at the National Guard Professional Education Center for the 2014 Cyber Shield Exercise from April 22 to May 2. While the scenarios they encountered were simulated, the malicious attacks came fast and furious, representative of what network defenders face in the real world.
Each week the National Guard's 54 Cyber Network Defense Teams (CNDT) defend the Guard's cyber backbone, GUARDNet, from more than 100,000 cyber attacks. GUARDNet connects 3,000 armories in 11 different time zones across the continental U.S. along with Alaska, Hawaii, U.S. Virgin Islands, Guam and Puerto Rico. It provides a critical link for command and control of the National Guard and continuity of services in times of emergency.
As the National Guard trains as it fights, participants at the Professional Education Center and online at state Joint Forces Headquarters around the country logged into the simulated network in order to practice how they would respond to a real-world cyber attack.
"The exercise helps those in command understand what the cyber range has to offer behind closed doors and in a controlled atmosphere," said Ken Powell, program manager and lead Engineer for the PEC training network. "It helps them determine where to spend their training dollars more wisely."
"The purpose is to provide them with a real world scenario that will test their skills and challenge them," said Maj. Mike Lass with the National Guard Bureau. "To be able to do that is incredibly satisfying."
The Guard's CNDTs not only protect the National Guard's information highway but also are mandated with assisting federal and state governments to provide vulnerability assessments and help protect their networks. Just as they are available to governors to respond to natural disasters, each individual CNDT is prepared to answer the call. In March, the New Mexico Army National Guard responded to a cyberattack in Albuquerque.
"We act as advisors to the governor," said Col. Raphael Warren, G6 for the New Mexico Army National Guard and officer in charge for the 2014 Cyber Shield Assessment Team. "We had an incident where the activist group Anonymous attacked the Albuquerque Police Department and we [took] that opportunity to get some insight into how those attacks occurred."
Unlike federal troops who are bound by the Posse Comitatus Act, Guard Cyber Warriors can assist local and state law enforcement. Warren said Guard members are filling a void among local governmental agencies nationwide and are on call around the clock.
"I learned that most civilian agencies don't have a team or mechanism to really fight back," said Warren. "The City of Albuquerque elected, and it was a reasonable decision, to turn their networks off after the attack. They essentially shut the city down on a Saturday night ... not a big deal, but the military... we really don't have that option. We have a team that's going to block and tackle and ensure that our resources are up and running. We won't turn off."
The Computer Network Defense Teams consist of eight highly trained and proficient network defenders who have varying skill sets. Each state and territory has similarities but is also individually unique due to their state guidelines and restrictions. The state of California has a unique model in which they are directly engaged with state agencies, conduct vulnerability scans, and provide recommendations on how they can improve their overall security. Ken Foster, a CNDT analyst with the California Army National Guard, said many interagency partners are largely unaware of their vulnerability.
"Part of the biggest challenge is most likely that a lot of times people don't realize that they're having a problem because these advanced persistent threats get in there, they get embedded and they beacon back without that individual knowing," said Foster. "Usually you find out when somebody else exposes your problem, not that you actually discovered it yourself. So organizations like the CNDTs are valuable to state governments and federal government because we can come in and help them assess where they're at, provide those years of best business practices that the DoD has ingrained in those individuals and help them apply that security culture to their current organization."
Maj. Gen. Judd H. Lyons, Acting Director of the Army National Guard, visited with Cyber Shield participants and assuaged concerns of resourcing amidst deepening budget cuts in defense.
"My job is to try to tell your story to external agencies so we can get additional resources," Lyons told the audience. "I had the chance to sit down with many of you and learn about what you do and I appreciate that. My knowledge level is much higher than when I walked in the door. I will take that knowledge with me and hopefully that will make me a better person in trying to get additional resources."
From Intelligence analysts to Department of Defense engineers, all network defenders came together collectively in sharing their knowledge of what they had to offer in this year's Cyber Shield exercise. Guard Cyber Warriors were divided into three teams and assessed each day on their response to subtle and overt attacks. By the third day into the exercise, the spirit of competition was high as the different teams began to solidify and come together. Chief Warrant Officer 2 John Galeotos with the Washington, D.C., Army National Guard Computer Network Defense Team said he shared the enthusiasm and energy during the exercise.
"This is the type of event I want to participate in," said Galeotos. "I don't just want to help create it from the side; I want to be a part of it. This is a very technical field and it's difficult to learn this stuff. But if we do it right and do exercises like this that challenge these young minds, they don't have to get out and go elsewhere to take advantage of their skill set."
According to Col. Mary Henry, the Army National Guard G6, the Guard is the most suited government/military entity for cyber missions due to the unique skill sets that Cyber Warriors possess.
"Our Cyber Warriors come from all walks of life but many of them come from the field of information technology," said Henry. "They work for companies that are very familiar names, Google, CISCO, Hewlett Packard and we've had the good fortune to work with them this week."
Col. Warren left a career with private information technology firms to focus on military cyber operations.
"The most interesting thing about the National Guard, and I'm a prime example of that, is my industry training," said Warren. "I have worked for WorldCom, Comcast and a number of global companies. My company was always interested in getting out ahead of the new and latest technology."
Warren said there are skills Guard Airmen and Soldiers train for and others that are naturally acquired from civilian occupations.
"There are people that just happen to know about Industrial Supervisory Control and Data Acquisition systems," he said. "People in the Guard touch almost every type of hardware and software across the entire U.S."
The National Guard Professional Education Center is developing new courses to meet the needs of the CNDTs and training cyber warriors. PEC's Information Technology Training Center (ITTC) currently conducts 35 information technology courses to include the Computer Defense Network Course. They also have plans for a Senior Leaders Cyber Course for Adjutants General and G3s of states and territories.
PEC and the University of Arkansas at Little Rock (UALR) are exploring a partnership to provide improved course content development, internships, certificates and degrees for PEC instruction. Coupled with UALR's certified and accredited instruction, PEC will continue to be instrumental in providing skilled cyber warriors to support a wide range of federal and state cyber missions.
During a tour of UALR's Emerging Analytics Center, Col. Timothy Keasling, Commandant of PEC, addressed senior National Guard leaders and university administrators.
"UALR is not new to this area," said Keasling. "They work very closely with DoD. They have a forensics lab. They're also part of a consortium with NSA and what we want to do is to be able to leverage that to be able to train our [cyber warriors] to a higher level. That helps with our readiness and it helps with our National Guard both Air and Army."
Keasling said military personnel in the future who take courses through ITTC will not only get certification from U.S. Cyber Command but will get credit for courses in undergraduate, masters or post doctoral academic programs.
"It's a win-win that way and the money that we're spending that is already been put on the table is a double benefit," Keasling added. "Because not only are we helping the Soldiers on the military side, but we're also helping them on their educational side."