By Staff Sgt. Chad MenegayMay 21, 2018
CAMP ATTERBURY, Ind. - Members of the Army National Guard, Air National Guard, Army Reserve and partner civilian agencies carried out mock cyber attacks in a Red Cell versus Blue Cell exercise as part of Cyber Shield 18 at Camp Atterbury, Ind., May 14-18.
Cyber Shield 18 is an Army National Guard event with over 800 participants that begins with a week of classroom preparation and culminates in Exercise Week, scenario-based cyber role-playing. This is the seventh iteration of Cyber Shield, which began in 2012 and trains cyber warriors of the Army National Guard, Air National Guard and Army Reserve, as well as civilians who work in law enforcement, intelligence and information technologies.
"Cyber Shield is real," said Lt. Col. Brad Rhodes, commander of Cyber Protection Team 174 for the Colorado Army National Guard, and the Deputy Officer-In-Charge for Cyber Shield 18. "It's about as real as it gets for these defenders, and it gets them that realism, so they can take that back and actually perform in an incident response in a credible manner."
During Exercise Week, the mock scenario featured a private sector, contracted infrastructure partner in the transportation industry, whose network systems were infiltrated by hacktivists. The partner needed to call in the National Guard to mitigate the risk and improve their networks.
Red Cell members acted as enemy or hostile adversary hackers to challenge and push the limits of the Blue Cell's cyber warriors.
"Red cell worked as a thinking OPFOR (Opposition Force), moving through the network, exploiting the vulnerabilities of the network, stealing data just like in real life, and trying to break stuff,"
Blue Cell members worked to defend their infrastructure against the Red Cell's attacks.
"Our blue team members are our defensive cyber operations elements, our network defenders: Cyber Protection Teams and our Reserve Partners who are Army Reserve Elements," Rhodes said. "If you've seen the data breaches that are going on in the world today, that's what they're seeing, data exfiltration. They've snuck in the back door that was unlocked; they've rifled through the safe. They've found the key documents they needed with the private information on it. They steal those documents, go back out that back door, and post that information online."
Gold Cell members coach and mentor the Blue Cell, and White Cell members evaluate the Blue Cell's performance.
"As we get toward the end of the week, we see the teams every day get more and more done, take the tools that they learned, do research, and figure out new ways to catch the bad guys. Now the teams are at the point where they are catching OPFOR on their networks. They're starting to see the patterns. We throw a lot of data at them. We try to get them to know what they're looking for, so they can catch the bad guys quicker."
Military personnel work closely with interagency partners and the private sector to strengthen network cyber security and capabilities to support local responses to cyber incidents in the exercise.
Cyber warriors from civilian agencies and military units with varied skill sets and levels of experience shared their knowledge freely with one another.
"I've met a lot of people with unique skill sets," Air Force Master Sgt. Matthew Dill, lead administrator with the Ohio National Guard's 269th Combat Communications Squadron. "I've gotten a lot of tools from other organizations, such as the F.B.I. and other states. The training here was fantastic, so when I get back I plan to integrate some of the Standard Operating Procedures into my units."