HARTFORD, Conn. – Cyber Soldiers and Airmen from around New England gathered June 14-18 at Joint Base Cape Cod to participate in the seventh annual Cyber Yankee cybersecurity exercise.
The exercise pitted Marines and Marine Reservists as the “Red Team” against “Blue Teams” comprised of Guard members and industry partners representing critical infrastructure sectors, such as power, water and gas companies. The goal was to enhance the cyber warriors’ ability to thwart malicious actors in the digital space.
The battlefield of choice is known as Persistent Cyber Training Environment, a cyber range tailored to look and feel like a typical utility company. Simulated email and web traffic provided realistic concealment for the red team to carry out attacks.
Blue teams helped industry partners identify unusual activity to uncover attacks and malicious programs, mitigate the attacks, and determine the scope of the damage, attack vector, and most likely culprit.
As the week unfolded, the threats increased and malicious actors made their intentions known. What may have started early in the scenario as a network penetration became a deliberate attack delivered by a red team “inject.”
The exercise planners paid careful attention to the master spreadsheet of injects to be carried out over the week. To move the plot along and help the blue teams determine attribution, the white cell (exercise controllers) provided different intelligence items and news stories, curating the experience. Based on how an individual blue team was doing, the white cell either pushed the timeline forward or slowed it down.
Though the scenario featured the notional competitor state “Miteopia,” its proxies and unaffiliated cybercriminals, these types of adversarial forces mirror threats in the real world the past year.
In recent years, the National Guard has become a first responder to cyberattacks. In Connecticut, this played out after a vicious ransomware attack on the City of Hartford. The Vermont National Guard responded to a ransomware attack on the University of Vermont Medical Center.
“[We’ve been doing this] since 1636,” said Brig. Gen. John Driscoll, Massachusetts land component commander. “This is just the next phase of the operation. This is about reassuring the public.”
Typically, real attacks occur on state or local networks or private companies. The Guard role is limited to what the host allows.
Given the gray nature of cyber operations, each blue team brought legal counsel to advise each step of the way. The judge advocate generals (JAGs) drafted memorandums of agreement, updating them as warranted. In real life, having these prepared ahead of time, tailored to either a business or public agency, speeds the response.
Cyber Yankee, a regional event that complements more extensive nationwide exercises, also hosted federal participants from the Department of Homeland Security-Cybersecurity and Infrastructure Security Agency (DHS-CISA) and the Federal Energy Regulatory Commission.