UPDATED 09:25 EST / JUNE 09 2023

SECURITY

How the National Guard trains its cyber soldiers

The National Guard is best known for helping in natural disasters and domestic emergencies at the state level, but it also has a longstanding and perhaps surprising mandate: responding to cyberattacks.

That requires a lot of training, and the Guard this week and next will host one of the largest cybersecurity exercises in the country. Called Cyber Shield 23, the exercise will assemble about 800 people assembled at a National Guard base in North Little Rock, Arkansas, to train the Guard’s cyber warriors. The exercises have been held annually since 2007.

The National Guard deploys its cyber staff in several interesting circumstances. A state’s governor can send them to fix an active cyberattack at a state or local government agency, for example. They could be deployed overseas, to support the information technology operations on a military base, or work with their opposite numbers at a foreign government agency.

And they could be tapped for domestic cyber needs by our own military. Guard personnel comprise both active duty and reservists, the latter are often found working in various IT positions for government, in the private sector, and at major computer companies, such as Dell Technologies Inc. and Microsoft Corp.

Two years ago, I attended a similar exercise in person at a Guard base near Salt Lake City and got to witness firsthand how the top talent in the Guard would fight a series of very realistic cyberthreats. The situations were taken directly from some of the recent incidents that were making headlines during that summer. This year’s theme is defending against an incident that targets our nation’s rail network with threats to both moving personnel and cargo across country.

The event is unclassified and draws on Guard personnel from all branches of the military as well as volunteers from private industry. Guard units at this year’s event have come from 36 state teams, as well as representatives from five countries’ cyber agencies. This forms the basis of the event’s “blue teams” or defenders, and they’re up against “red team” attackers as well as other teams that represent network owners such as internet service providers, operations staff, legal advisers and consultants.

There are more than 50 different roles played by the participants, including actual representatives from the federal Fusion Centers where cyberthreat data is shared among government agencies. The goal of the exercise is to make situations as real-world as possible, to prepare its personnel for potential threats.

Part of the challenge is that the simulation also uses real network traffic to obscure the malware moments, which is very much the case in the real world. Another example is that one of the red team members takes on the role of an employee clicking on a phishing link that deposits malware on the network.

The defending team members must then find this malware before it spreads across their network and infects web servers and other applications. This year’s rail theme is the first time the focus was on operational technology used to run the rail networks, rather than looking at traditional information technology-based threats exclusively.

The entire exercise uses a virtual cyber range that was developed by the Department of Defense, called the Persistent Cyber Training Environment. It’s a huge cloud-based application that runs the attacks, and the Cyber Shield event is the largest operation conducted across this network, consuming more than 3,000 virtual machines and a petabyte of storage.

That means the participants are seated in separate rooms as they try to figure out what’s happening across the simulation. “We aren’t dragging our computers through the bushes,” said Army Col. Jeffrey Fleming (adjacent photo, left), who is the exercise officer in charge of the event.

His superior officer, Army General Teri Williams (right), is the exercise director. She told SiliconANGLE that “we want to build resiliency and trust as part of the exercise, and to rehearse for an actual cyber incident.” Many of the leadership roles are held by women who have been through many Cyber Shield events, by the way, based on what I saw two years ago in Utah.

During the two-week event, there are numerous different types of exercises, including a “purple” day where both defenders and attackers work side-by-side to share tips and techniques. One of the days is devoted to the NetWars competition among the various state Guard units. There are also days spent consuming commercial courseware so that Guard members can obtain their Security+ credential from the Computing Technology Industry Association or CompTIA as well as other SANS Institute certifications.

When you think about the U.S. military, you can understand the greater context that this massive training event fits into. After all, it takes fresh-faced teenagers and turns them into battlefield-ready cyber soldiers.

The difference with the Guard: It also includes technical people who have long careers in IT and cybersecurity. They’re getting tested in the cyber equivalent of tomorrow’s battlefields — in the offices and computer networks that are under attack seemingly every day.

Photo: National Guard

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU