A team of about 10 Pennsylvania National Guard cyber and computer security specialists are helping run Cyber Shield 2022, the U.S. Department of Defense’s largest unclassified cyber defense exercise involving approximately 800 National Guard cyber specialists as well as law enforcement, legal, government and corporate partners from across the country. Cyber Shield 22, taking place from 5-17 June at the Army National Guard’s Professional Education Center on Camp Joseph T. Robinson in North Little Rock, Arkansas, brings together the nation’s top cyber defense professionals from the National Guard. This year’s exercise also involves teams from the U.S. Navy and the U.S. Coast Guard. Service members and civilian experts from 20 states and the U.S. territory of Guam have gathered for the exercise.
The Pennsylvania National Guard members are part of the state’s Defensive Cyber Operations Element. They are leading the “network owners” and the “range” sections and hold key staff and leadership positions within the “fusion cell” and on the Red Team (the “bad guys”).
Because National Guard cyber defenders are often called upon to respond to cyber attacks on networks that are not their own, they need a local official who can give them permission to take certain actions on the network, said Pennsylvania Army National Guard Maj. Christine Pierce, the Cyber Shield 2022 network owners lead.
“These local officials are the network owners,” Pierce said. “Involving the network owners makes the training more realistic for the service members and it also helps build the relationships between the National Guard and other governmental and industry partners.”
These relationships are important in responding to real-world cyber incidents, she added.
Cyber Shield uses the Army’s Persistent Cyber Training Environment (PCTE) as the “range” – the simulated network where the Blue Teams - the “good guys” – defend against the Red Team. While PCTE is an excellent tool, bringing in teams from throughout the nation into PCTE can be a complex undertaking, said Pennsylvania Army National Guard Chief Warrant Officer 3 Jeremy Marroncelli, the range officer-in-charge.
“It involves managing a lot of permissions and testing, to ensure the range operates properly,” Marroncelli said. “The range allows our cyber warriors to get intense and challenging training that helps prepare them for real-world responses.”
The fusion cell integrates local, state and federal law enforcement elements into the exercise along with cybersecurity, intelligence and digital forensics experts. Just as it would in a real-world incident, the fusion cell operates as the focal point for the receipt, analysis, gathering, and sharing of threat-related information between local and state government agencies, other mission partners and national intelligence agencies. The noncommissioned officer in charge of the fusion cell is the Pennsylvania Army National Guard’s Staff Sgt. Andrew Clancey.
The annual exercise, led by the Army National Guard and assisted by the Air National Guard, is a concentrated effort to develop, train and exercise cyber forces in the areas of computer network internal defensive measures and cyber incident response, according to the National Guard Bureau.
These cyber defensive measures can be employed to defend and protect critical cyber infrastructure including industry, utilities, schools, health care, food suppliers as well as military networks.
The first week of the exercise involves training classes and hands-on exercises for participants. During this part of the exercise, service members have the opportunity to take top-notch information technology classes and earn industry-standard certifications that can be used both in the military and in civilian careers. These 15 different classes and certifications typically cost hundreds of dollars outside the exercise and are provided to participants at no cost.
The second week puts the cybersecurity service members’ skills to the test pitting them against an opposing force of hackers. The cyber defenders will work on identifying an intrusion into a computer network and then countering the hacker’s actions, said George Battistelli, Cyber Shield 2022 exercise director and the deputy chief information officer for the Army National Guard.
This year the exercise is focusing on responding to a “supply chain” attack similar to the SolarWinds attack that effected many corporate and government networks, Battistelli said. A supply chain attack is when the hackers insert malicious code into third-party software such as IT monitoring software. When the software, or updates to the software, are installed, the malicious software is also installed allowing the hackers access to the corporate and government networks. The SolarWinds attack infiltrated a wide array of corporate and government networks.
The exercise also infuses social media “noise” into the scenario, making the exercise as realistic as possible.
This year the Blue Teams – the “good guys” – will work to defend the military’s own computer networks. In the past, the exercise scenario has had the Blue Teams responding under the authority of a state governor. This year, they are responding under federal authority. This changes the policy and regulatory bounds as well as the legal authorities of the response.