Members of the National Guard from New England states concluded a two-week cyber exercise that sought to test the cyber skills of guardsmen and critical infrastructure operators.
Cyber Yankee 2020, which took place July 21-31 in New Hampshire, involved more than 200 National Guard members and their civilian counterparts from across New England states, along with some active-duty partners and participants from local, state and federal agencies. In its sixth year, there was less attendance than previous years due to the coronavirus pandemic, but several were able to participate remotely.
“Cyber Yankee is primarily a hands-on keyboard cyber incident response exercise for National Guard soldiers and airmen in FEMA Region 1, which are the six New England states,” said Lt. Col. Woody Groton, a member of the New Hampshire National Guard and the director for Cyber Yankee, according to a Facebook post by the New Hampshire Air National Guard.
Groton said in a video that the exercise is primarily focused on the electrical and water sector.
The exercise is “a great training opportunity for us to work with those people who would actually own the network that we would potentially respond on and for our soldiers and airmen to get that experience and for the engineers from those various entities, they get the training in working with us,” he said.
The Guard units within the various states are a critical resource to defend against cyberattacks when they overwhelm localities.
“If a large-scale attack happened against a power company, water company, or any other critical department around the state, we would be able to get activated and help them mitigate the threat,” Capt. Frederick Bond, 103rd Air Control Squadron cyberspace operator and exercise Team 3 lead from the Connecticut National Guard, said in a release. “It’s similar to when a storm comes and we help remove fallen trees or shovel snow from roofs to help get critical infrastructure going again.”
The friendly blue team had to deal with simulated attacks from an opposing red team. Social media posts were used to simulate a real internet environment, where forces must sift through the noise and discern what information is needed to make decisions and identify threat actors. In one case, these actors defaced a public website.
“We found some discrepancies including website, it looks like it may have been defaced. The team is digging into finding the source of that defacement and then making steps to correct it,” Master Sgt. Eric Lewis, a blue team member in the New Hampshire Air National Guard, said in a video.
Other actions tested included protecting computer files from being stolen or manipulated.
“We received intel that potential threat actors may be using a certain capability to transfer files,” said Senior Airman Stephen LaLuna, 103rd Communications Flight cyber systems operations specialist with the Connecticut National Guard. “We see the traffic that’s using it, that sets off a flag on our end to look deeper into that. If we determine it is malicious, we send it up the chain with our findings and recommendations to block it.”
Officials explained that one of the most critical aspects of these training events is the partnerships built between Guard units, critical infrastructure operators and government entities so that when a crisis breaks out, everyone is acquainted.
“We have built enduring partnerships with state government and the critical infrastructure sector. Something that if we did have a major cyberattack against one of those, we would be ready to respond and already know each other,” Groton said.
Correction: An earlier version of this story misidentified Lt. Col. Woody Groton. He is with the Army National Guard.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.