CAMP WILLIAMS, Utah — Members of the Wisconsin National Guard took part in Cyber Shield 17 April 24-May 6 at Camp Williams, Utah. Cyber Shield is a National Guard exercise in cooperation with the U.S. Army Reserve designed to conduct defensive cyber operations, training and assessment for Defensive Cyber Operations Elements (DCOEs), Cybersecurity detachments and Cyber Protection Teams (CPTs).
“We have tight relationships with the FBI and the Department of Homeland Security, and we’re about to really get to a point where we have rock-solid capability to bring to a cyber event,” said Maj. Gen. Don Dunbar, Wisconsin’s adjutant general.
The Wisconsin National Guard is committed to strengthening cybersecurity and developing capabilities within the State to respond to cyber incidents.
“What we’re starting to see, after about three years of hard work, is these relationships are coming to fruition,” Dunbar said. “We have some wonderful relationships with our private sector partners in the utility industry and other critical infrastructure.
“These exercises serve as validation that we can do something, and it’s not theoretical anymore. It’s practical,” he continued. “I appreciate the [National] Guard Bureau leading this effort, because if they weren’t doing this, we wouldn’t be having these kinds of exercises.”
The focus of Cyber Shield is to assess Soldiers, Airmen, and civilians on response plans to cyber incidents. It allows collaboration between the National Guard, the U.S. Army Reserve, federal and state government agencies and civilian industry partners.
“I think this is really critical in terms of providing realistic training opportunities for our Soldiers and Airmen in cybersecurity,” said Brig. Gen. David O’Donahue, Wisconsin’s deputy adjutant general for civil support. “I think we’re making really good in-roads with our partners in the private sector and with state official partners. We still have work to do, but clearly this is a step in the right direction.”
O’Donahue’s primary role is planning and preparing the Wisconsin National Guard’s response for emergencies, and he supports the idea of training Wisconsin’s Soldiers and Airmen for real-world cyber incidents.
The intent of Cyber Shield 17 is to exercise incident response at the state level, conduct cyber threat intelligence and analysis, and facilitate forensic analysis and enable information sharing and collaboration between Army National Guard, U.S. Army Reserve and mission partners.
Participants from Wisconsin include companies like Madison Gas and Electric, whose business provides critical services to Wisconsin residents.
“This kind of exercise lays the ground work,” said David Blankenheim, the director of electric distribution and strategic planning for Madison Gas and Electric. “We can understand how we would collaborate, and so when the bad day happens we’re ready to go.
“We have to know how we’re going to work together,” Blankenheim added. “We have to work through these phases so that we’re ready to collaborate in a real event.”
The first week of Cyber Shield 17 consisted of training courses across the IT spectrum while the second week put that training to the test in a live cyber exercise.
“We send all of the Soldiers to their designated training so we can train and improve individual skills, and the second week we start exercising and implementing what we’ve learned,” said Capt. Piotr Wlodarczyk, assistant team chief with the Wisconsin CPT, also assistant team chief for the Wisconsin blue team for Cyber Shield 17.
“We have a 10-person team — eight people as basic IT incident responders and two intel analysts that support our team,” said Maj. Jeremy Holmes, team chief for the Wisconsin DCOE.
During the exercise, blue teams play the role of DCOEs who work with their mission partners to defend against red teams. Red teams play the role of adversaries and carry out mock cyberattacks.
Holmes led the blue team in defending the mission partner, who is playing the role of an energy sector company against a staged cyber threat.
For the exercise, “they have called on the support of the National Guard to help out in understanding what that incident is, how to potentially defend their network better and understanding what the scope of the incident potentially is,” Holmes said. “Being able to respond to a cyber incident with also having an active adversary or a person playing the role of an adversary, we’re able to potentially block some aspect of the network or defend the network and the adversary will adapt in real time.”
“To me it’s extremely critical because when a mission partner gets overwhelmed and he has to call on us we have that experience based upon what we learned here as far as what we need to do to assist them,” said Maj. Glenn Flanigan, information systems security officer for the Wisconsin Army National Guard, and red team planner for Cyber Shield 17.
Refining standards of performance is one of the top priorities of the exercise, and any lessons learned will contribute to forming best practices, which can be shared by all participants and implemented in the next Cyber Shield exercise.
“There are so many ways that an adversary can compromise a system,” Flanigan said. “The biggest thing that I’ve noticed for Wisconsin is getting that mindset of ‘what should I be looking for?’”
“It is challenging because you have different pieces of technology, different applications and systems, and you have troops designated to work on them,” Wlodarczyk added. “So yes, it takes some time to orchestrate all of this.”
A common theme between many participants at Cyber Shield was a love for the work and the excitement of forming lasting relationships with some of the best and the brightest minds in IT throughout the U.S.
Chief Master Sgt. Anthony Atkinson, cyber operations chief with the Wisconsin Air National Guard — also a network monitor for the Wisconsin blue team for Cyber Shield 17 — shared his feelings about the exercise.
“I have a passion about cyber and a passion about IT so I enjoy doing it,” Atkinson said. “I’m really blessed to be here, I think it’s amazing. Hopefully, I get to come back next year and maybe bring a few of my Airmen along.”
Dunbar presented Atkinson with a challenge coin for broad knowledge in cybersecurity, and being calm, cool and collected during the more stressful times during the exercise
“This is the new war — this is the new real world,” Dunbar said. “If we’re not ready for it or if we don’t practice, we don’t get better.”
“I don’t think you’re going to see a test network this large and get this many people participating like this anywhere else,” said Master Sgt. Derek Sizer, a cyber transport systems supervisor with the Wisconsin Air National Guard, also a red team operator for Cyber Shield 17.
Competition between the blue and red teams was not only realistic training, but for many of the Wisconsin guard members, it was fun.
“These blue cell guys are pretty good,” Sizer said. “I think going through the cyber threats that we have here on the range gives the Wisconsin blue team, the cyber defenders, a pretty good idea of what they’re looking at.”
A four-year Cyber Shield attendee, Sizer expressed the importance of giving the blue team the best training that they could get, but also how playing the role of adversary on the red team helps him to better understand how to defend a network.
“They don’t get to go and play like this on a live network because you could break something that affects your mission,” he added. “Here it’s kind of a safe zone where they can try things out. They can break things. They can see what an active bad guy looks like, and I think that helps a lot.”
Jalal Ali, director of information services for the city of Wauwatosa — also a civilian member of the cyber response team for the state of Wisconsin as well as a member of the red team for Cyber Shield 17 — appreciated his fourth year at Cyber Shield.
“I wanted to see what happens behind that door of the attacker,” Ali said. “I wanted to see how those systems are set up to better understand how they work so that we can defend against them.”
Ali is a member of one of four cyber response teams located within the state of Wisconsin.
“It’s challenging, but in a good sense,” Ali said. “It gives us an idea, again, of what happens on the other side that we have to protect against.”
The Wisconsin Guard plans to return to Cyber Shield 18 and keep Wisconsin moving forward as they continue to prepare for cyber incidents in collaboration with their mission partners.