Kansas National Guard cyber warriors partner with other states, industry at Cyber Shield 19

By Staff Sgt. George Davis, Ohio National Guard
Spc. Blake Phelps, Indiana National Guard

CAMP ATTERBURY, Ind. – Our nation, states, communities, corporations and institutions are under attack every day; but instead of bombs and bullets, our adversaries are using binary ones and zeros.

The Kansas National Guard is always there for its citizens, whether it’s feeding cattle from a helicopter, filling sandbags in response to a flood, or providing security and communications for a town ravaged by a tornado. But in these days of information and digital response, the Kansas National Guard also has the capability to respond to threats to our critical information networks.

Soldiers, Airmen and industry partners conduct network surveillance during Cyber Shield 19 training week at Camp Atterbury, Indiana, April 7, 2019. (U.S. Army National Guard Photo by Staff Sgt. George B. Davis)

For two weeks, some 20 Kansas National Guard cyber warriors are honing their information technology skills and will bring that added capability back to the Sunflower State.

Cyber Shield 19 from April 5-19 at Camp Atterbury, Indiana, sponsored by the Army National Guard, brings together more than 800 Army and Air National Guard network defenders and world-class cyber security professionals, industry network owners, an Army Reserve assessment team, and federal and state agencies to train the next generation of cyber warriors in this ever changing, dynamic world of electrons and information networks.

“Cyber Shield is the first time that the Army and Air have been able to come together for training. In an actual event, we would work together,” said Major Dan Rogers, 299th Network Operations Security Squadron, Kansas Air National Guard, Wichita. “We cannot replicate these scenarios at home. We are able to learn about the skills and abilities of each other.”

Kansas has a joint team comprised of the Defensive Cyberspace Operations Element of the Joint Forces Headquarters, Kansas Army National Guard in Topeka and the 127th Cyber Operations Squadron, Kansas Air National Guard, from Wichita. Sarah Liotta, energy manager for the Adjutant General’s Department, and William Glynn, deputy director of the Kansas Intelligence Fusion Center, are also training at Cyber Shield 19.

The exercise consists 24 Blue teams and embedded industry partners. These teams attend a week of training, followed by a multifaceted exercise in the defense of critical infrastructure and election systems. The opposing forces, or OPFOR, are also National Guard members from across the country trained in the use of offensive cyber tactics and tools. The exercise injects cover malicious actors on the digital landscape, and forensics, intelligence, legal, insider threat, and government-industry partnerships.

“It’s a refinement every single year, and next year will be completely different than this year and the year after,” said George Battistelli, the Army National Guard Cybersecurity Program manager, Information Technology Strategy Division chief and the Cyber Shield 19 exercise director. “It depends on what is the threat environment and what is going on. While they’re training, they’re also building relationships.”

The relationships with industry partners, state and federal agencies, and law enforcement are key to effective cyberdefense and the National Guard is naturally suited to grow those relationships, he added.

“Part of the goodness of the Guard is that traditional Soldier who may work at the Department of Public Works or something in his everyday job and then he drills on the weekend. And so he has the inside knowledge of how that system works,” Battistelli said.

The training that Soldier or Airman receives through Cyber Shield 19 and the National Guard adds to his ability to do his civilian job and the training and experience gathered through their civilian work adds to the military’s cyber capabilities.

“And now he’s a very valuable asset” in protecting critical infrastructure, Battistelli said.

The exercise provides critical cyber battlefield experience for the members of National Guard’s Cyber Protections Teams, Defensive Cyberspace Operations Elements and Cyber Mission Assurance Teams. These cyber teams provide critical network defense for the computer networks of our state and local agencies, industry and critical infrastructure.

“We are grossly outnumbered. Even if everyone at the exercise was fully certified and fully trained, we still would be outnumbered,” said Matt Sannipoli, Stealthwatch instructor, CISCO. “With this highly connected world we live in, the threats are coming from everywhere. So the more ways we can identify those, the better we are able to help create the security that we are all hoping we can get to.”

Cyber Shield was conceived to prepare the National Guards’ cyber warriors for this challenging and complex cyber battleground.

“The defense strategy talks about critical infrastructure and about being able to survive and succeed in a contested environment,” said Col. Teri Williams, commander, Cyber Shield 19. “We planned for 11 months to create a contested environment with everything from a scenario for the cyber range to creating all the OPFOR injects or attacks that need to happen. These injects are based on the technical and training objectives that we want to accomplish for that year. That’s what Cyber Shield is all about.”

“The way cyber works is that it’s an environment that every time we get better at defense, our adversaries are going to get better at offense,” said Keith Owen Wichmann, Cyber Situational Awareness technical lead, Applied Physics Laboratory, Johns Hopkins University. “We have a thinking offense coming at us. If we don’t have a thinking defense protecting us, then we don’t have a prayer.”

Cyber Shield has a critical training component that brings in industry leading courses and seminars for the participants organized into tracks based on the role of the participating cyber team member.

“The first week is training and we bring in some top-notch training. We really try to focus on getting people prepared for cyberdefense,” said Williams.

During the first week of training, Cyber Shield brings in high-tech companies such as Microsoft and CISCO. The International Society of Automation does infrastructure network training. The SANS Institute does cyberdefense training.

“But we also focus on the offensive side. Our belief is that the better that you are trained on the offensive side, the stronger a defender you will be,” Williams said. “So we use companies like SpectreOps to come in and give us that offensive training.”

Cyber Shield is a premiere unclassified training exercise for cyber defensive operations. And the contributions of interagency and industry partners greatly enhance the war-fighting capability of cyber teams.

“This is an opportunity to bring together the Army National Guard, Air National Guard, the Army Reserves, private sector, federal and state partners, industry, academia, into a setting where we can learn and grow together as a nation,” said Brig. Gen. Jeffrey Burkett, vice director of Domestic Operations for the National Guard Bureau.