By Maj. Carla Raisler, Team Chief, Joint Forces Headquarters Defensive Cyber Operations Element
[caption id="attachment_29954" align="aligncenter" width="300"]
The Kentucky National Guard's Defensive Cyber Operations Element (DCO-E) team attended Cyber Shield 19, April 5-20, at Camp Atterbury, Ind. Cyber Shield is a major exercise involving National Guard Cyber Operations Soldiers and Airmen from 40 states and territories, as well as Army reserve trainers, state and federal government agencies, and more than 50 industry partners. (Courtesy photo)
CAMP ATTERBURY, Ind. -- Members of the Kentucky National Guard and civilian partners joined forces at the Cyber Shield ‘19 national level exercise for two weeks of cybersecurity training and simulated incident response, April 5 - 20, at Camp Atterbury, Indiana.
Each year, Cyber Shield brings together cyber forces throughout the military and civilian spectrum to train and exercise together. This year, the event hosted more than 800 Army and Air National Guardsmen, Reservists, private industry partners, federal and state agencies and assessment and support teams from around the country. Kentucky had 29 participants. The exercise is exclusively focused on cybersecurity training and incident response.
For cyber warriors like Spc. Josiah Calicott, an incident responder with the Defensive Cyber Operations Element (DCO-E), he was fully immersed in his Military Occupational Specialty (MOS) for the duration of his annual training.
“I was learning job relevant information every day. Because of this annual training, I am much more prepared to fulfill my role in the unit, which should be the goal of every annual training,” said Calicott.
DCO-E trains throughout the year in preparation for the exercise. Training consists of virtual, instructor-led and exercises to prepare the team to conduct incident response. The team is broken down into cyber-fire teams and have their own battle drills, which contain individual and collective tasks to prepare them to respond to simulated and real-world cyber incidents.
Maj. Dayna Sanders, the Cyber Shield exercise operations officer and a cyber officer with the Kentucky National Guard recognizes the difference and similarities between traditional unit training and Cyber Shield.
“Most units go to the field, fire weapons on a range, complete METL (MOS specific) tasks, and so do cyber warriors. The training range is virtual and their weapons are computers, keyboards and software-based tools. The tasks completed are essential to the mission, they are just not as well defined by Army doctrine,” Sanders explained.
The training and exercise also provide an opportunity for Soldiers to learn new skills and quickly apply them to the exercise in real time. Sgt. Tucker Huff, a cyber analyst with the Cyber Protection Team, attended his first digital forensics course during the training week and applied those skills directly to the exercise the second week.
“I was able to expand my skills on digital forensics and Linux administration during my training at Cyber Shield, which allowed me to become a more valuable and interchangeable analyst,” Huff said.
The exercise also integrates Intelligence Analysts into the cyber battle space. They are responsible for threat analysis and work to link the DCO-E, law enforcement and homeland security together to develop situational awareness and develop courses of action and attribution.
For Spc. Travis Nally, an intel analyst with the 101st Main Command Post – Operational Detachment (MCP-OD), he quickly became immersed in the complexity of the cyber domain.
“I learned there are multiple layers throughout the cyber network that require certain specialties and training to be able to adequately and effectively use,” Nally said.
The knowledge gained and the lessons learned from Cyber Shield have both military and civilian practical applications. Everyone who participated from Kentucky plans to take back what they learned to their military units and civilian employers.
2nd Lt. McKinley Flint, an intelligence officer with the 198th Military Police Battalion plans to bring the knowledge of the cyber domain back to his unit.
I plan on passing on the knowledge of the cyber realm being its own distinct battlespace and try to convey the understanding that this battlespace is the future of multifaceted warfare and will likely be seen to some degree integrated into large scale combat operations.”
The Guardsmen weren’t the only Kentuckians participating in the exercise. Civilian partners like Matt Speer, with Airline Reporting Corporation, returned for his second year as a network owner. A former captain with DCO-E in the Kentucky National Guard, Speer returns to be a part of the event each year because of experience and knowledge he continues to receive from the event.
“I enjoy the challenge of advising a team on their defensive ops. Watching a team mature even over five days is great as they come together when faced with pressure and come out better trained for it,” said Speer. “As a civilian partner, I am able to keep up with current trends in the mature DoD InfoSec process. My company loves the information I bring back and we often incorporate parts into our own business processes. I am also able to fulfill my own continuing educational requirements for the year.”
Newcomer, Mike Wells, a security analyst with the Commonwealth Office of Technology learned a deeper understanding of what a cyber incident looks like and plans to take the information back to his office.
“It is a valuable experience for everyone in cybersecurity,” Wells said. “The exercise gives a more realistic look at an incident, how to respond and how an attacker may think during their attack.”
The cyber domain is a new and unique environment, and in Kentucky, Guardsmen are preparing to answer the call. Cybersecurity is a whole-team effort and throughout the commonwealth, Kentucky's DCO-E is training together so they can continue to fight as Kentuckians in future battlespace.