Between March 8th and 20th, 2015, the National Guard hosted an event titled 'Cyber Shield 2015' at Camp Atterbury in Edinburgh, Indiana. The event drew participation from forty-two states and territories, including members of the Army National Guard, Air National Guard, and Army Reserve. The primary objective was to train and enhance the skills of National Guard teams capable of responding to cyber threats.
The attendees were classified into three main groups: Red Teams (the attackers), Blue Teams (the defenders), and White Cell (the event coordinators). Each Blue Team was matched with a Red Team for a simulated cyber conflict on the DOD Cyber Range, a virtual and safe environment for such exercises.
As part of my state’s Computer Network Defense Team (CND-T), I had the privilege to participate in this event. Serving on a Red Team, I learned about the strategic elements of computer network attacks and applied these tactics against the Blue Team.
The event aimed to prepare the Blue Teams for different network defense scenarios. Each scenario was outlined by a pre-arranged script known as a Mission Event Synchronization List (MESL), managed by the White Cell. Blue Teams were tasked with detecting and reporting the attacks rather than preventing them, while Red Teams followed the attack script, ensuring minimal harm to the systems.
The White Cell team oversaw the exercise, logging all communications and actions that took place during each MESL. Important information exchanged between the teams was tagged using a system similar to Twitter hashtags, providing essential data for post-event reviews and summaries.
A key feature of the exercise was the opportunity to train and compete on the SANS’ Cyber City range. This 1:87 scale mini city includes various SCADA-controlled infrastructures, offering a hands-on experience of protecting critical city components from cyber attacks. I first heard about this concept on WNYC’s New Tech City and was thrilled to compete against other states. The top-performing teams were given a chance to participate in a playoff. Although I didn't qualify for the playoffs, I had the pleasure of meeting Mr. Ed Skoudis, a prominent figure in the information security community and the developer of CyberCity.
On a personal note, being part of the Red Team and engaging in simulated network attacks was an enjoyable experience. I'm looking forward to the chance of playing defense next year. I'm grateful to my state for selecting me for this event and to my civilian employer for accommodating my National Guard service commitments.