Maryland Soldiers train with DoD partners and allies at CYBER FLAG 22

Photo By Sgt. Thomas Lamb | U.S. Army 1st Lt. Briana Harvey, team lead for CPT 169, Maryland Army National Guard,...... read more read more

Photo By Sgt. Thomas Lamb | U.S. Army 1st Lt. Briana Harvey, team lead for CPT 169, Maryland Army National Guard, during CYBER FLAG 22, assists another soldier with a computer issue at the Laurel Readiness Center in Laurel, Md., during CYBER FLAG 22, July 25, 2022. Cyber Flag 22 is an annual U.S. Cyber Command training event that is designed to strengthen partnerships, improve the defensive skills, and enhance the readiness and collaboration of the participating cyber operators. (U.S. Army National Guard photo by Sgt. Tom Lamb)  see less | View Image Page

LAUREL, MD, UNITED STATES

07.25.2022

Story by Sgt. Thomas Lamb 

29th Mobile Public Affairs Detachment

✔ ✗ Subscribe

7

LAUREL, Md. - Maryland Army National Guard Soldiers participated in an international cyber event at the Laurel Readiness Center, July 18-29, 2022.

Members of the 169th Cyber Protection Team honed their skills to identify and respond to malicious online attacks while working with international and interagency partners from Canada, the United Kingdom, the U.S. Department of Energy, U.S. Air Force Cyber Command, and U.S. Coast Guard Cyber Command.

Cyber Flag 22 is an annual U.S. Cyber Command training event that is designed to strengthen partnerships, improve the defensive skills, and enhance the readiness and collaboration of the participating cyber operators.

CPTs provide surge support to U.S. Army Cyber Command when mobilized for federal active duty and support defensive cyberspace operations like the ones simulated in the exercise.

“[During the exercise] we're helping a system owner perform defensive actions,” said U.S. Army 1st Lt. Briana Harvey, the team lead for CPT 169. “Which include hunt, clear, enable hardening and assessing the system owners network. We are there to provide recommendations for them based on the scenario and injects that we're seeing from CYBERCOM.”

Incident response plans are integral to a Cyber Protection Team’s operation. They give every member of a team a specific job to quickly and safely mitigate a cyberattack. The ability to hunt for the malware, clear it out of the system, harden the system, and assess after the fact are core parts of their operation.

For Cyber Flag 22, Chief Warrant Officer 3 Keith Roberson, a security operations center engineer, was working in the hunt section.

“When we get alerts or a bunch of false positives, I tune up our [network environment] so we can eliminate that noise,” said Roberson. “That makes it easier for our guys to see the bad things that are happening in our network.”

The more experienced Robinson provided support and guidance for newer members of the team like Spc. Joe Wolf-Pitts.

“Exercises like this, where you really get to see traffic in the wild, like internet traffic; bad traffic and good traffic are really helpful,” said Wolf-Pitts. “I can examine it without the fear that it's actually really hurting something.”

Exercises like Cyber Flag are important because they are a safe place to learn, which allows for faster response times in the event of a real incident.

A Soldier in the hunt section is the first line of defense. They monitor network activity to look for potentially dangerous information. After finding malicious code a second team comes in to clear it off the network. Enabling hardening is the third step in incident response. Hardening is the process of writing new rules for your network to stop malicious activity from happening in the future.

“Downloading executable files from the internet is not authorized on our network,” said Roberson. “I'll write an alert that will trigger on that saying that you downloaded this. So we need to go and investigate.”

Finally, the cyber protection team can assess how effective their measures were. In this step the CPT can circle back and figure out how to improve in the future. They can assess the situation making sure that the adversary can't use that same route to get back in and drop those kinds of persistence or malicious cyber activity said Roberson.

Citizens-Soldiers supporting CPT missions are uniquely ready because many work within the information technology career field or have cutting-edge cyber defense capabilities from their civilian jobs. Still, there is always something to learn when you work together with other partners.

“This is important because it's giving us a chance to get hands-on keyboard with a network against a live adversary,” said Harvey. “We're actually getting time to test out our tactics, techniques and procedures, develop our SOP, participate in the exercise and get ready for the potential real world incident responses.”

More than 275 cyber professionals from across the Defense Department, U.S. federal agencies, and allied nations competed against a robust and dynamic opposing forces comprised of over 60 Red Team operators from the United Kingdom and United States in Cyber Flag 22. The defensive cyber exercise, which provides realistic “hands on-keyboard training” against the activities of malicious cyber actors, is designed to enhance readiness and interoperability within the participating teams.