Photo By John Hughel | Oregon Air National Guard Staff Sgt. Dylan Riggs, assigned to the 173rd Fighter Wing,...... read more read more
Subscribe
VIRGINIA BEACH, Va. – Oregon Citizen-Soldiers and Airmen travel from ‘coast to coast’ during the annual Cyber Shield exercise held at the Virginia National Guard State Military Reservation from May 31 to June 13, 2025. They were among nearly 900 soldiers, airmen, sailors, guardians, and Department of Defense civilian cyber professionals – encompassing participants from 42 U.S. States and territories, as well as 15 State Partnership Program nations.
Over a two-week period of concentrated training and readiness drills, skilled cyber operations specialists from the U.S. military sharpened their defensive cyber capabilities while enhancing their incident response capacities for internal computer networks, working alongside industry and other government partners.
In his opening remarks during International Partners Distinguished Visitors Day, Army Brig. Gen. Russell McGuire, Cyber Shield Director, emphasized the need to defend against critical infrastructure threats while strengthening industry and international partnerships.
“We all know that our critical infrastructure around the globe can be hacked and shut down. The concern is, from a military perspective, that we think it is easy to leave the United States and then project power overseas – but what if all of our critical infrastructure is down?” McGuire said, describing homeland defense vulnerabilities. “We rely on our civilian air transportation, our civilian rail transportation, especially since we saw what happened with the Colonial Pipeline.”
In referencing the Colonial Pipeline, which transports gasoline, jet fuel, and diesel from Texas to New York, McGuire emphasized that a ransomware attack on May 7, 2021, triggered widespread panic and significantly disrupted fuel supplies throughout the Eastern United States. This incident had a direct impact on multiple U.S. federal government agencies.
“I remember there was a gas line that was like a mile long, but the ransomware attack was solved pretty quickly. It was the I.O. [Information Operations] component that made everybody run to get gas,” he said, recounting the after-effects that followed. “It can have a substantial disruption to both our military and our economy, and doesn't stop after the initial attack…and that’s why these types of exercises are so important.”
By utilizing real-world scenarios for development, training, and simulation, Cyber Shield stands as the longest-running and largest recurring unclassified interagency and joint national-level exercise. In this year’s iteration, the Oregon National Guard coordinated soldiers, airmen, and members from their State Partnership Program with Vietnam to collaborate in computer network defense and incident response.
“I was really excited by the notion of the cyber fight and where the conflicts of the future were going to be fought,” said 1st Lt. Kyle McCullough, representing Oregon’s Enclave 26 during this year's exercise. “Before coming to this year's exercise, some of our members had been taking coursework for a couple of months to obtain advanced certification.”
The Cyber Shield exercise has two phases: the first provides critical cyber skills training for military, government, and private sector participants, while the second challenges them to defend networks against cyber-attacks on vulnerable infrastructure.
With 12 years of military experience, McCullough transitioned his career from the medical field to cyber operations when he was working in clinical research at a small hospital in Bend, Oregon.
“As I got more and more involved in analytics, more of the tech people took me under their wing and asked me if I wanted to start learning about sequel databases,” he said, recalling his newfound interest in cyber development. “I was so impressed with the upward mobility and the various opportunities that IT (information technology) as a career field offered.”
For McCullough, the learning curve has continued to develop his skills, fostering greater confidence in himself and positioning him as a valuable leader within the team.
“I was learning at such a breakneck speed and trying to get to know as much as possible last year here for Cyber Shield,” he said. “This year, I finally got my sea legs, and watching our team work so well together has been impressive.”
This includes having the Army and Air Force working together in hands-on situations, both face-to-face in the same enclave, while solving network threats in real-time.
“Every single time they access a system of ours, they are using a similar mechanism or similar techniques starting with the same basic box,” McCullough said, during the second day of the exercise. “Whether that’s conducting recon or things that are public-facing or performing different types of scans on a network, they are just looking for little clues to get their first little bit of access, and it blooms from there.”
Taking the fight from the actual battlefield to the cyber realm, Army National Guard Sgt. Ryan Garner has benefited from the two weeks of instruction. The former infantryman said that Cyber Shield has helped him prepare for future large-scale cyber incidents.
“This is my real first taste of working in cyber at this level,” he said. “It's a learning experience for everyone. It’s one of those things that if we couldn’t do this, I don’t think a lot of people in the guard would improve their skills.”
Garner noted that many similarities exist in the detection of cyber-attacks used in this exercise scenario, using the agricultural industry, and how it helps to be part of a team to identify these threats.
“They are going to use similar base frameworks when it comes to how they have their computer systems laid out,” Garner said, detailing how commercial and military systems can be integrated. “I’ve kind of been thrown fire – but at the end of the day, you’re doing something individually, that adds to the collective and accomplishes the mission.”
Many of the exercise scenarios are different from what military members typically encounter at their home units. By collaborating with diverse partners during the exercise, they can implement best practices and address real-time issues while participating in Cyber Shield.
“The camaraderie has been good for me. I brought a lot of new members from the base with me this year, and they have integrated well,” said Air National Guard Master Sgt. Michael Stevens, assigned to the 173rd Fighter Wing Communication Squadron at Klamath Falls, Oregon. “We know that in any exercise that attacks are coming in that will challenge our current skill levels, but that’s why we're here.”
Initially, Stevens was a team lead, making sure his crew had good communication, had all the right files and assets in place, and… “Getting the right people in the right seats.”
“As the exercise progressed, I’ve moved over to forensics, analyzing files, actually using the process we have to go look at the remote systems and see changes, along with the history in the files, and what was done,” he said.
The work can be tedious and takes diligence, often involving several members of the team to work through.
“Having just finished looking at some files, it took us a couple of hours and multiple sets of people to actually find it, but the adversary enabled a remote code execution, and they’d used our domain control to do so,” Stevens explained. “It took time to find where the files had been hidden…every step reinvigorates you to go a little further until you get there and detect a pattern.”
Combating the ‘Red Team’ adversary tests the proficiency of how well the ‘Blue Team’ can work together to find these issues. Having the Vietnam members only strengthened these warfighting capabilities, while also employing the Linux ‘Security Onion' distribution platform for security monitoring and log management.
“To me, honest, our (Oregon) Blue Team has done a great job of monitoring their Security Onion, finding alerts that we’re popping up on their side for the actions we are taking,” said Oregon Army National Guard Chief Warrant Officer 2 William Hanson, assigned to the Red Team for this year’s exercise. “We're employing different types of attacks that an adversary would perform. In this case, we are doing Operational Technology when it comes to farming in an agricultural setting.”
Working on his fifth Cyber Shield exercise, Hanson has operated from both the Red and Blue Teams' perspectives. He said that having a diverse team for this exercise has been advantageous both with staffing and getting various perspectives.
“Having the 173rd here is basically a force multiplier with so many of our normal members on other real-world assignments. So, having those augmentees from the Air Force has been a godsend,” he said. “These are great exercises to be part of…we get to know each other when tested in this kind of environment.”
As the exercise approached its culmination during the final days of the operation, Hanson stated that gaining control of a drone used by farmers for testing plant chemical balances would effectively evaluate the team's response to the Red Team's acquisition of their equipment.
“This one last test is great because there are literally actors out there trying to get hold of different devices. When it comes to our critical infrastructure, controlling food, water, and electricity is imperative.” He said. “Practicing these skill sets is critical to our country and helping our citizens.”
| Date Taken: | 06.13.2025 |
| Date Posted: | 06.13.2025 23:34 |
| Story ID: | 500632 |
| Location: | VIRGINIA BEACH, VIRGINIA, US |
| Web Views: | 99 |
| Downloads: | 0 |
This work, Oregon Guardsmen sharpen skills and strengthen partnerships during Cyber Shield Exercise 2025, by John Hughel, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
No keywords found.
