Maryland ANG first to certify cyber protection team on live network
MIDDLE RIVER, Md. (AFNS) -- Members of the Maryland Air National Guard’s 275th Cyberspace Operations Squadron recently became the first cyber operators in the Air National Guard to certify a Cyber Protection Team using their weapon system on a live base network during real-world missions.
As a part of the U.S. military’s Cyber Mission Force, CPTs are defensive in nature. These teams were created to hunt existing network threats and defend against attacks by finding and mitigating potential vulnerabilities in critical infrastructure, systems or platforms.
“We operate the cyber vulnerability assessment hunter weapon system,” said Capt. Ashley Oates, 275th COS flight commander and mission element lead for the certification event. “It is a toolkit that does exactly what it says, in that it is a vulnerability assessment toolkit that has capabilities for both network analysis and host analysis.”
Typically, the process for certification of a CPT is completed entirely in a virtual environment where tasks are controlled, and the flow of information received by operators is manufactured. By certifying on a live DoD network, the operators could perform the certification tasks using real-time data.
“What was so important for this certification event is that we were exposed to real-life patterns that we don’t get in a typical training environment,” Oates said. “The training environment can replicate real life but when you’re on a network that is connected to people operating on it and performing their day-to-day operations, we are able to see exactly what is going on in a specific time span.”
According to Oates, during this certification event, her Airmen were able to see both “human-to-human information flow” and any “machine interaction” occurring on the network, which helped her team develop better tactics, techniques and procedures.
“It’s just like looking at Interstate 95. You can tell when there is a backup and when it is smooth sailing,” Oates said. “That is what we could see on the network, we could see if there was a bottleneck in the data flow and having that natural occurrence of data flow gave us the ability to learn something new every time we were on it.”
For cyberspace operation groups in the ANG, the 119th Cyberspace Operations Group from the Tennessee ANG is the tasking authority for CPTs to initiate a certification event.
“When it comes to certifying a CPT, the idea is to organize one mission element and run through the certification process,” Oates said. “CYBERCOM outlines the requirements for certification and once the team has met all standards, they can actually preform the function of a CPT.”
In total, a CPT tests itself through a gauntlet of tasks that measures their ability to perform the core tasks of a high-functioning cyber team: hunting, enabling, hardening, and assessing.
“We are tested on 53 joint mission essential tasks that have to be met for us to become a certified cyber protection team,” Oates said. “Starting with the tasking authority, you have to partner with external agencies to ensure success during a certification event. You need to know who to work with at higher headquarters and actively engage with internal partners for support during the event.”
In addition to the 119th COG, the 275th COS worked with multiple partners to ensure that the certification event was successful.
“The 275th Operations Support Squadron and the 175th Communications Flight were an integral part to the team’s success throughout this certification event,” Oates said. “The 275th OSS were our validators during this event and ensured we were completing the certification tasks correctly. The 175th Communications Flight provided communications support and made sure that we had a thorough understanding of the communications infrastructure for the base locally.”
According to Col. Jason Barrass, 175th COG deputy commander, it was a challenging task for the Airmen of the 275th COS to effectively plan out.
“To get this done, they created all of the memorandums of agreement and received the appropriate authorization through the National Guard Bureau, the 299th NOSC [Network Operations Squadron], and our communications flight,” Barrass said. “With all of that in place, they partnered with those entities to look at one specific area on base and their network and essentially demonstrated their ability to do some of their critical missions skills live on the network.”
Together, the 275th COS and its partners worked, and the squadron certified a CPT so that they could now utilize their weapon system and assist during a real-world deployment.
“Now that we have certified as a CPT and we are in our window for activation, we are excited to be able to go out and execute the mission that we are trained to do,” Oates said.