CHEYENNE – The Wyoming National Guard partnered with the Wyoming Office of Homeland Security to participate in a Cyber Shield 2020 exercise last month. Army and Air Guard members and state employees came together for the training event to test their capabilities for real-world cyberattack scenarios.
The state of Wyoming gains a lot from this type of partnership. One of the principal responsibilities of the Wyoming Office of Homeland Security is to support local jurisdictions in times of emergency. WOHS does that through a supply of state and federal resources, and partnerships with agencies like the Wyoming National Guard allow them to be able to help the communities of Wyoming.
The event was initially supposed to take place at Camp Williams, Utah. Because of the COVID-19 pandemic, they had to re-evaluate and move the training to a virtual environment. Historically, Wyoming has sent service members to Cyber Shield exercises to augment other state and territory teams. This event was the first time Wyoming operated as an independent team, which was in response to being moved to a virtual environment.
Training like this gives everyone hands-on experience in the event they do get asked to support certain cyber defense security situations that might arise. If requested, the governor can activate the National Guard cyber defensive team. They can be called on to assist in an environment that might involve a company's critical infrastructure.
"Electrical companies, gas companies who have these large industrial control systems in their environment, we can potentially be called in to assist with that," says Chief Warrant Officer 4 Warren Burgess, the information security manager for the Wyoming Military Department. "Even though they are a private organization, because they are determined to be critical infrastructure, we can be brought in to assist."
The team kicked off the exercise with a scenario in which a company was concerned about its network. The company asked for recommendations on their security. In the process of helping the company improve its security, the team discovered a breach. They responded to that breach by helping fight whoever attacked the network, tighten it down to where it was safe again, and get the company back to business as usual.
There were several different scenarios presented to the team. These scenarios included issues like website defacement, ransomware, and phishing attacks. Website defacement can be something as simple as changing a picture to make a company look bad. Ransomware is a form of malware that encrypts files, and the hacker demands money to fix said malware. The most common type of ransomware is phishing. Phishing is when a user clicks on a phishing email attachment that could then send usernames and passwords to a hacker who now has access to that network.
But there are systems in place set up to detect these types of attacks. Firewalls, intrusion detection systems, and even just an inventory of a company's network can alert users to possible issues.
"I am working on the log analysis team. That means I am utilizing tools and an intrusion detection system to try and look for alerts that the system has was compromised," says Tech. Sgt. Angel Wiles, a cybersecurity subject matter expert and participated in the exercise virtually. "I review lots of technical data that comes through, and then I have to decipher what that means, and what's happening so that I can report it to other teams who are also helping to monitor for those things."
These tools help prevent cyberattacks on a system. If they don't stop an attack, they at least give the cyber team information they need to fight it.
There are a lot of benefits that come from a collaboration like this. Getting to know faces and getting comfortable working with each other will make it easier in the future if they are all pulled in to assist in a cyber-defense situation. The team can also learn the different ways each person does things, and perhaps learn a new, more efficient way to do something.
"I think it's good to get a lot of outside perspectives, and lots of outside feedback, to say that's one way to do it, but you could also do x, y, and z," says Wiles.
The event was also the first time the team operated jointly. No one had ever interacted with each other before. Burgess reached out to find participants from the state first, then asked the Air Guard to see if they wanted to participate. They jumped on the opportunity. The exercise brought all the IT cyber responders into a single environment to train together. Burgess hopes this is the first step to help everyone work together in the future.