Cyber Guard exercise expands to whole-of-nation defense

Two key words in defining a unified national cyber defense are “operational” and “interoperable.” More than 100 organizations from government, academia, industry and the international community recently worked on developing those aspects during the fourth annual Cyber Guard exercise, from June 8 to June 26. The large-scale exercise focused on building a whole-of-nation approach to defending networks, protecting infrastructure and sharing information across established lines.

“Cyber Guard is designed to exercise the interface between the Department of Defense -- the active and Reserve and Guard components -- that are focused on the cyber mission, and to partner with other elements of the U.S. government as well as state and local authorities,” U.S. Cyber Command Commander Navy Adm. Michael S. Rogers said in a statement. 

“The greatest challenge in this exercise is, how do we build those partnerships between organizations that don’t necessarily have a common background, a common verbiage, a common set of terms, so how are we going to harness the power of governmental capacity to include our own department in defending critical infrastructure in the private sector of the United States,” Rogers said.  

The exercise took place at a Joint Staff J7 facility in Suffolk, Va., which was designed to support a wide range of military tests and exercises. 

According to a fact sheet, the Cyber Guard objectives are to:

• Improve the ability of forces to defend DOD networks, secure data and mitigate risks to missions.
• Be prepared to defend the U.S. homeland and vital interests from disruptive or destructive cyberattacks.
• Improve shared situational awareness between government agencies, the private sector and allied partners.
• Improve the ability to rapidly detect and effectively respond to a cyberattack on critical infrastructure, which requires whole-of-nation effort.
• Strengthen partnerships within government, allies and the private sector, which are vital to deter and respond to shared threats.
• Build and maintain ready Cyber Mission Force teams within DOD to conduct cyberspace operations.
• Continue efforts to build a Persistent Training Environment for cyberspace forces across the DOD, including a closed exercise network, training event planning, management and assessment, a live expert opposing force and transport layer to enable distributed participation in the environment. This Persistent Training Environment will be accessible to other U.S. government departments, allies and other partners and will set the foundation for whole-of-nation, full-spectrum cyberspace operations training

Participants included the Homeland Security Department, FBI, Federal Aviation Administration, members of The U.S. Cyber Command, Northern Command, Strategic Command, National Guard teams from 16 states, service component commands from each branch’s cyber teams, reserve personnel from Army, Navy, Marines and Air Force, private industry partners from the financial and energy sectors and three private industry information sharing and analysis centers, among others.   

Cyber Guard had three phases, each covering numerous support exercises. Phase 1 involved state and federal support for private, municipal and state owned critical infrastructure in accordance with the National Response Framework – a guide to how the nation responds to all types of disasters and emergencies – as well as defense support to civil authorities; Phase 2 tested defense support to federal agencies, and Phase 3 focused on training and certification of DOD cyber teams and joint cyber headquarters elements the fact sheet stated.

Other scenarios included training on the industrial control systems (ICS) commonly found in critical infrastructure facilities, as well as hands-on exercises in classified network environments similar to DOD and non-DOD networks, with blue teams defending friendly networks from simulated attacks from red teams.   

The addition this year of the private sector, coordinated with DHS, represents a shift from a whole-of-government approach to a whole-of-nation approach to cybersecurity and response, according to the fact sheet. That mirrors legislation recently proposed in Congress to provide legal protections and safeguards to members of the private sector that share cyber threat information with the government – something Rogers has said is the thing he wants most from Congress. Some, however, have been critical of such proposals as “surveillance by another name.”

The renewed desire to partner with the private sector comes from not only an intelligence and situational awareness perspective, but infrastructure ownership as well. “Most critical infrastructure in the United States, particularly in the information technology area, is owned by the private sector,” said Coast Guard Rear Adm. Kevin Lunday, U.S. Cyber Command’s director of training and exercises. “So we rely on them, particularly when we are responding to a major incident or attack on the private sector.”

Lunday described two critical aspects of cyber preparedness for the future of an emerging and uncertain operational domain; “The scenario we practice in Cyber Guard is not a question of if that will happen -- it’s when…And the second question is, when it happens, will we as [the] Department of Defense, we as a nation, be ready for it?” 

This as the Chairman of the Joint Chiefs of Staff recently released the National Military Strategy, which says that, at the moment, “the probability of U.S. involvement in interstate war with a major power is assessed to be low but growing” in which certain “hybrid” tactics – combining both traditional military and irregular, asymmetric approaches – are due to persist, given the advantages they can give to an adversary.