KINGSTON, N.Y. – New York Army National Guard Soldiers with Cyber Protection Team 173 sharpened their skills defending critical infrastructure from digital threats during a simulated cyber battle.
“Our computer is our weapons system,” explained Maj. Corbin Lounsbury, the commander of the New York and New Jersey National Guard’s Cyber Protection Team 173, or CPT 173 for short.
From Feb. 23-26, the CPT Soldiers fought an online campaign against a simulated “threat actor” who executed a blended cyber operation against an electrical utility.
The Soldiers were physically located at the Kingston Armory, but their battle took place inside the U.S. Cyber Command’s Persistent Cyber Training Environment. This is a national-level computer simulation that replicates the challenges a CPT Soldier faces.
“The system can be programmed to provide cyber-Soldiers with varying threat levels, adversaries and scenarios,” Lounsbury explained.
The scenario was built around a classic attack against a computer network, said Maj. William Mackey, the officer in charge of the New York National Guard’s Joint Force Headquarters’ Defense Cyber Operations Element.
In the exercise scenario, the attackers conducted “reconnaissance” by identifying security weaknesses in the computer network and stole user logins and passwords in an operation known as “credential harvesting”, Mackey said.
That information was then used to gain access to the computer and shut down key systems, he added. The mission for CPT 173 was to determine how the “bad actor” got into the system, close those holes in the defenses, find the malware – in the case “ransomware” – and end the threat, Mackey said.
The members of Lounsbury’s Cyber Protection Team also were joined by the Division of Military and Naval Affairs Critical Infrastructure Response Team and the Defensive Cyber Operation Element in battling the simulated threat.
Thirty-four Soldiers took part in the exercise.
Ransomware is software that is placed on a system to shut it down. The hackers offer to remove the software once money – the ransom – is paid.
According to the FBI, in 2024, there were 3,156 ransomware attacks against American businesses and individuals, costing more than $12 billion.
Healthcare organizations have been especially susceptible to these attacks, according to the FBI’s Internet Crime Report for 2024, but utilities – charged with providing electricity, water and natural gas to hundreds of thousands of households – are also a concern.
A likely mission for a National Guard CPT is to help local governments and critical infrastructure companies counter these threats, Lounsbury said.
Fortunately, most of the CPT 173 members work in the computer security field in their civilian jobs, he said. As Guardsmen have always done, they use their civilian skills to further the mission.
Lounsbury, for example, has worked for General Dynamics in network protection since 2018.
TV and movies portray cyber experts defending a computer system by feel and instinct. But in real life, everything is much more methodical, Lounsbury said
Just as any other unit would when given a mission, the CPT 173 leaders spent two days using the Military Decision-Making Process and the Joint Planning Process to plan their response to the threat, Lounsbury said.
The CPT Soldiers determine how to counter a computer threat and then help the threatened firm’s computer technicians make the right moves, he said.
“Actions are very planned and very deliberate, and nothing is done without approval,” he said. “There are a lot of reporting and tracking processes we need to follow.”
Along with the specialized hardware and software installed on their computers, the CPT Soldiers also have access to a portable server kit that includes a collection of devices loaded with incident response tools.
The Soldiers can use these to identify and neutralize the threats to a network, he explained. The mission normally breaks down into “hunt the threat, clear out the adversary, then harden the system against further attacks,” Lounsbury said.
The 173 Soldiers were very successful in countering the cyberattack during the exercise, Mackey said.
The team determined which actions the simulated attacker took, found the malware and then “hardened” the network defenses and set up a system to monitor for further attacks, Mackey said.
This was the first time a National Guard cyber unit conducted this type of simulation exercise, and they still wrapped up their mission a half-day earlier than expected, Mackey said.