ARLINGTON, Va. – Just as the cyber threat has continued to evolve and grow, so too have the National Guard’s cyber teams and cyber capabilities, said Guard officials during a cyber roundtable discussion at the Pentagon.
“The cyber domain is constantly changing and it’s very dynamic,” said Air Force Brig. Gen. Jeffrey Burkett, the vice director of domestic operations with the National Guard Bureau.
That changing cyber domain also means looking differently at where cyber operators come from within the ranks.
"We tend to be very linear in our thinking sometimes,” said Air Force Col. Jori Robinson, vice commander of the Maryland Air National Guard’s 175th Wing and former commander of a cyber operations squadron and group. “You have to have a computer science degree, you have to come from a computer background and that is what makes a good cyber operator."
Turns out, said Robinson, some of the best cyber operations specialists may come from the aircraft maintenance field.
An Air Force study, she said, looked into elements that make an individual have the capacity to understand cyber networks, even if the specific computer network abilities aren’t there.
“That person over in maintenance who has been turning wrenches on a jet for the past 15 years, has the capacity and innate ability to understand networks and get a better idea, and they are turning out to make some of the most prolific and fantastic operators we have,” said Robinson.
For some Air Guard units, that comes as a benefit as missions shift and equipment changes. When the West Virginia Air National Guard’s 167th Airlift Wing transitioned from flying the C-5 Galaxy cargo aircraft to the smaller C-17 Globemaster III, that left many maintainers in limbo.
“C-17s don’t require as many maintainers as C-5s, so there was a net loss of people of force structure,” said Air Force Lt. Col. Jody W. Ogle, the director of communications and cyber programs with the West Virginia National Guard.
Using workforce development grants, many of those maintainers attended civilian education courses to retrain into the Guard’s cyber force.
“It was met with great success,” said Ogle, adding that about 50 maintainers made the switch.
Robinson echoed his sentiments.
“We’ve taken some of our maintainers and turned them into cyber operators and they are just crushing all of these classes and they are among the most sought-after folks by Cyber Command to come sit in on these teams,” she said.
Having another potential avenue to pull from is important, said Robinson, as the Maryland National Guard has a large concentration of cyber capability.
“It’s a very robust mission set in the state,” she said. “We run full spectrum operations for Cyber Command and 24th Air Force as well as on the Army side.”
That capability means filling a variety of roles.
“In the National Guard our core missions are one, fight America’s wars, two, secure the homeland and, three, build partnerships,” Burkett said. “We support the warfight by building fully integrated National Guard cyber units into operational federal missions. [We] protect the homeland by providing highly-trained cyber forces available to support mission-partner requirements.”
Those mission-partner requirements often focus on working with state and local agencies to assess and identify potential security risks in their networks.
“We provide vulnerability assessments, we’ll do some mission assurance, predominantly with the government agencies,” said Robinson, adding that Maryland Guard cyber units assisted the Maryland Board of Elections during recent elections in the state.
“We were called in pretty early with the Maryland Board of Elections just to have a conversation,” she said. “We provided a lot of lead up information, a lot of policy review and should they have needed it we were available going into the elections to do more over-the-shoulder monitoring [for potential cyber threats] for them.”
Robinson stressed, the cyber teams were strictly hands-off when it came to using computer hardware.
“We were very clear from the beginning that we were not going to be hands-on-keyboard,” she said. “The Board of Elections felt they had a strong handle on what was happening on the networks on Election Day.”
The Maryland Guard cyber units were able to easily integrate because of partnerships built between the Guard and those local agencies, stated Robinson.
Those partnerships are important.
“We learn a lot from our partners,” said Burkett. “We don’t necessarily have all the answers.”
For the Maryland Guard cyber units, one of the most beneficial partnerships has been an international one.
Since 1993 the Maryland Guard has been partnered with Estonia as part of the Department of Defense’s State Partnership Program, which pairs National Guard elements with partner nations worldwide. Since 2007, that partnership has included a strong cyber component, said Robinson.
That year saw Estonia suffered a massive hack to its computer infrastructure.
“What Estonia brings to the United States is quite fascinating because of the hack that happened in 2007, what it did to their critical infrastructure and their ability and how Estonia responded following that,” said Robinson.
The result was a total redo of network systems.
“They completely revamped their network system and how they do all online transactions,” said Robinson. “It’s a fascinating study in how you can add additional layers of encryption, additional layers of protection to everything that is online.”
It makes for a unique system, Robinson said.
”We’re learning a lot from them from that perspective,” she said, adding that cyber operations have been integrated into training exercises conducted with Estonian forces, including a large-scale training exercise in 2017 that incorporated both flying and cyber missions.
“We created an exercise where a massive attack, a piece of malware, had found its way on to the Estonian air base,” Robinson said, referring to the cyber portion of the exercise. From there, the exercise simulated the malware getting onto the computers used for maintenance of the A-10 Thunderbolt II aircraft that were used for the flying portion of the exercise.
The cyber operators had to respond quickly, said Robinson, just as if it were a real-world attack. And, it was both Estonian and Maryland Guard cyber elements responding.
“We worked side by side,” she said. “It was a fantastic exercise that we’re looking at expanding in 2020.”
Those exercises, and partnerships, only expand the Guard’s cyber capabilities, said Burkett.
“Learning and building those relationship and partnerships is what the National Guard does naturally,” he said, adding that’s critical as the cyber threat continues to evolve.
“There is nothing that cannot be hacked,” he said. “We are dependent upon our cyber infrastructure for critical systems to support our way of life. As long as we are dependent upon those systems, we are going to have to defend them.”