GRAFENWOEHR, Germany – There's a good chance you've never heard of a Cyber Protection Team, but if you've encountered one in a training exercise, there's an even better chance that they ruined your day.
This year the 301st and the 172nd Cyber Protection Teams are here at Grafenwoehr to apply their craft to sharpen the defensive measures of units fielded for Saber Guardian 19.
Their goal is to create chaos by accessing the network and either disabling it or stealing classified information and using it against the units involved in the exercise.
In previous years the cyber threat has been notional and offered little training value beyond reminding commanders to consider cyber threats when planning and executing their missions. This year, that came to an end.
"We were asked by U.S. Army Europe to come and red team for them," said Capt. Joe McNerney, battle captain for the 301st CPT. "This is the first time cyber threats are simulated. In the past they were white cards so this is much more realistic and adds greater training value."
According to McNerney, the red team, or enemy training script, simulates an insider threat, or a friendly agent with access to the network.
While the 172nd is made up of units from Indiana, Michigan and Ohio, all of the Soldiers and Airmen here are from Michigan. The 301st is an Air Force unit led by Lt. Col. John Brady and is based at the Battle Creek Air National Guard Base while the Soldiers in the 172nd hail from Joint Force Headquarters in Lansing and are led by Lt. Col. Robert Maciolek.
To make things even more interesting, some of the members of the 172nd are in Wiesbaden working to defend the network from the team in Grafenwoehr.
"They're people we work with on a daily basis so we want to beat them," said Sgt. Brian Stevens, an information technology specialist from Detroit. "We have to make them feel pain at some level."
The primary role for both units during a deployment is defensive cyber operations, which is more in line with what the personnel in Wiesbaden are doing, but there is always value in conducting cyber threat emulation.
"If the unit deploys with 40 personnel, five will spend all of their time conducting CTE on our own system in order to detect and mitigate weaknesses," said Brady.
At the end of the exercise, the team will provide a comprehensive list of vulnerabilities in the network, protocol and processes and a full remediation plan in order for units to make the system more resistant to cyber attacks. The goal is for units to address any issues and make it harder for the "bad guys" to gain access next year.
Saber Guardian 19 is an exercise co-led by the Romanian Joint Force Command and U.S. Army Europe, taking place from June 3 - 24 at various locations in Bulgaria, Hungary and Romania. SG19 is designed to improve the integration of multinational combat forces.