PEMBROKE, N.H. — The Virginia Army National Guard’s Bowling Green-based 91st Cyber Brigade completed the process of hosting Cyber Yankee ’19 via its ShadowNet enterprise solution, a custom-built private cloud that uses VPN connectivity to provide aligned units with tailored cyber training at the individual and collective levels.
The brigade hosted the five-day exercise on the ShadowNet platform remotely at its Data Center in Fairfax, Virginia, as it was physically conducted Aug. 5-9 at the Edward Cross Training Complex in Pembroke, New Hampshire.
This marks the first time a U.S. cyber unit has hosted a large-scale, multi-state cyber exercise using an organic training platform.
“Hosting Cyber Yankee ’19 on the ShadowNet platform gave us a tremendous opportunity to demonstrate our commitment to providing world-class cyber training for our aligned units nationwide,” said Col. Adam C. Volant, commander of the 91st Cyber Brigade. “At the same time, it enabled sustained engagement between the brigade and exercise leadership at the state level, which we view as an essential ingredient in our ability to deliver infrastructure that’s purpose-built to provide the most realistic cyber training environments.”
The Cyber Yankee ’19 exercise was designed to provide Army National Guard Defensive Cyberspace Operations Elements and other Army and Air National Guard Cyber Defenders with a realistic cyber environment in which they could train to react and defend critical infrastructure against cyber-attacks. The exercise was also intended to spur the development of cyber resources within the New England area and grow partnerships across multiple levels of government and critical infrastructure. Participants in Cyber Yankee ’19 included DCOE Teams and Cyber Defenders from the six New England states, Alabama and New York.
“Hosting this exercise also allowed us to showcase some of the extraordinary capabilities of the ShadowNet enterprise solution, which represents a quantum leap forward in our ability to provide National Guard Soldiers who are trained and ready to conduct full-spectrum cyberspace operations,” Volant said. “I’d highlight its ability to leverage cutting-edge range content by making it easily replicable and distributable to aligned units nationwide through what we call the ‘Range Content as Code’ programming process.”
RCaC is a scripted infrastructure build that allows the execution of established and repeatable processes to rapidly build and rebuild infrastructure automatically and the same way every time, if desired. It also allows for the easy modification of existing scripts to offer additional scenarios or to address emerging requirements, which provides ShadowNet with a greater degree of flexibility when hosting exercises in contrast to other cyber training environments. The 91st Cyber Brigade completed the nationwide rollout of ShadowNet last month with the integration of the 125th Cyber Protection Battalion into the solution’s virtual private network.
“In New Hampshire, we see ShadowNet as a vehicle for expanding our capabilities beyond our resources,” said 1st Lt. Taylor Puksta, action officer for Cyber Yankee ’19 and OIC of the 136th Cyber Security Company’s New Hampshire rear detachment. “As the third smallest National Guard force of the 54 states and territories, we’re resource-constrained, but want to stay relevant and competitive with the bigger states. ShadowNet helps us to do this.”
“When we looked at the idea of hosting Cyber Yankee on ShadowNet, the fact that the range was easily repeatable really appealed to us,” Puksta said. “We’ve been doing this exercise for five years, but every year we’ve had to go through the processes of build-up, execute and tear-down, which has been a huge strain on New England as a whole. This is the last year we’ll ever have to do that though, because everything we’ve built for Cyber Yankee will continue to develop on ShadowNet, which will only improve our experience next year.”
During the Cyber Yankee ’19 exercise, the scenario called for adversarial “Red Teams” to launch a variety of cyber-attacks against “Blue Teams” of National Guard cyber elements who were assisting in the cyber defense of civilian industry partners. These National Guard Blue Teams were the primary training audiences for the event. Meanwhile, members of the “White Team” assessed the Blue Teams’ responses to the attacks and could adjust the pacing of the exercise for maximum training benefit.
“ShadowNet was able to host Cyber Yankee so well because it was engineered and designed and built by people who have been participating in cyber exercises for nearly a decade; it’s purpose-built for the warfighter,” said Lt. Col. Woody Groton, exercise director and chief information officer of the New Hampshire National Guard. “It came out of a development environment of close collaboration between the public and private sectors, soldiers working with contractors to provide exactly what the warfighter wanted – a product that could train an entire enterprise with the most robust architecture available.”
“The ShadowNet platform architecture was designed to be flexible and that clearly shows,” Groton said. “There’s no other technology on the market today and no other way of doing this that would’ve allowed us to pull off Cyber Yankee in the way we did it. This is the most realistic cyber exercise that has ever taken place here and it wouldn’t have been possible without ShadowNet.”
Cyber Yankee ’19 was part of a larger, all-hazards response exercise with the New Hampshire National Guard Joint Staff and the New Hampshire state government. Supporting elements were comprised of local, State and Federal government partners as well as critical infrastructure entities supported by national-level representatives. Some of those partners included Cyber Command, DHS, FBI, NH Homeland Security/Emergency Management, NH Department of IT, NH Department of Transportation, ISO New England, Eversource, Avangrid, Unitil and the Massachusetts Water Resource Authority, among others.
“Earlier this week, we had a server that one of the teams accidentally destroyed,” Puksta said. “It happens every year and we consider it part of the learning process. We don’t want participants to have to re-build servers though, that’s not why they’re here. They’re here to learn about securing and identifying attacks. We were able to rebuild it right away, restoring it to the way it was at the start of the exercise so they could continue working on the training objectives. We’ve never had that capability before.”
The Cyber Yankee ’19 exercise also served as a lead-up event for the 2020 National Level Exercise. The NLE is a congressionally-mandated national exercise executed on a periodic basis to validate progress toward achieving the level of preparedness required to respond adequately to catastrophic events.
“Going forward, the capabilities that are available through ShadowNet will allow us to host additional exercises in support of the U.S. Army National Guard and offer cyber training opportunities for units in other components,” Volant said. “In fact, the value we’re able to bring to the table with the ShadowNet solution has already facilitated new training partnerships with government, industry and academia.”
91st Cyber Brigade was activated in 2017
Activated in September of 2017, the Virginia Army National Guard’s 91st Cyber Brigade, or “Shadow Brigade” provides training and readiness oversight of all Army National Guard Cyber Protection Battalions in order to provide ready, fully resourced and proficient forces capable of conducting full-spectrum cyberspace operations in support of state and federal requirements. The brigade integrates the National Guard’s strong relationships with state and local authorities and leverages the wide palette of skill sets to be found in the brigade’s force structure, to include governmental, private sector and academia cybersecurity expertise. Operations currently supported by the 91st Cyber Brigade include Task Force-Echo, which provides critical support for U.S. Cyber Command to carry out cyberspace operations against adversaries. TF-E continues to be the largest mobilization of reserve-component forces for a Cyber unit in support of U.S. Cyber Command.
The 91st Cyber Brigade currently oversees Cyber Protection Battalions, Cyber Protection Teams, Cyber Security Companies and Cyber Warfare Companies operating in 31 of the U.S. States and Territories, with ongoing efforts to add additional states in 2019.
States in which units aligned with the 91st Cyber Brigade can be found include Alabama, Arkansas, California, Colorado, Connecticut, Georgia, Illinois, Indiana, Kentucky, Louisiana, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Nebraska, New Hampshire, New Jersey, New York, North Dakota, Ohio, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia and Wisconsin.