Ms. Julie LeMay – National Guard Bureau: Thank you very much, everybody. Welcome to today's media roundtable for Cyber Shield 2025. I'm Julie LeMay, chief of Media Operations for the National Guard Bureau, and I am moderating today's discussion. Some quick housekeeping: this is being recorded, and a video and a transcript will be shared online afterwards. After introductions and any opening statements, I will go through the list of media participants, giving everyone the opportunity to ask one question and one follow-up. Please keep your mics muted when not speaking. We are here for an on the record discussion regarding Cyber Shield 2025, and we appreciate if all participants focus their questions and comments on Cyber Shield only. With that said, I'm shifting things over to Lieutenant Colonel Carla Raisler with the Army National Guard. Lt. Col. Raisler, over to you, good morning, and thank you for joining us today.
Lt. Colonel Carla Raisler – National Guard Bureau: I have several participants from cyber shield. We have nine, over 900 participants here at cyber shield and 15 different state partnerships and countries that are participating. I will start this morning off by introducing Lieutenant Merchant from the Jamaica Defense Force.
Lt. Branford Merchant – Jamaica Defense Force: Hello. Good morning, everyone. I'm Lieutenant Branford Merchant from the Jamaica Defense Force. My role involves managing it and cyber operational process for my unit and for the force in general. This is JDS first year at cyber shield, and we're grateful to be partnering with the DC National Guard. We look forward to the training and just to network with everyone who is here.
Capt. Abigail Daly – Iowa Army National Guard: Good morning. My name is Captain Daley. I work for the Iowa Army National Guard as the DC OE Blue Team Lead. This is my second year at cyber shield, and I'm enjoying continuously coming to cyber shield as much as possible.
Brig. Gen. Russell McGuire – Virginia National Guard: First of all, good morning, everybody. And on behalf of General Nordhaus, our chief as well as Maj. Gen. Ring, the (Adjutant General) for the Commonwealth Virginia, welcome virtually to the State Military Reservation in beautiful Virginia Beach. I wish you could all be here in person and enjoy this great location, but we're really delighted to share and highlight some of the great things that are occurring through this partnership here at cyber shield and how we are trying to work together to better protect infrastructure globally.
Lt. Col Seth Barun – North Carolina National Guard: Morning, everybody. My name is Lieutenant Colonel Seth Barun. I am the director of cyber operations for the North Carolina National Guard. I'm also the cyber shield officer in charge of the exercise. So it's a lot of fun to work with all of our state partners, as well as the 900 participants we have from across industry, all of the compos and yeah, just really happy to be here.
Lt. Ignas Zilinskas – Lithuania Armed Forces: Hello everyone. First Lieutenant Zilinskas, Lithuanian, armed forces communication information system battalion here in this assignment. I'm leading Lithuanian part of the team. We're happy to come back the second year with the new team in this exercise.
Reporter: I would like to ask, first, could you briefly over why are we meeting here? And could you tell me about what is the cyber shield, just for the people on the street that they can understand simply, would you? Would you tell us why we are here today? Thank you.
Brig. Gen. Russell McGuire – Virginia National Guard: Yeah, absolutely. So again, this is General McGuire. What I would tell you is we just have to read the papers any day to see of cyber attacks and threats facing globally, nations and so there's constantly adversaries attempting to go after our networks, our partners networks. So what we're doing is trying to bring people from really across the globe together to determine best practices, test and train and learn from each other, to make sure we're better prepared to respond to future incidents, but more importantly, to harden our networks, to prevent adversaries from entering the networks and disrupting especially critical infrastructure in our home countries.
Lt. Col Seth Barun – North Carolina National Guard: I think the one thing I would focus on is that we can't do it alone. We have to build these partnerships. There's too many malicious actors out there, so cyber shield helps us work across the services in the United States, as well as with our foreign partners, to help build a collective defense and concentrate on building those international partnerships. So if something does happen that affects across borders, we know the right people to call, and we've worked together previously.
Lt. Ignas Zilinskas – Lithuania Armed Forces: From the Lithuanian perspective, I say we like to join this exercise because it's different. It is it is focused on observing what's happening during the day. So it's a different type of exercise, if I compare it to what we organize, we have cyber exercise called Amber mist, so that is focused on hardening of the systems. Then you don't have much time to to look what's happening in your networks and to build the story of what's happening during the day here we have that opportunity because we have that stress off the hardening activities. We still have to suggest them, provide them, but then at the end of the day is to see that the story matches of what we saw versus what actually happened. So that exercise different, and that's why, yeah, we see a lot of value to to send and rotate as many people as we can, right?
Lt. Branford Merchant – Jamaica Defense Force - As Colonel Barun said, the cyber shield provides an opportunity for us to network to you know, share ideas you know, and build that camaraderie in the same cyber domain. So what you find is that we're learning from each other where we're building that relationship. So outside of the outside of America, you can call on an international state partner, and they can provide, you know, assistance under different threat actors that may be in their domain. And you know, sharing that information and just getting that wholesome picture of the cyber landscape can help us to better counteract these threats that are emerging.
Reporter: Yeah, if I may just follow up, my understanding is that this is sort of network against a cyber attack. And if, if that's correct, I would like to also add, what is the, you know, AI development play in the cyber attack, if I may just relate this to the what's going on in LA, I just saw some reports that there are some AI produced images play in the, You know, in the social media so would you consider this as a part of your work as well? Thank you.
Brig. Gen. Russell McGuire – Virginia National Guard: Yeah so as it relates to AI, we're not going to talk about LA, we're not we're not paying attention that. That's for people at NORTHCOM. We're focusing on on cyber shield. But I'll tell you that AI has been a part of the exercise for years. So it's not uncommon. We actually have simulators to literally create messages to make the range portion more realistic. And we also always look for ways to add AI to the exercise so the actual cyber warriors are better prepared to. Face what they will actually see in a real world situation. I'm going to just turn to one of our blue team leads, Captain Daley, to see if she has any more on that perspective.
Capt. Abigail Daly – Iowa Army National Guard: So it's always interesting to see on the range what the cyber shield staff comes up with to put in to the exercise. So we're always seeing new and emerging threats that can be seen, and AI is one of them. Thank you.
Reporter: My question, my first question, piggybacks a little bit off those last two asked by my colleagues. But how is, how are these scenarios informed by, when you say you want to make it realistic and all that, how are they much are they informed by, you know, real world cyber hacking events that are you know happening to some of our European allies, for example. So where, how do you balance just things that you know happen in the real world and making up things?
Lt. Col Seth Barun – North Carolina National Guard: So everything we do is based on real world malicious actors and activity that we see. So we have a world class up for opposing forces or a red team that each year we pick a different technology area that we're going to focus on, and it gives those guys the opportunity to deep dive that particular technology area. This year, we focused on agriculture and some of the threats around agriculture and also autonomous vehicles. So we deep dive into that technology. We learn the threats around that, and then we build that into the game. Each year we do that and we pick a different sector that we focus on. Previously, we've done water and power and power and and so it gives really good training to our opposing forces, but also it lets our blue teams are our teams that are in the training environment learn about it as well, and learn how to defend that and learn about what what attacks look like. So we can be on the preventative side versus reactive side.
Lt. Ignas Zilinskas – Lithuania Armed Forces: As mentioned, it is different. We're learning the tools for for monitoring the network, and we're happy to have few more people now to learn those tools. And actually what I didn't mention of format is that we have a full week to do the learning, and then we have the full week to apply that learning in action.
Reporter: One quick follow up, and I'm a fan of the joint force, everyone's army, too. So in terms of lessons learned, if you guys could dive a little more deeper into that, in terms of what the US, you know, actually learns from some of these partner nations contributions, and then what a partner nations get out of it, other than just being here or there in Virginia Beach, are they, you know? Are they going to bring something back to their home country with a hey, this is how the Americans do it. This is maybe how we should do it. I presume that varies by country. But how do you just approach the lessons learned from the US side and from the partner nation side?
Brig. Gen. Russell McGuire – Virginia National Guard: You know, Virginia, our partner is Finland, and I had the honor of recently being in Helsinki, and as one of their generals told me, said, You know, we're a front line nation to dealing with constant cyber attacks. So what they're seeing is just tremendous lessons learned. So every time we have the opportunity to train with cyber, with Finland, I know our soldiers and airmen are getting great tactics and techniques to better prepare them what they might see at a future time. So we get a tremendous amount, but also we give a tremendous amount. There's, like, some of the partners that I've talked to this. Week, the wonderful training that was provided last week to just even that alone is sometimes challenging. We had wonderful instructors here from across the nation who brought their expertise and shared it, and quite frankly, not just our state partners, our American troops from different services, said that it's so hard with the OP tempo to have the opportunity to get these classes to go back to their units of their country with this additional training, and that's before they have a chance to meet someone like Captain Daly and her team that may have experience dealing with a particular threat that they don't have experience with. And that's how we can all bring it together, because, as Colonel Baron said a few minutes ago is that there's so many adversaries and bad actors, and we're just not at the point yet where there is so many cyber warriors protecting things, because the cost or the barrier to entry to be an adversary is so low that we're constantly having to prepare for new tactics and techniques and procedure, and that's what the benefit bring us all together.
Lt. Branford Merchant – Jamaica Defense Force - The training exercise that would have done in the first week of being here that would have helped us tremendously to gain that knowledge, exposure to different tools, different techniques, different different procedures that we can use in the cyber domain. So definitely, the exposure as heightened or knowledge or skill, or ability to, you know, detect threats, different ways in which it can be done. And that's just the beauty of being here at savashi, that combination of persons sharing the information, exposing us to different and new ways of doing things. When we go back to our country or state or wherever, some of those techniques and tactics that we've learned here, we can now employ those in our domain, and that will help us to you know better, be able to mitigate against the threats that you'll find in our domain.
Lt. Col Seth Barun – North Carolina National Guard: I think there's some Ultra talented people as part of our state partner programs. In fact, we've done two Capture the Flag competitions, and they kicked our butt in the big exercise one so far. So, you know, you look at the talent that they bring, and as they're embedded in the blue teams, our blue teams, a lot of times, we'll put some of our newer folks on those blue teams, and they learn just as much as our as our state partners and coalition partners are taken away from the exercise. So it's a really, really good opportunity to mix, mix skill sets and just different experiences.
Reporter: Just to piggyback of that. Could you maybe talk to some of the you said that you're focused on agriculture and autonomous vehicles this time. So could you maybe talk to some of the challenges or gaps identified so far, and what are you going to be taking to your leadership after this exercise?
Brig. Gen. Russell McGuire – Virginia National Guard: I can tell you, from my perspective, I prefer not to talk about the gaps we've identified as we continue to work, that we'll leave that between the exercise participants. But just more broadly, we're constantly looking where there are gaps and then going back to our leadership and our partners, both in state and out of state and across the entire DoD enterprise, and find ways to make it better so we're better prepared, because we need to make sure we have the right Manning levels and we have the right training levels, and we have the right equipment. And that's what's wonderful about this exercise, because where else could you bring almost, you know, 1000 cyber soldiers, sailors, airmen, Marines and Space Force together to figure out, what do you do? What do I do, and how can we collaborate in the joint environment to make things better in the future, and I think that's a better way to focus on instead of what the specifics are.
Reporter: Yeah, and just a quick follow up, maybe you could talk to the manning and training piece of it. Are you learning there?
Lt. Col Seth Barun – North Carolina National Guard: I'll take in particular the training piece. So we focus on we don't focus on tools as much as we focus on concepts. So because everybody has their own tools when they go back to their country or state, everybody has a different tool set. So what we're trying to train is on. Concepts and how to recognize maybe what an attack looks like, or where an attack is coming from, because a lot of the tools do similar things. They do it in different ways. But if you can understand the concepts around how a malicious actor might get into your network, or if you see some traffic in one part, where can I look to find more information, that's really what we focus on, just because of the difference in in tool sets is we go back, so from it, we also build specific training classes that focus on areas. So when we talk about, you know, this year's agriculture, previous years have been been different technologies, we do an intro to those technologies, because we don't have a lot of people from agriculture necessarily here, so we have to baseline, and that's where we can kind of fill, fill some of those gaps. And just knowledge is an introduction to that.
Lt. Ignas Zilinskas – Lithuania Armed Forces: It's one thing is the tools that we get introduced during the training week, but there's also what's happening during the Action Week, and I'm talking to other team members and seeing, you know, it's also about sharing the different kind of thinking. It's about the creativity. And you know, you see someone using the red team tool for Blue team activities. That's reverse thinking but but like it opens up for you also another level of opportunities for for for your next exercise, most probably, because you'll have to adapt that thinking, or, you know, someone using, in reverse, the blue team tools for red teaming activities. So it's also about that, like how we how we share the different thinkings and different applications of the tools that are known for
Lt. Col Seth Barun – North Carolina National Guard: We're building critical thinkers, right? That's what we're getting after is, is how to critically think through a cyber attack.
Reporter: Thank you so much for your time today, I kind of want to piggy back off of what was just asked and ask if there are any specifics that you can give on the cyber capabilities and technologies that were used in the training exercises on top of the concepts that you practiced.
Brig. Gen. Russell McGuire – Virginia National Guard: I'll just give you kind of overview, and I'll turn it over to the team. I mean, there's certainly industry standards when it comes to software, and I don't, I don't want to particularly follow a particular company, because it's not fair to the competitor of companies. But there's, there's certain software that we think we all use, whether it's open source, whether it's proprietary, but I will say, and I'm going to let the colonel Baron get into this little detour. One things that that I saw that was incredibly fascinating is what his team from North Carolina did, is they actually to help this exercise work. They created what's on his one of his soldiers literally created an OT network that actually had a John Deere tractor, as well as the ability to have pesticide sprayers. You can't go out there and buy it. So the point I'm trying to make is, can we have the professionalism and the competency and the participants to go out and create stuff that's not actually available, which all the blue teams like Captain Daly and Mark SVP partners are able to benefit from so it's actually soldiers building software that may not be available to make this exercise more success, but it came from his team, from his full time team. So let Colonel can go more into detail on that.
Lt. Col Seth Barun – North Carolina National Guard: I mean, like I said earlier, we have world class participants here, and so we don't we try not to use anything that's not open source, if it's possible, because people can take that back, regardless of, you know, the funding that's provided, you can go back and you can use those tools. But also, anything that we do, we try to either rebuild so that it becomes ours for the exercise. We build custom malware for the exercise so that, you know, it builds that critical thinking. It's not something that has been seen before. So if we build it ourselves, the blue teams have to adapt to something new that they haven't seen. And that's really the goal that we're trying to get after in this exercise. And say there are some known attacks out there, what happens if there's an unknown attack? How are you going to recognize that? So that's really we take stuff that is maybe commercially available and we adjust it for the exercise, and so that they're seeing something new almost all the time.
Reporter: How do you analyze characteristic characteristics of the latest cyber attacks by China, what measures are being taken in cooperation with allies, including Japan, to counter attacks from China?
Brig. Gen. Russell McGuire – Virginia National Guard: Thank you so much for being here and asking that question again. I'm not going to focus on any particular country. I'm just going to keep it broad. Because here's the thing, when you think a particular nation is attacking you're missing potential, other things that may be happening. So in my career, my civilian career, I'm a prosecuting attorney, and when I always tell the law enforcement that I work with when you think you know what happens by how something looks, you're probably missing what's really happening. So the point is, with cyber tax, think about this 1015, years ago, we weren't sorts of such an E commerce economy. I think 20 years ago we pretty much really starting at those those days, and obviously we did not have the robust security that we do have as a global enterprise that we do today. So what happens once they might notice your network just clicks off for a second? Is that because there's a power surge, or is it somebody got through your firewall? And so that's what the for me, the best thing is you're checking out your logs and taking every anomaly serious and not necessarily worry about, you know who it came from yet, but how is it impacting or disrupting your network, and getting to the bottom of it, and again, not looking away from that, because you just don't know what happened. And if you don't constantly conduct robust cybersecurity, and you asked about the private industry, I would say that a lot of the major companies in the United States now have their own stocks on their security operation centers, because that's that was unheard of, you know, 1015, years ago, that that's because we're such a connected world right now, and that's what it takes to constantly look for threats. But also want to hear from you know, Lin Delaney, if you did not know, one of the first state partners with the United States, going back to 1993 and so they probably have some unique insight from where they're at geographically in the world.
Lt. Ignas Zilinskas – Lithuania Armed Forces: I think there's no, no one, one pill that will work for everything. So you, as mentioned, you have to learn the concepts. You have to know the patterns, and search for patterns that there's no easy answer what to look for, because the moment we as defenders, learn something, we learn how to recognize that pattern, this will bring the adversaries to new level. They will find ways how to overcome it. So it's, you know, to have always the eyes open to to constantly being engaged in learning, because, like in these kind of exercises, we can exchange the learning and exchange those patterns that we know, but we know that next day that elevates the threat actors team level. They will come up with something new, and they will have to be the next day after even better.
Brig. Gen. Russell McGuire – Virginia National Guard: It’s that creative thinking and thinking outside the box, and that's what people that are really good at cyber they're the type of people that we're looking to bring into this formation. But Captain Daley, is anything you'd like to add?
Capt. Abigail Daly – Iowa Army National Guard: I just would like to add that it's always good to take the proactive approach to defending your network. I mean, making sure you're paying attention to your threat intelligence and just overall, just making sure you're paying attention to what's going on and you have your good fundamental IT worked out.
Lt. Col Seth Barun – North Carolina National Guard: To bring it back to the exercise, we don't just focus on one, one particular bad actor. There are multiple bad actors across the exercise so, and oftentimes we pull that from from real world bad actors that are out there. So it's not a it's there's no one particular focus. There are multiple, multiple threats that that we introduce sometimes one day will be focused on that, or it might be spread across the entire five days, but, but it's not instant. We're not focused on anyone one particular bad guy out there.
Reporter: Just when you go through the topics that you pick each year, one, how do you decide those you know do sort of have a short list, and it gets narrowed down by feasibility. Just how do you decide the specific scenarios that you're going to exercise in this year's iteration and in previous years iterations, next year's and so on.
Lt. Col Seth Barun – North Carolina National Guard: So we try to focus on a critical infrastructure sector each year. Is where we start. Some of it is feasibility. Can we do it? Some of it is, can we do it at an unclassified level? Because there are certain technologies out there that that we want to keep this exercise unclassified. We want our we want to continue to build these state partnership programs without restrictions. So we start there, and then we have discussions, and we try to mix it up, because we're trying to get exposure to new technologies. So this year, I think we started in critical manufacturing, and we through talking and just some of the the emerging technologies that we wanted to focus on, we landed on, on agriculture. You know, we're already kicking around some ideas for next year, and it really becomes, you know, because it's in a range. So can we get it into the range? Can we do it in time? Because, because most, most of our participants here are traditional guardsmen, they're one weekend a month in day soldiers. So we have to be cognizant of their free time as well as we build this. Because cyber shield is an all volunteer force, the staff that builds out the exercise. So, so some of it is time and resources, but also we want to be on the cutting edge, so any new technology we want to incorporate into our exercise, and so that's, that's how we we get the ideas, and we talk about it. We talk about what's feasible and what's, what's, you know, what's in time with what's happening in the world. And that's sort of how we we decide on.
Brig. Gen. Russell McGuire – Virginia National Guard: I want to add one piece of that too. You got to think that we have multiple states, almost every state represented here, who are also conducting exercises like this with their own states. There are regional exercises, and they're working with their emergency managers for the state to sort of realize what's the threat, what are they seeing back at back home? And they come to the meeting showing what they're getting from their emergency managers, and that just helps us pick what's right. And that goes back to the point of collaboration, and that's how we identify what is the right sector to go with each year.
Reporter: I have two questions just on different topics regarding cyber shield. One of them comes from a quote from a divots article from an Oklahoma Guardsman who emphasized the importance of training as we fight. I feel like the army recently has been really emphasizing this and talking about this. So I was curious, it also mentioned, just like how you all mentioned, you're trying to make this as realistic as possible in terms of the kinds of threats that our soldiers may face in the future. So I was curious if you could give just one or two examples of how during cyber shield, we're offering soldiers the ability to train as they fight, or just examples of making things as realistic as possible.
Brig. Gen. Russell McGuire – Virginia National Guard: The bottom line is the exercise has a network owner. Because the bottom line when you're responding to a cyber incident, it's probably not your network. And so when you're going to another person's network, another entity's network, you have to start off with a conversation about, what are the rules that you're all working on, whether that's an NDA, something like that, or also, what are the authorities they're going to give you on the network? That's just reality, what you have to do. Because I think everyone in here has been at a cyber incident response, but it's great for those new soldiers, airman, Marines and Space Force, to just have that experience like that.
Lt. Col Seth Barun – North Carolina National Guard: I think we talked tools earlier, and I want to circle back to that, because, like Joe McGuire said, when you're responding to maybe it's a state agency or a critical infrastructure partner within your own state, they may have different tools than you use, so you have to be able to use the concepts and understand concepts and then adapt those to the tools that are available to you at the time. Also, there's some unknowns that our team is going to when you show up at somebody else's network. You've got to learn that very quickly. And that is very, very similar to what we deal with on a day-to-day basis when we're doing incident response.
Lt. Ignas Zilinskas – Lithuania Armed Forces: To add on this, it's not only the tools you have to stress the thinking into how the infrastructure looks like. I mean, we say critical infrastructure. Critical infrastructure can be millions of different shapes. So it is the IT. And just want to take an opportunity also to thank because from Blue team perspective, I see it is different, comparing to what we saw last year. And you know, we had some things prepared, and we learned those didn't work.
Lt. Col Seth Barun – North Carolina National Guard: So we did our job. We did out job.
Lt. Ignas Zilinskas – Lithuania Armed Forces: So so it is also for me and for my for my team, also stretching of the thinking and and having an opportunity to be outside your comfort zone. You're in your comfort zone with Windows, Linux, okay, you get Kubernetes to explore, and some people are out of that comfort zone. And that's perfect. That's what we want.
Brig. Gen. Russell McGuire – Virginia National Guard: I'll give you an example of a sort of scenario. So we're working on an incident response, and I won't say what proprietary software the military used, but what we quick, quickly realized is we were all comfortable sharing information on this particular software. Well, the problem is our mission partner, well, they didn't have the same software. And how do you tell a mission partner, hey, you got to go out buy the software that we're using so we can all communicate. So the beauty of having all so many professionals here is because there are sometimes open source software. They were all familiar and comfortable. So finding out, and that's what the training is so important, because you rather iron this out in the training before the real-world incident occurs. So what we did, in that, in that real world response, somebody brought up an open source meeting with the network owner, we came to the conclusion that everybody was in agreement. That's the way we would communicate and work with the team so everyone can be successful on the mission.
Reporter: The other question that I had was in regards to something you had mentioned earlier. You talked about how in your previous work, you'd always mention, you know, don't make any sort of assumptions about a situation, because you might be missing things. So it kind of got me thinking in the cyber space, like, Are there any threats that we're monitoring? Whether it's a type of cyber threat or it's an adversary that you believe deserve, you know, extra attention to detail or something like that that might be missed, you know, when we look at cyber stuff with a broad sweep that we're preparing for.
Brig. Gen. Russell McGuire – Virginia National Guard: I think what the point I was trying to make is you can't take anything for granted. Like two weeks ago, who would have ever thought that 18 wheelers could be pre positioned 2000 miles into your country, and drones would go off and be a vector of an attack. And I use that as an example to say we don't know what tomorrow is going to hold in technology. Technology is constantly changing, and the critical thinking that you've heard so many of the panelists talk about is you have to be that critical thinker in what's next. What have I not thought of? What have I not prepared for? And doing that that's going to better prepare you, whatever those new attack vectors come in.
Lt. Branford Merchant – Jamaica Defense Force - Well, the new attack vectors that we'll see it the different processes and techniques that we use to to deal with those attack vectors. You know, it varies from, you know, different state partners, different countries. So what you do, you can't have one way of dealing with a particular incident. And, you know, knowing the tools is all good and fine, but if you don't have the proper procedures and techniques in place, you know, it's kind of useless. So you have to just understand the techniques and the tools that you're using. Try to cooperate with your your partners, and everybody gets on the same page in terms of the way forward. And then you just, you just try to deal with the threat actor in that manner going forward.
Lt. Colonel Carla Raisler – National Guard Bureau: Well, thank you very much. I appreciate everybody coming on the line today. Again, cyber shield is we have been conducting this exercise since 2013 It is the largest unclassified cyber defense exercise. And the Department of Defense this year, we have a record number of 15 state partners participating in the exercise, hands on keyboard. And I think that that makes us stronger when it comes to defending our nation and and defending the world.