Chief Warrant Officer 2 Adam Johnston, of the Colorado National Guard's Defensive Cyber Operations Element, provides a briefing to the Joint Task Force - Centennial, about what the Vital Connection cyber exercise tests for and the overall process, at the Regis University training center in Greenwood Village, Colo., Feb. 12, 2017. (U.S. Air National Guard Photo by Maj. Darin Overstreet) (Photo by Maj. Darin Overstreet)
Greenwood Village, Colorado —
A cyber-attack is invisible, can be undeterred by boundaries, and extremely dangerous. The possibilities for damage are endless. Attacks can range from small annoyances to catastrophic damage to loss of life and property.
Cyber security is the protection of computers, networks, programs and data from unintended or unauthorized access, change or destruction. It has been a concern for Colorado National Guard leadership, proactively defending against potential vulnerabilities, since the late 1990s for Y2K.
U.S. Army Lt. Col. Rhodes is the commander of Cyber Protection Team 174 and the Defensive Cyber Operations Element of the Colorado Army National Guard. He is recruiting personnel to fill positions in both units.
One of 10 teams across the U.S., CPT 174 is a 39-person National Guard element, shared with Utah, North Dakota, and South Dakota. Colorado is home to the command headquarters and the inspection team. “Our stated mission is to be the first military responder for major cyber incidents in FEMA [Federal Emergency Management Agency] Region 8,” Rhodes said. “Teams from each area can act as attackers, defenders, inspectors or hunters who seek out the threat.”
The DCOE team defends against local attacks on Department of Defense networks supporting CONG Soldiers and Airmen. The governor can also call upon the 10-person team to assist with defensive cyber operations during an incident affecting the state, when civilian assets are unavailable or exhausted.
Rhodes emphasized how partnerships are important to cyber programs.
“We work with groups that are in charge of important organizations and infrastructure,” Rhodes said. “Some organizations only think of cyber protection when they experience a significant problem or breach. We want a secure community that is leading the way.”
For example, the CONG participated in a cyber security exercise with Regis University Feb. 11-12, 2017, at the Regis campus in Greenwood Village, Colorado.
The exercise, which increased interagency coordination efforts, involved a critical infrastructure protection scenario, where one of the state’s 1,738 dams experienced a malicious cyber-attack.
The players divided into two teams; one team acted as the hackers and the other defended against attacks. During the afternoon, the teams switched roles, so that they could experience both perspectives. The teams included instructors and students from Regis University, CONG information technology specialists, employees of private and public companies, and industry experts who provided guidance along the way.
“The realistic exercise made it clear that this is something that could potentially happen,” said U.S. Air Force Tech. Sgt. Shugg, an information technology specialist from the Colorado Air National Guard’s 233rd Space Group. “It gave us the perspective of the attacker, which is very important when trying to defend a system.”
U.S. Army Lt. Col. Martinez, the CONG director of joint IT and communications, emphasized how important trust is for those within the industry.
“This was a great opportunity for us to build relationships, because IT is all about trust; you have to trust someone before you are going to allow them to do anything on your network,” he said. “This exercise allows the partner organizations to build that trust.”
Mr. Clark, an IT manager at Northern Water in Berthoud, Colorado, said he participated in the exercise so that he can contribute to the betterment of his organization’s cyber security plan. ”The scenarios were very educational,” he said.
Rhodes said, “It’s an extremely rewarding experience to work in cyber for the military. If you come to cyber, you will get significant professional certifications and experience, making you extremely marketable, and you get to work in the cutting edge of the industry.”
“We’ve had people come to us from unexpected fields — Special Forces, aviators, etc.,” U.S. Army Chief Warrant Officer 2 Cobert said. Cobert, a DCOE member, was a key CONG cyber planner for the exercise. “They want to be involved with IT. They want to go to a whole new realm of training and experience and be a vital aspect of our security.”
“Every day people connect more things to the internet. Every day we’re creating more vectors, more surfaces, more opportunities for bad guys to do bad things,” Rhodes said.
“The Guard has always been a force multiplier,” he said. “Our traditional [cyber operations] Soldiers bring a great deal of industry understanding and perspective to the fight. That experience engenders trust with our partner agencies.”
According to Forbes.com, more than a million cyber-related jobs will remain unfilled by the year 2020.
“We need more people in this field; the Guard is a great place to get a start,” Rhodes said. “Our members become so much more marketable within the civilian sector; that’s just one advantage of being on a National Guard cyber team.”