Warfield Air National Guard Base -- Members of the 275th Cyberspace Operations Squadron, Maryland Air National Guard, conducted one of the first-ever enduring defensive cyber training missions in a Title 32 mobilization status on an installation’s network, at Warfield Air National Guard Base, Maryland, Nov. 16-19, 2021.
“This training is a very unique opportunity and it is the first that the Air National Guard has been able to do in a sustained and recurring process,'' explains U.S. Air Force Maj. Eric Burdon, director of operations for the 275th COS. “That was our first iteration of this new program and we look forward to conducting more of these events in the future.”
The training was conducted on the 175th Wing’s non-classified internet protocol router network, or NIPRnet, in order to branch out from the usual scripted training scenarios and discover what the team was capable of when given unplanned scenarios. This resembles what could potentially be tasked on a real mission while in a Title 10 status, which typically authorizes federal active-duty military service under the president in support of national defense.
While mission-type training often requires a Title 10 status due to the necessity of additional authorities, the unscripted and real-world nature of the 275th COS’ training allowed Airmen to be in a Title 32 status without the need for additional authorities to execute. This places Guard members in a mobilized status under the authority of the state’s governor and allows for the training to be conducted completely internally which enables more flexibility.
The team focused on a hunt mission type involving searching for anomalous activity and unusual behavior and determining whether there was a misconfiguration or a genuine threat to further identify and remove.
“It gives Airmen an opportunity to coordinate with mission partners, which they could be doing in a real-world environment too,” said Burdon. “That command and control function, as well as actual tactile work on the keyboard, is a huge benefit. It is not an easy task, so it was a great opportunity for them to flex that muscle.”
During the training mission, the team collected and analyzed over 1.7 terabytes of data across 161 NIPRNet client and networking systems over a 96-hour period. As well, the team discovered 121 unique installed applications, 526 unique hashes from 51 entry locations, and 4,640 unique file paths of running processes in the notional environment.
The defensive cyber mission provided an opportunity to develop, train and exercise internal cyber defense on the base NIPRnet and was the first of this type of training to ever be conducted by the National Guard. Missions like this open the National Guard to better, more comprehensive training which will result in a more prepared cyber force for the future.
“I am immensely proud of our men and women in the 275th Cyberspace Operations Squadron and all the great work they do,” said U.S. Air Force Brig. Gen. Jori Robinson, commander of the 175th Wing, MDANG. “They continue to amaze me with each new milestone they surpass. This is another example of our Airmen leading the way in multi-domain operations.”