Warfield Air National Guard Base at Martin State Airport, Md. -- Members of the Maryland Air National Guard’s 275th Cyberspace Operations Squadron recently became the first cyber operators in the Air National Guard to certify a Cyber Protection Team using their weapon system on a live base network during real-world missions.
As a part of the U.S. military’s Cyber Mission Force, CPTs are defensive in nature. These teams were created to hunt existing network threats and defend against attacks by finding and mitigating potential vulnerabilities in critical infrastructure, systems, or platforms.
“We operate the cyber vulnerability assessment hunter weapon system,” said U.S. Air Force Capt. Ashley Oates, 275th Cyberspace Operations Squadron flight commander and the mission element lead for the certification event. “It is a toolkit that does exactly what it says, in that it is a vulnerability assessment toolkit that has capabilities for both network analysis and host analysis.”
Typically, the process for certification of a CPT is completed entirely in a virtual environment where tasks are controlled and the flow of information received by operators is manufactured. By certifying on a live DoD network, the operators could perform the certification tasks using real-time data.
“What was so important for this certification event is that we were exposed to real-life patterns that we don’t get in a typical training environment,” said Oates. “The training environment can replicate real life but when you’re on a network that is connected to people operating on it and performing their day-to-day operations, we are able to see exactly what is going on in a specific time span.”
According to Oates, during this certification event, her Airmen were able to see both “human-to-human information flow” and any “machine interaction” occurring on the network, which helped her team develop better tactics, techniques, and procedures.
“It’s just like looking at Interstate 95. You can tell when there is a backup and when it is smooth sailing,” said Oates. “That is what we could see on the network, we could see if there was a bottleneck in the data flow, and having that natural occurrence of data flow gave us the ability to learn something new every time we were on it.”
For cyberspace operation groups in the Air National Guard, the 119th Cyberspace Operations Group from the Tennessee Air National Guard is the tasking authority for CPTs to initiate a certification event.
“When it comes to certifying a CPT, the idea is to organize one mission element and run through the certification process,” said Oates. “CYBERCOM outlines the requirements for certification and once the team has met all standards, they can actually preform the function of a CPT.”
In total, a CPT tests itself through a gauntlet of tasks that measures their ability to perform the core tasks of a high-functioning cyber team: hunting, enabling, hardening, and assessing.
“We are tested on 53 joint mission essential tasks that have to be met for us to become a certified cyber protection team,” said Oates. “Starting with the tasking authority, you have to partner with external agencies to ensure success during a certification event. You need to know who to work with at higher headquarters and actively engage with internal partners for support during the event.”
In addition to the 119th COG, the 275th COS worked with multiple partners to ensure that the certification event was successful.
“The 275th Operations Support Squadron and the 175th Communications Flight were an integral part to the team’s success throughout this certification event,” said Oates. “The 275th OSS were our validators during this event and ensured we were completing the certification tasks correctly. The 175th Communications Flight provided communications support and made sure that we had a thorough understanding of the communications infrastructure for the base locally.”
According to U.S. Air Force Col. Jason Barrass, 175th Cyberspace Operations Group deputy commander, it was a challenging task for the Airmen of the 275th COS to effectively plan it out.
“To get this done they, created all of the memorandums of agreement and received the appropriate authorization through the National Guard Bureau, the 299th NOSC [Network Operations Squadron], and our communications flight,” said Barrass. “With all of that in place, they partnered with those entities to look at one specific area on base and their network and essentially demonstrated their ability to do some of their critical missions skills live on the network.”
Together, the 275th COS and its partners worked and the squadron certified a CPT so that they could now utilize their weapon system and assist during a real-world deployment.
“Now that we have certified as a CPT and we are in our window for activation, we are excited to be able to go out and execute the mission that we are trained to do,” said Oates.