JUNE 9, 2023 – In the face of rising cyber threats, the Department of Defense has increased its efforts to recruit and build cyber capabilities. According to the 2023 DOD Cyber Strategy, the military has four main lines of effort in cyberspace: defend the nation, prepare to fight and win the nation’s wars, protect the cyber domain with allies and partners, and build enduring advantages in cyberspace.
The military has developed a series of cyber-centric training exercises to build cyber capabilities. Cyber Yankee, the second-largest exercise of its kind in the world, brought together National Guard and Reserve cyber warriors from the Army, Navy, Air Force, Marine Corps and Coast Guard from around the country in May.
Started in 2015, Cyber Yankee is the premier regional cyber training event for defense, state and federal agencies and key utility companies to rehearse prevention and response best practices. And, unlike other cyber-focused training events that focus entirely on threats against the DOD’s information Network, Cyber Yankee is the only military exercise focusing on critical infrastructure and key resources directly affecting the American people.
“The fact we exercise [with cyber professionals from the private sector and utility companies], we practice like we fight,” said U.S. Army Lt. Col. Tim Hunt, deputy director of Cyber Yankee and full-time Guardsman from the Massachusetts National Guard. “So, if there were something where we need to get activated already knowing those people, already having relationships, it goes a long way getting Soldiers and Airmen into action and helping provide and support a response to take care of something that’s affecting the citizens of the region.”
One aspect of the National Guard that makes its Soldiers and Airmen uniquely qualified for this type of mission is their experience in civilian jobs in the communities they’re working to defend.
The exercises in May split participants into two teams, red and blue. The red team served as the opposing force, trying to infiltrate critical U.S. infrastructure through cyberattacks. The blue team, comprising military and industry partners, thwarts the red team’s attempts to disrupt their assigned sector.
In addition to building relationships and standard operating procedures with their industry counterparts, exercises like Cyber Yankee train National Guardsmen to serve as first responders for the Cybersecurity & Infrastructure Security Agency during a large-scale cyberattack.
“We have 54 National Guards across the greater United States and each governor has Army Soldiers and Air National Guardsmen at their disposal,” said Hunt. “A lot of times we associate a National Guard state response under the governor’s direction for a wildfire, hurricane or natural disaster … but now we’re in this new reality where cyberspace touches all of us every day.”
“If you read the news, in many cases, when there’s a big cyberattack in a state, the National Guard is the first and primary response to that simply because they’re there, the governor can call on them and put them immediately on status,” said Air Force Lt. Col. Cameron Sprague, director of Cyber Yankee.
Organizers of this year’s event turned to Russia’s invasion of Ukraine, a war highlighting cyber capabilities on the modern battlefield, to create a more realistic training scenario.
“We have a very tight partnership with the FBI and used real-world intelligence that they gather to simulate the threats against our critical infrastructure in this exercise, similar to what we saw in Ukraine,” said Sprague.
By Timothy Koster
Connecticut National Guard Public Affairs Office