National Guard tests cyber skills on DOD networks - FedScoop
2022-06-22 17:14 (EST) - Mark Pomerleau
Written by Mark Pomerleau
The National Guard recently focused on defending the Department of Defenses networks during its premier annual cyber exercise, a departure from the last several years where it tested skills on state networks.
The Guard is typically owned by the governors of their perspective states and mobilized by those governors in whats known as state active duty to respond to various crises or assistance efforts. However, the force can also be federalized and mobilized, which means it also needs to be versed in how the Pentagons networks work.
We went with the DODIN-focused exercise for the supply chain because its something that was maybe different and something that we saw some gaps when we went through it in real time, through the real attacks. This gave us a chance to practice that, Lt. Col. Seth Barun, deputy officer in charge for Cyber Shield, told FedScoop in a recent interview, referring to the DOD information network.
This years exercise, which took place June 5-17 in Arkansas, involved service members and civilians from 20 states and Guam.
A lot of personnel in the Guard dont get the access to work on the DODIN, so this exercise provided an opportunity to broaden their scope and work on different authorities, tools and scenarios.
The exercises simulated a supply chain compromise similar to the SolarWinds incident .
While most compromises and attack chains are the same regardless of the type of network, the DODIN requires unique tools and permissions, which provided an opportunity for Guardsman to hone those skills.
I think the biggest differences is the tools, Lt. Col. Jeff Fleming, the officer in charge of the exercise, said regarding the differences between working on the DODIN versus a state active duty scenario. Obviously, the government allows certain tools on the network. And when we do some of our other responses, we have a lot more freedom to maneuver in terms [of] tool space and open source, some things like that.
Barun added: When youre on a state active duty mission, you bring your own tools. Usually the organizations like, Sure, that works for you, put it on, he said. DODIN says, Nope, you can use these and this is what you got.
Moreover, Guardsman get to better understand the various authorities they may be working under in the future.
When youre in the state active duty, youve got one hat on. Its the applicable laws of that state that govern their constraints, limitations, or restraints [on] what theyre allowed to do. That is 50 different flavors of laws that govern what each of these National Guards can or cannot do in each state, Capt. Cumah Blake, staff judge advocate for the exercise, said. But then when you step back into that Title 32 status, its a whole set of different rules that come into play.
Title 32 allows Guardsman to be activated in their state by the governor at the direction of the federal government and the federal government will foot their bill.
She added that its important for Guardsman to be trained in both because if theyve only ever done state active duty, they might not be prepared to do something in Title 32.
One of the big takeaways during the exercise, according to Blake, was the need to educate lawyers on technical cyber jargon.
Every year it validates that gap not just in the military, but just across the board, even the private sector, of really needing to get attorneys trained on what is the language of the technology, what the tools do, because its not a common space language that theyre used to, she said. It can be a little bit intimidating or a little bit hard to effectively have those communications to advise them because youre bridging that gap of learning what is that operator saying, what are they trying to ask permission for, because theyre using a different language than your normal client is.
