Buffered by two oceans and friendly nations to the north and south, the U.S. is a daunting challenge for those who would bring hostility to its shores. But for cyber aggressors, the unseen, digital walls that protect America are less impenetrable.
“Attackers just need to find one way in,” said Nick Lindhag, chief information security officer for the City of Fargo. “On the defenders’ side, you have to look at every possibility.”
Over the first two weeks of June, Lindhag joined about 900 other digital defenders — many from the National Guard and reserve components — for Cyber Shield 2025, the military’s longest running and largest unclassified cyber exercise.
Held at the Virginia National Guard’s State Military Reservation in Virginia Beach, the training involved military and civilian professionals from 42 states and territories, as well as 15 nations from the National Guard’s State Partnership Program.
“It’s such a huge event,” said Lindhag, who attended, in part, to strengthen Fargo’s cyber defense collaboration with the North Dakota National Guard. “You see the international partners, civilians, every branch of the military mixing it up. It’s just great cross-training.”
Cyber Shield 2025 launched with a week in the classroom. Focusing on DOD credentials and globally recognized CompTIA certifications, such as CySA+, PenTest+, and CASP+, the participants gained validation for real-world skills they take home to their units and communities.
“We don’t focus on tools as much as we focus on concepts,” said North Carolina National Guard Director of Cyber Operations Lt. Col. Seth Barun during a media roundtable. Noting that while cyber defense tools are unique to each nation or community, the concepts are more universal.
“We’re building critical thinkers, right? That’s what we’re getting after … how to critically think through a cyber attack.”
In the second week, things moved from the classroom to the digital battlefield. Cells of red team attackers squared off against blue team defenders, hoping to expose vulnerabilities in their networks and strategies.
Having focused on water and power systems in the past, this year’s red teams targeted agriculture and autonomous vehicles, hoping to build innovative threats into the exercise’s gameplay.
“So, everything we do is based on real-world malicious actors and activity that we see,” said Barun. “Each year we pick a different technology area that we’re going to focus on, and it gives those guys the opportunity to deep dive that particular technology area.”
Because cyber is a borderless entity, the international component is critical to the training. Perhaps more than any Armed Forces component, the National Guard enjoys longstanding training relationships with other nations through its State Partnership Program, made evident during Cyber Shield.
“We have a full week to do the learning, and then we have the full week to apply that learning in action,” said Lt. Col. Ignas Zilinskas, of the Lithuanian Armed Forces, which is state partner to the Pennsylvania National Guard. “It’s also about sharing the different kind of thinking. It’s about the creativity … It opens up for you also another level of opportunities.”
Capture the Flag, one of the cybersecurity competitions, forced teams to seek out and “capture flags” — malicious pieces of code or other digital components buried in networks or applications. And much like the childhood game of the same name, it unleashed the sporting spirit among players.
“There’s some talented people as part of our state partner programs,” said Barun. “In fact, we’ve done two Capture the Flag competitions, and they kicked our butt.”
