Army Col. Teri Williams has been involved with Cyber Shield since 2013.
Williams has seen the annual cyber exercise in which National Guard members and others immerse themselves in how to defend against and react to potential attacks grow significantly. The evolution has been almost at warp speed.
“We actually are attacking things that aren’t quite in the environment yet,’’ Williams said. “In 2013, we were seeing what attacks were happening at that time, and we were executing those. We’re being proactive now.’’
Williams is the officer in charge for Cyber Shield 2020, which is scheduled for Sept. 12-27 and is expected to involve more than 800 National Guard soldiers and airmen as well as representatives from governmental agencies and civilians. Cyber Shield, which originated in 2007, will be all virtual for the first time.
Although the exercise is unclassified, all participants are required to sign a non-disclosure agreement to protect the exchange of information, said Lt. Col. Brad Leighton of the Illinois National Guard.
Each day of Cyber Shield will consist of a different scenario instead of the entire exercise focusing on only one, said George Battistelli, the exercise director and chief of IT security, compliance and the readiness division for the Army National Guard.
“When you bring a group of people together, you always have different skill sets,’’ Battistelli said. “Some are going to excel in vulnerability assessments. Some are going to excel in malware identification, but the goal is to get everybody to the same level.’’
During a conference call Wednesday, Williams — the commander of the 91st cyber brigade of the Virginia Army National Guard — and Battistelli spoke generally about Cyber Shield’s focus. Phishing remains the top mode of cyber attack, and internal and external threats also will be addressed. Organizers relied on the Command Cyber Readiness Inspection program to assess risks and potentially vulnerable areas.
“We can go back to the commanders and say, ‘This is exactly how a nefarious actor or an insider could enter your network and gain access to things,’’’ Battistelli said. “An example would be port security. If anyone could come into your office and plug in your own computer and get access to your network, then they certainly may be things that may be nefarious. What would happen if that happens?’’
Organizers try to make the scenarios as realistic and difficult as possible, Williams said. The first part of the week will be modeled after news events, with the second part concentrating on the technology, Williams said.
Going to an all-remote setup has presented challenges. Some devices intended for the participants when they were supposed to convene in one location had to be shelved. Not having the participating National Guard members and other personnel in one time zone could pose another problem, and in a remote setting, the likelihood that messages will be misinterpreted is increased.
“Overcommunication is the key,’’ Williams said. “That will be the real challenge this year: making sure the right information is going to the right people at the right levels.’’
Battistelli said organizers expect issues that could not have been foreseen to arise. When they do, participants are expected to respond appropriately.
“What we tell everybody is, ‘Remain calm. The event has already happened. Let’s find out what the result is, and let’s work to get there,’’’ Battistelli said.
