The Maryland Air National Guard Deploys Cyber Team in the Digital Battlespace

10/17/2016

2016-10-13 By Todd Miller

The Department of Defense (DoD) is ambitiously building a Cyber Security force to fulfill its Cyber Strategy. It is a high priority given the network dependence of our defense and national infrastructure and the growth and severity of cyber attacks.

“Hunter,” an intelligence analyst with the Maryland Air National Guard (ANG) 275th Cyber Operations Squadron describes the challenge:

“The domains of Air, Sea & Land are finite, generally fully mapped and known. In the cyberspace domain, the internet is the terrain and it is arguably infinite, growing and morphing every day.”

Hunter describes the internet as the “Wild West” – an image of a time and place where anything goes, violence a way of life, “law and order” fleeting, commercial opportunities (mines, railroads) non-existent one day booming the next, the saloon the Facebook of the day, and change fast and furious.

We have become too familiar with the hazards of the internet, leaked emails, busted corporations, compromised databases, stolen identities – and so many more examples of the vulnerabilities of this new indispensable terrain.

While these risks are troubling for corporations and individuals, they are potentially devastating for our military forces.

Emerging warfare doctrine has been described by Richard S. Deakin in his book “Battlespace Technologies” (Artech House Publishers, 2010) as “Network-Enabled Information Dominance.” The warfighter and weapons platforms utilized today (F-22, F-35, AEGIS Cruisers, P-8, E-3G, Wedgetail, Triton/Global Hawk and more) generate an unprecedented amount of information are very effective in a network enabled environment.

The enabled platforms share information via the network and create a unified battlespace picture, where each individual platform has access to the others targeting data.

The result is what the Navy calls the “tactical cloud” or as others reference, the “Kill web.”

The information and network enabled systems provide the warfighter with unprecedented situational awareness and give strategic and tactical command a tremendous advantage in any conflict.

Caption for Slide Gallery: The 275th Cyber Operations Squadrons Cyber Protection Team at work in the “Hunters Den.”  A squadron of the 175th Wing Maryland Air National Guard. 

And yet, given they rely on the internet these networks have the potential of being hacked, compromised, or degraded. There can be no higher imperative than to protect the networks that carry the information as well as the associated platforms.

Any compromise will have a serious impact on warfighting capability.

In the last few years the Government and DOD have mobilized to take this threat seriously with the launch of the United States Cyber Command (USCYBERCOM), a sub-unified command of the United States Strategic Command.

Within the Air Force, Cyber is led by the 24th Air Force, a chain of command that includes the 175th Wing of the Maryland ANG and its 175th Cyberspace Operations Group.

The recently activated 175th COG is unique: it is the first Air National Guard (ANG) Wing to have a group structure containing multiple cyber squadrons (3 Operational Squadrons, 1 Operational Support Squadron).

Second Line of Defense visited the 275th Cyber Operations Squadron on September 28, 2016 at the beginning of their first deployment.

Cyber Operations Squadrons (COS) utilize Cyber Protection Teams (CPT) as an operational team to fulfill objectives. While the structure is based on an Air Force model, it is still such a new endeavor that aspects are still evolving.

Many of the personnel involved today have retrained from other disciplines – everything from C-130 pilot to Tactical Aircraft Maintenance.

They now have the privilege of being on “the cutting edge,” performing ground breaking work, refining structures, and cyber tactics.

The ANG model brings additional value by the inclusion of the best cyber personnel available in the private industry. As Hunter explains, the synergy of sitting within a team of the smartest available private industry cyber specialists, while performing cutting edge service is extraordinarily satisfying. The 175th is uniquely situated in Maryland close to Fort Meade, an area with scores of exceptionally qualified cyber specialists.

While the typical ANG personnel serve “one weekend a month” deployment involves putting civilian life on hold and reporting full time. During deployment the squadron may continue to work out of their home base, or given their mobility may relocate equipment and personnel to support a designated network in another location.

While cyber groups within different services have defined roles, CPTs are aligned with; a National CPT against a known threat (Nation State); the Combatant Commander (COCOM) in a specific theater of operations such as Europe (USEUCOM), South Pacific (USPACOM) etc.); the Department of Defense (DOD) Networks; or Service aligned (Air Force, Army, Navy, Marines). The 275th is service aligned with the USAF (24th Air Force) to perform missions on Air Force spheres of influence.

Director of Operations Major C. Ferguson used the physical security apparatus of the base to describe the role of the CPT; the base has a gate, the network has entry points; base security examines credentials and vehicles upon base entry, the CPT views packets, digital signatures and credentials; the base has a fence; the network has a firewall; the base has scores of buildings with different levels of access, the network has areas of similar nature.

The CPT’s job is to survey the network for vulnerabilities, ensure it is secure, and actively protect it.

Hunter notes that the Internet is dramatically different than the domains of Air, Water, Land and Space in that one can be attacked, and not even know it. While probing in the physical domain may include activity close to an adversary’s borders – within the internet the “war” is constant, attacks are real and consequential.

The CPT efforts look for fingerprints that may indicate a previous infiltration or attempt. Like cyber detectives they will follow “the bread crumbs” – always mindful of the legal obligations and process to be maintained.

For example, a cyber analyst might pick a “box,” go look at it, analyze captured network traffic, look for statistical anomalies and subsequently be involved in active adversarial pursuit. Once a network is surveyed and secured the CPT trains the local cyber operator (LCO) to perform the ongoing protection.

In the squadrons ops room (the Hunters Den) the teams structure reveals an openness that supports collaboration.

CPT Mission Commander, Major D. Carpenter indicates that only about 15% of personnel’s time is actually spent on the computer. Most of the time is spent in communication, analysis and consulting with other team members (including intelligence specialists). While not specifically designated for offensive activity the team is “weaponized,” as Carpenter notes, “their weapons system oddly looks like a laptop.”

Potential impacts of cyber warfare bridge both the non-kinetic and kinetic realms. While non-kinetic effects such as data exploitation, data theft, and activity such as monitoring data feeds from a remotely piloted vehicle (RPV) could be considered a typical threat, the dangerous and very real field of Kinetic Cyber has emerged.

Examples of kinetic cyber include the release of the stuxnet virus and its crippling effects on Iran’s nuclear program, or the alteration of the speed of pumps on a pipeline that led to a catastrophic explosion.

Other kinetic cyber impacts could involve taking control of a specific platform, or be as simple as infiltrating a secure facility and turning off the air conditioning to the server room resulting in a shutdown of computer servers to a critical network.

One can appreciate the tremendous importance to secure military networks.

An effective cyber-attack would most certainly reduce warfighting capability and jeopardize the ability of the military to prevail in a conflict with minimal losses.

The threat is sobering, and it is encouraging to see the tremendous effort being expended by the Government and DoD to rapidly develop an effective Cyber Command structure and scores of CPT’s. Units like the 175th COG, and 275th COS demonstrate a new but critical capability for the “network enabled” battlespace.

Second Line of Defense expresses gratitude to Col. C. Kohler and SrA E. Saunders of the Maryland National Guard Public Affairs Office as well as Maj. D. Carpenter CPT Mission Commander, 275th Cyber Operations Squadro