It hardly needs to be said that human conflict has over the last couple of decades shifted from military confrontation of the kind seen in the wars of the last century to more complex and subtle platforms. Nations still spend significant proportions of GDP on defence hardware, but have woken up in the present century to the fact that more can be done to destabilise, weaken, threaten or confuse other nations or groups of nations by targeting the core systems and communications everyone relies on today.
In the United States, the Army National Guard is, with the Regular army and the Reserves, a key branch of the armed services, with 337,000 personnel on call nationally. Community-based, units report to the governor of their respective states unless called to protect US domestic or national interests at times of conflict or natural disaster. “Always ready, always there.” The Guard has, like the rest of the U.S. military (not to mention business and the rest of society), had to evolve rapidly into the digital era, and one of its key tasks today is to always be ready to foresee and defend against threats to the nation that come from cyberspace.
The ongoing Covid-19 pandemic, a natural disaster, has given rise to uncertainties that could be exploited by an attacker, whether motivated by criminal or political goals. For example, imagine that a hospital system might be targeted at this time, muses Lt-Col Woody Groton, Chief Information Officer of the New Hampshire Army National Guard. As a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP), Groton leads a team of IT professionals responsible for the Guard’s network and ensures its readiness to counter any threat. “Cyber security is integrated into everything we do. With IoT permeating everything, almost any activity you care to name could potentially be disrupted, so network modernisation is one of the top U.S. Army priorities currently.”
The Army’s cloud strategy isn’t too different from that of any large business or organisation, partnering with names like Cisco, Oracle, Microsoft, AWS and others. “The networking infrastructure we use is all the same. Our logistics system or our new integrated personnel and pay system for example are semi-custom implementations of best-in-breed systems from the likes of SAP, PeopleSoft or Microsoft.” The recently concluded Joint Enterprise Defense Infrastructure (JEDI) contract awarded to Microsoft in 2019, against hot competition from AWS, is a huge step toward placing cloud-enabled technologies like AI at the service of the Department of Defense (DoD). “The one part we keep firmly in-house is in the cryptology piece, and for our classified networks of course we work with the National Security Agency.”
From its inception in 2015, Woody Groton has been a key leader in the annual Cyber Yankee exercise across the six New England states. This, he explains, is an initiative which coordinates the National Guard’s cybersecurity response team (its ‘Blue Team’) with entities outside of the DoD from national agencies like DHS, FBI, FEMA and U.S. Cyber Command to a broad range of local and regional government, law enforcement, academic and commercial bodies as well as private companies. “As an example, in 2019 the U.S. Army account manager for Tenable reached out to us and became a very valuable participant in the exercise, offering additional cybersecurity tools; likewise we’ve worked closely with Cisco Systems among other major players over the years.”
The guard works with regional utilities from critical infrastructure. “A lot of the participants don’t have the resources to put together a cybersecurity exercise with over 300 participants, a virtual network range and a live opposing force. That includes some of the smaller utilities; for them, participating in Cyber Yankee is a learning opportunity that links them with larger players and helps them protect all of their customers.”
A simulated but realistic threat is put forward, and these partners are invited to test their ability to respond effectively. “We work very closely with the electrical power and water industries,” he says. “Engineers from these utilities participate in the exercise to see how ready critical infrastructure is to face any attack.” So training is a clear goal of Cyber Yankee; however he is keen to stress the benefits of deepening relationships between all interested parties at a regional level, and this has been brought into sharp focus by the current Covid-19 crisis, in response to which the entire exercise has been put on hold until July 2020. “The relationships we have built here in NH, for example with the State CIO or the Chief Information Security Officer (CISO) are really important. We have mutual trust and real friendship. That applies right across the region. For example, the Massachusetts Water Resource Authority utility has been an important partner over the years, inviting guardsmen in to review their operational technology systems, since a cyber incident at any utility could be crippling for the entire community.”
For now, Covid is keeping people at home but Cyber Yankee needs to go ahead as soon as it is safe to do so, to give new soldiers and airmen coming into the services the cybersecurity training they need and to cement third party relationships for the future, Groton believes. “But you can be assured we are in a state of heightened awareness and preparedness, at times like this pandemic crisis, to meet any attempts to take advantage of the distraction it provides.”
The National Guard has some amazing talent within its network, he emphasises, with some of the smartest and most experienced penetration testing, cyber intelligence and encryption professionals. Groton is passionate about his team, and for a career soldier he is refreshingly democratic in his approach. “Rank is not really relevant, because we have extremely capable IT professionals here, whose entire focus is technology. When we have a problem we solicit solutions from the team rather than directing them in any particular way!” You might think the army was not the natural home for a geek, he jokes, but in the best sense of that word the Guard attracts people who relish the most intractable problems, and will work all hours till they are solved.
So compelling is the need to guard the whole of society against disruption, that the US Army Cyber Command, formed in 2009, is now changing its name to the Army Information Warfare Command. The level of threat from malicious actors, whether state proxies, criminals or financial opportunists will continue to increase exponentially, Woody Groton predicts, making it vital that the National Guard always keeps several steps ahead of them.
The DoD and the NHNG does not endorse (expressly or by implication) any Non-Federal Entities referenced in this article.
The views presented are those of the author or LTC Groton and do not necessarily represent the views of DoD or its components.