Members of the Georgia Army National Guard identified and thwarted cyber attackers, with some help from the Georgia Tech Research Institute (GTRI).
GTRI’s Secure Collaborative Visualization Environment (SCoVE) again served as the site for the Georgia Guard’s Defensive Cyber Operations (DCO) team to participate in the National Guard’s annual Cyber Shield 2015 exercise. GTRI’s collaboration with the Georgia DCO team began in 2013 and has supported this event and Cyber Shield 2014.
Coordinated from Camp Atterbury-Muscatatuck, Indiana, more than 42 states and territories—including Army National Guard, Air National Guard and Reserve Component service members participated in the annual exercise. The purpose of the exercise is to develop, train and exercise the Guard’s DCO specialists.
As part of the DCO Blue Team, the Georgia Guard members worked to identify and thwart attacks from the rival Red Team, a group from other States’ Guard members. Sgt. Shari Simzyk, a network analyst on the Georgia DCO team, analyzed IDS (intrusion and detection systems) in real time and historical logs.
“As part of the network team, I worked to defend a network from intrusion,” Simzyk said. “The SCoVE allows our team to be able to communicate with the Windows team easily. By participating in this event at GTRI, we are able to use some of the open-source tools we don’t normally use.”
This exercise is part of a capstone event to test our skills; basically, showing how the State could deploy the Guard in the event of a cyber attack on government and critical infrastructure networks supporting the residents of Georgia or the Southeast.
“A cyber-security attack is just like a natural disaster,” said Chief Warrant Officer 3 Samuel Blaney, the Information Assurance Manager and Defensive Cyber Technician with the Georgia National Guard. “Exercises like these help build our team members’ skills, capabilities and knowledge in cyber incident response.”
Blaney said that this particular exercise allows Guard members to integrate with the state’s academic professionals, and that using GTRI’s facilities allowed his teams to go above and beyond mission parameters. With the teams able to work together and communicate more easily, Guard members went beyond just locating where “hackers” attacked the system, and identifying which files have been changed.
“Our teams today have worked to locate the hackers, and even prevent further intrusion,” Blaney said. “With the facilities here allowing ease of communications, the teams were able to identify, anticipate and ‘hunt’ the hackers.”
Blaney said the DCO team will use Cyber Shield to prepare for a tabletop exercise with Georgia state officials in April, labeled Cyber Defender 2015. GTRI, who works closely with the Georgia Emergency Management Agency/Homeland Security (GEMA/HS), also will participate in that event.
Source: http://gtri.gatech.edu/casestudy/gtri-assists-georgia-guard-cyber-shield-2015