SIG MMG 338 Program Series

Archive for the ‘Cyber’ Category

Special Warfare Journal: How ARSOF Fights

Saturday, October 26th, 2024

JUST RELEASED – The Summer/Fall 2024 edition of Special Warfare Journal, “How ARSOF Fights, Future Integration of the SOF-Space-Cyber Triad“ is  available for download now at:  www.swcs.mil/Special-Warfare-Journal/Special-Warfare-Archive

Special Warfare Journal is The Official Professional Journal of U.S. Army Special Operations Forces.

Green Berets Use Disruptive Cyber Technology During Swift Response 2024

Friday, August 30th, 2024

In 1991, U.S. Army Col. (ret) John Collins authored the special operations forces (SOF) truths. These five stanzas outline what it means to be a SOF soldier, and how the force must operate to be successful. Chief among those is truth number 1: “People are more important than hardware”. SOF capabilities have evolved considerably since 1991, however, and while people remain the most important asset, hardware has led the evolutionary change.

Advancements in technology have increased the capabilities of the people in the SOF community. Not only are they masters of air, land, and sea, but now there is a fourth domain. Cyberspace has become a key part of the battlefield, and quickly has become just as critical as the physical realm in battlefield superiority. It’s for this reason that Operational Detachment Alpha (ODA) teams trained with disruptive cyber technology during Exercise Swift Response 2024 near Skillingaryd, Sweden this month.

“What this allows us to do is target an objective, use the signaling equipment to gain access to any WiFi networks originating at the target, and then monitor activity from that location for a period of time,” explained an identity protected ODA team member.

“It’s a very useful tool for us, because it gives us another set of eyes and helps to paint a clearer picture of our objective.” he said.

During the exercise, the aforementioned ODA team identified a target building and used a remote access device (RAD) to identify the networks coming from the facility. They were able to crack the WiFi password, enumerate the network, and run exploits on the target computer inside the building. This enabled the team to manipulate security cameras, door locks, and other security systems in the building.

While one team was in charge of manipulating the building through cyber disruption, a second ODA team conducted an infiltration operation on the facility. They conducted a military free fall (MFF) jump and marched seven miles to access the building, which they were able to enter easily due to the cyber disruption. From there they placed signal jamming equipment to clear any trace of the attack and exited the premises.

Training on a set of tools gives the team the ability to master them, living up to the second SOF truth, which is that quality is more important than quantity.

“In a real-world situation, this would allow us to gain information in a way that we haven’t always had,” explained the commander of the INFIL ODA team. “If we have a specific target or objective we need to reach, we now have the capability to glean critical information in a way that is undetectable if we do our jobs right.” he said.

The third SOF truth is that special operations cannot be mass produced. The ability to hack into a building through cyber technology is not exclusive to the special operations community, but the ability to do so, while also incorporating an MFF jump, and 7 mile foot march undetected is a SOF skill that when combined with the cyber capability gives special operations a unique set of skills that is exclusive said the ODA cyber team member.

“We are able to see what’s happening, and we know what the INFIL team is doing,” he said. “We have eyes on the whole scenario.”

The fourth SOF truth states that special operations forces cannot be produced after an emergency. They must be established, ready, and fully competent. This is why training in exercises like Swift Response is so important. It allows team members to sharpen their skills in an unfamiliar environment and put their knowledge to the test.

Advancements in hardware are due to the fifth SOF truth, which is that SOF requires non-SOF support. Cyber disruption is not brand new technology, but a tool that continues to develop. Staying current with the technology is a critical task, said the ODA cyber team member.

“This capability is something that we need to train on, and keep current with,” he said. “Because it’s evolving so rapidly, the devices we use today could be obsolete next year. It’s been five years since I first went to school for this – it’s changed so much in that time, I feel like it’s a whole new world.” he said.

While advancements are inevitable, the five SOF truths remain. New capabilities fall in line with established practices, and the entire machine keeps moving forward. Working during exercises like Swift Response 24 with Allies and partners such as Sweden enables special operations to remain uniquely postured to counter malign influence, build interoperability, rapidly respond to emerging threats and if necessary, defeat aggression.

By SFC Tim Beery

Army Cyber Protection Brigade-Led Exercise Brings Multiple Service Elements, Components Together

Monday, August 12th, 2024

CAMP DAWSON, W.Va. ­­– As the late July heat continues to scorch, cyber Soldiers, Sailors, Marines, and civilians assembled in the foothills of a remote training base in West Virgina to hone their skills to build an effective defensive cyber force.

Every year, the Army Cyber Protection Brigade (CPB) plans, prepares, and executes Exercise Grungy Zion (EGZ) to simulate a joint task force employing defensive cyber operations across multiple echelons. From July 22 to August 3, 2024, the CPB deployed teams to Camp Dawson, W.Va., Orlando, Fla., and Fort Eisenhower, Ga. to participate in this exercise.

For the CPB task force staff and the brigade’s subordinate battalions, this was an opportunity to validate how information is received, managed and communicated to the Cyber Protection Teams (CPTs) that were operationally engaged in the training scenario.

“Exercise Grungy Zion is the Cyber Protection Brigade’s annual certification exercise,” said Col. Christopher Stauder, CPB commander. “Historically, this exercise has been focused on certifying mission elements, cyber protection teams, and battalion-size task forces. This year the CPB took a giant step forward in certifying the brigade headquarters as a maneuver element and by incorporating multiple partners into this exercise.”

This year’s exercise was the first time the Army’s sister service cyber elements participated in EGZ, working alongside their Army counterparts. Some of the partners included elements from Marine Corps Forces Cyber, Navy mission elements, Multi Domain Task Force mission elements, Army Reserve and National Guard CPTs, and signal professionals from the 60th Signal Battalion (OCO).

“Working joint with the Army during EGZ has been exceptional,” said U.S. Marine Corps Cpt. Michael Goff of 652 CPT, U.S. Marine Corps Cyberspace Operations Battalion. “This is the first time my team had an Army crew integrated with us. It has been a huge success, because they are proficient in all the tools, allowing us to achieve success much faster than normal.”

EGZ also demonstrated how the advancement of technology forces cyber elements to continuously transform how they train and fight to become a more competent force. This includes protection of mission-essential information as well as networks supporting infrastructure, logistics, and communication between joint and multinational allies and partners.

“It feels nice to be hands-on developing and learning new skills,” said Spc. Andrew Stout, 155 CPT, 1st Cyber Battalion, CPB. “Cyber is important, because it provides a broad range of assets and technical support to help the Army complete its mission all over the world.”

In the past, the exercise has taken place on Fort Eisenhower and Camp Dawson; each year new remote locations participate in the training. This is the fourth year the CPB has hosted EGZ and due to its success, plans to continue the exercise for many years to come.

“EGZ is successful because it stresses our units to see what operational load we can handle,” said 1st Lt. Luke Meyer, 155 CPT, 1st Cyber Battalion, CPB. “It measures how we respond in real time, our processes, and hunting capability to react to any cyber threat that might pop up.”

By Lloyd Bedford

TacJobs – Cyber Assignment Incentive Pay

Thursday, July 25th, 2024

Cyber Assignment Incentive Pay (CAIP) is designed to provide high-performing Soldiers with an incentive to pursue further professional development and certification. It is available to commissioned officers, warrant officers and enlisted Soldiers in the active Army, Army Reserve and Army National Guard in designated cyberspace work roles in approved units.

CAIP compensates Soldiers with specialized skills to meet readiness challenges and support national security objectives.

CAIP currently ranges from $200 to $1,500 per month based on assignment, certification and skill level, and determined on a tiered proficiency scale (basic, senior or master) within designated work roles and units.

For more information visit www.army.mil/armycyber and www.arcyber.army.mil/About/About-Army-Cyber

Army Cyber Command Leaders, Partners Discuss Leveraging Information Advantage

Sunday, July 14th, 2024

ARLINGTON, Va. — Military and civilian leaders from across the Army Cyber enterprise joined their expert partners from military, industry, academic, government and media organizations to discuss the ever-evolving cyber landscape and how military forces can develop and employ information advantage in cyberspace, at the Association of the United States Army’s “Hot Topic: Cyber and Information Advantage” event in Arlington, July 2, 2024.

Lt. Gen. Maria Barrett, commanding general of U.S. Army Cyber Command led the day of panel discussions and remarks that was co-hosted by ARCYBER and the Army Combined Arms Center.

“This is all for the purpose of enabling commanders to visualize, decide and synchronize the effects that they could have within the (cyber) dimension,” said Barrett during her opening remarks.

She emphasized that to succeed in that dimension requires looking at every phase of the continuum of conflict. “If you think you’re going to deliver insights to a commander about the information dimension, and you’re not looking at it in the competition phase, whatever you are delivering in crisis, in conflict, probably will fall short,” she said.

Among the other senior Army Cyber leaders participating in the daylong event were Maj. Gen. Paul Stanton, commanding general of the U.S. Army Cyber Center of Excellence and Fort Eisenhower, and Lydia Snider, advisor on foreign malign influence to the ARCYBER commanding general.

Snider provided insights during a panel on the effects of social media on information advantage activities, highlighting its prevalence and growing impact on global affairs. Social media has removed borders, she said, allowing our adversaries to get into the hearts and minds of Americans. To combat their efforts, we must ask the right questions about their intentions and increase messaging about democratic ideals and values.

With information proving to be a critical instrument in influencing global affairs, the Army and its Department of Defense, allied, industry, government and other partners are focused on ensuring we are positioning ourselves to combat our adversaries on all fronts. During the last panel of the day and a media roundtable following the event, Stanton talked about how thorough planning with specific objectives is vital to getting commanders’ support for cyber operations, and the standup of three theater information advantage detachments, or TIADs, to provide broad expertise in that planning.

“We, in the Army, are promoting the theatre information advantage detachment,” said Stanton. “That is the element that is going to do the planning across our ability to influence, inform, protect, attack and support decision making that will drive tangible and measurable outcomes.”

“The TIAD has to do all detailed planning, they have to do the data collection, they have to get the approvals in order to execute mission, and then they have to do the appropriate assessment of effectiveness after the fact,” Stanton said.

Col. Bryan Babich, director of the Army Mission Command Center of Excellence, said that as with as with other cyber operations, the success of the TIADs will depend on preparation, initiative and relationship building between the Army and its partners.

“You can’t wait until crisis or conflict to start,” said Babich at the roundtable. “That is why it is so important with the TIADs and how they are forward posturing and working with partners.”

By SSG Kyle Alvarez

National Guard Members Test Skills at Cyber Shield 2024

Monday, July 1st, 2024

VIRGINIA BEACH, Va. — Almost 1,000 participants flooded the Virginia National Guard State Military Reservation in Virginia Beach for the longest-running and largest Department of Defense cyber defense exercise May 31 to June 15, 2024.

Cyber Shield is an annual National Guard event that hosts National Guard and Army Reserve Soldiers, Airmen, civilian cyber professionals and international partners worldwide.

A number of National Guard State Partnership Program countries, including Poland, the Republic of Moldova, Lithuania, Romania, the Republic of Georgia and Kosovo joined this year’s cyber shield exercise.

“The importance is international outreach,” said North Carolina Army National Guard Staff Sgt. Todd Webster, a cybersecurity team leader. “Not only are we able to help cyber developing companies and countries, but we’re also able to provide outreach across the globe.”

Cyber forces were brought together in Virginia Beach to develop, train and test their limits. Those involved had the opportunity to attend rigorous courses, conduct cyber exercises, and test their skills in this year’s NetWars competition.

Cyber Shield held training classes tailored to various skill sets, including Pen+, Security+, Linux+ and CISSP.

“Our overall goal for Cyber Shield is to train and learn on the cyber domain,” said North Carolina Army National Guardsman Lt. Col. Brian Dodd, Cyber Shield’s defensive cyber team chief. “We learn how to better respond to incidents in the cyber domain and how to better react to the problems that we see.”

This event was designed to increase participants’ ability to infiltrate, defend and enhance the cybersecurity network for global defense measures.

“We continue to see increased severity and increased frequency of cyber attacks regularly,” Dodd said. “There are more threats than there have ever been in the cyber domain, so we need to come to an event like this and train together.”

By Hannah Tarkelly, 449th Combat Aviation Brigade

Air Force Special Operations Command Demonstrates Ability to Support Joint Force Readiness and Resilience Through Real-Time Onboard Data Collection

Saturday, June 22nd, 2024

AFSOC Public Affairs

HURLBURT FIELD, Fla. —  

Air Force Special Operations Command gathered members of Special Operations Forces Acquisition, Technology, and Logis tics, AFSOC Staff, Cyber Mission Defense Teams (MDTs), and maintenance personnel here to demonstrate its latest capability to collect and analyze onboard data from an operational MC-130 aircraft, detect cybersecurity and maintenance anomalies in real-time, and stream data and anomalies into a Department of Defense  cloud environment. This demonstrated AFSOC’s ability to support joint force readiness and resilience through real-time onboard data collection, detection, and alerting capabilities from the tactical edge.

The demonstration utilized commercial off the shelf observability platform which collected and analyzed aircraft data as it was generated during flight, revealing a set of simulated operational and cybersecurity anomalies which were streamed to the MDT ground station. Once received, the MDT streamed the alerts and corresponding data into a joint cloud instance in real-time for further analysis, enabling cybersecurity, maintenance, and intelligence analysis use across the joint force.

“To evolve and outpace the adversary, AFSOC must embrace change that will enable technical overmatch during high-end conflict and long-term strategic competition. Gaining real-time or near real-time observability into operational aircraft gives us the ability to develop countermeasures to overcome enemy cyber-attacks, generate force readiness, and improve mission capable rates,” said Col Alfredo Corbett, AFSOC Director, Cyber & C4 Systems.

AFSOC currently leverages equipment to gain observability into the onboard operational technology generated by the MC-130 aircraft. Hardware captures, analyzes, detects, and alerts on anomalies at the edge, enabling real-time maintenance and cybersecurity monitoring, insights and intelligence, and the ability to build and deploy new detections. By integrating the alerts and data into the DoD cloud environment, AFSOC demonstrates its ability to support DoD modernization efforts, enabling it to improve the readiness, survivability, and lethality of vehicles fleet wide.

U.S. Marines and Canadian Soldiers Plan to Defend Against Cyber Attacks

Saturday, May 25th, 2024

Montreal — U.S. Marines assigned to Defensive Cyberspace Operations-Internal Defensive Measures, Alpha Company, participated in joint training exercise Cyber Harmony 2024, with partner nation service members from the Canadian Army at the Royal Montreal Regiment, Quebec, April 27-28, 2024. Cyber Harmony is a force against force training event against simulated nations launching cyber-attacks at one another.

The role of DCO-IDM is to employ a set of protocols and strategies to protect and defend U.S. military networks, systems and information from unauthorized access, manipulation, or destruction by cyberspace hackers. Some of these measures include constant network monitoring, access control, encryption of these networks or sensitive data and regularly schedule security audits.

The goal of Cyber Harmony was for DCO-IDM to employ, maintain, and improve cyber capabilities and act as Defensive Cyberspace Operators. The exercise ushered Marines and joint NATO allies’ defensive cyber capabilities towards their training objectives via a digital capture the flag simulation.

This ensures readiness and adaptability to sudden cyber threats that may emerge as technology becomes more and more relevant every day.

“It strengthens our abilities by giving us a chance to work with our NATO partners in simulated cyber-attack scenarios and use tools we don’t usually use,” said Sgt. Justin B. Bryant, a cyberspace warfare officer attached to DCO-IDM, Alpha Company.

The exercise consisted of challenges presented on a web server that represented real-world systems. Each team was responsible for discovering vulnerabilities in the systems’ security and once accomplished, a flag would appear for them to “capture,” earning them points.

“We have servers and computers on different networks that are actively being attacked,” said Bryant. “Our job here is to utilize the toolset that has been provided to us to detect intrusions and neutralize any threats.”

The Marines served a multitude of jobs, including basic cyber operator and networking chief, –all with the goal of securing a more stable cyber security network for the U.S.

“The Marines that participated in Cyber Harmony 2024 will be leaving with an excellent example of what a real network attack on a protected system could look like,” said Bryant.

The Marine Corps Reserve provides trained units and individual Marines to augment and reinforce active forces for employment across the full spectrum of crisis and global engagement.

“In the world we live in today, technology is embedded in our society and dictates a huge aspect of everyday life,” said Bryant. “It is our responsibility to protect those systems and secure our data so that we may continue our way of life.”

Story by LCpl Juan Diaz 

Marine Forces Reserve (MARFORRES)