Georgia National Guard Collaborates with GTRI on Cyber Defense

Members of the Georgia National Guard trained in cyber defense at the Georgia Tech Research Institute (GTRI) during Exercise Cyber Shield 2014.

Georgia Guard members joined those from more than 30 other states, Guam and Puerto Rico in a cyber attack and defense exercise, from April 25 through May 2, 2014. The weeklong event provided a simulated Internet environment that allowed red teams (attackers) to conduct cyber attacks while blue teams (defenders) worked to intercept and analyze the data.

GTRI volunteered its Secure Collaboration and Visualization Environment (SCoVE) and unclassified network infrastructure, as well as administration and information technology support personnel to assist with the exercise. Guard members connected with the Department of Defense’s (DoD) Cyber Range, while using GTRI-developed tools such as the Apiary malware analysis and repository framework.

“All cyber events are inherently local, even if it happens on a national scale,” said Colonel Jeff Edge, Chief Information Officer for the Georgia National Guard. “Teaming the National Guard and academia is important, showing that we’re working on these issues at the local level. Georgia Tech and its researchers know what’s important for the state of Georgia. It’s my hope that other states are teaming with their academic institutions in the same manner.”

Members of both Signals and Intelligence within the Guard investigated the simulated attacks to learn the tactics, techniques, and procedures attackers used in order to gather actionable cyber threat intelligence and forensics data. By working with GTRI, Guard blue force defenders honed their cyber defense skills and refined their incident response procedures to ensure success in defending state and national network infrastructures.

“This exercise is focused on our network, but we have some future exercises that would allow us to serve as first responders with outside networks,” said Lt. Col. David Allen, branch chief of Information Management with the Georgia National Guard. “The facilities here at GTRI are great, and this relationship is one we need to foster and build upon. We will continue to have opportunities to collaborate at the local and national level; it’s really nice to be able to work on that in your own backyard, which helps maximize participation at a minimal cost.”

Chief Warrant Officer 3 Sam Blaney, an Information Assurance Manager/ Cyber Network Defense Technician with the Georgia National Guard, has been working with GTRI’s Steve Moulton, Cyber Technology & Information Security Lab, to bring GTRI and the Guard’s cyber team together. When Chief Blaney saw GTRI’s SCoVE 18 months ago, he said he immediately wanted to hold an exercise there.

“The major point of this exercise is developing our incident-handling process, which incorporates analysis and forensics,” Blaney said. “We’re taking the skills that we’ve learned, and we’ll work with the soldiers afterward to help fill in the gaps. That’s what we want to bring to Georgia Tech: Here are our needs, is there some certification training or are there any degree programs that we can get our people—the Georgia Guardsmen—involved with here.”

Blaney’s role was an evaluator during Exercise Cyber Shield. He was busy evaluating how his team responded to various attacks throughout the event. The next exercise, he said, will focus on incident-response to critical infrastructure. State government partners will participate as stakeholders.

This inaugural collaborative cyber effort between GTRI and the Guard will, it is hoped, lead to a long-term, strategic relationship, supporting various state of Georgia and DoD activities.

“These future collaborations will involve training and technical support for cyber technology, information security and operations, information dominance and continuity of cyber operation,” said Moulton. “Access to our expertise and capabilities will support the Georgia National Guard’s participation in other remote and distributed venues, and will expand the size and scope of the Guard’s cyber operations by reducing the cost and logistical planning required.”

GTRI has worked closely with the Georgia Emergency Management Agency/Homeland Security (GEMA/HS). “This new partnership with the Georgia National Guard builds on a shared mission of securing our network and homeland and highlights GTRI’s commitment in serving our military and our state,” Moulton said.