97th cyber warriors perform first MDT exercise

  • Published
  • By Staff Sgt. Cody Dowell
  • 97th Air Mobility Wing Public Affairs

The 97th Communications Squadron used its recently built cyber-training range for their Mission Defense Team to participate in its first cyber defense exercise on Sept. 30, 2021. This exercise was in partnership with the U.S. Air National Guard’s 229th Cyberspace Operation Squadron from Vermont. The 229th COS runs a Multi-Application Practical Learning Environment Range, which runs the server for the exercise.   

The objective of the exercise was to detect and block unauthorized or malicious network traffic, while maintaining legitimate traffic and services on the network. Simulated attackers from the 229th COS MAPLE range provided accurate, simulated cyber threats. This was all made possible by the local finished range, which is comprised of five high-performance computer stations capable of running multiple cyber defense scripts at once. The range was built after nine months of waiting for equipment and parts to assist the MDT by providing a centralized location for proper team communication and cyber defense execution.

“At some point, we might get (cyber defense) tasking’s from our headquarters. If we don't have mission-ready personnel on the base, the base would never really be able to get those taskings,” said Christopher McMall, 97th CS MDT special missions flight director. “This exercise is important for items like the KC-46 (Pegasus) if they have some kind of cyber threat coming against it. This also allows us to integrate into an actual comm exercise a little bit easier.”

Throughout the scheduled range time, members of the 229th COS members monitored the range and provided support to the participants. This training environment helps cyber operators develop some of the hands-on skills they will need as members of MDT and Cyber Protection Teams.

“To give a little background information on the 229th COS, our primary mission since 2003 has been training members of the Total Force,” said Senior Master Sgt. Mark Huntington, 229th COS cyber warfare operations flight chief. “Since our inception, we have offered several informational and cyberspace operations courses, many of which have been pre-requisites for various in-residence courses. Since 2003, we have graduated more than 29,000 students through the use of Advanced Distributed Learning platforms.”

An important aspect of their training, Huntington further explained, is that once an exercise is complete, teams are given a detailed log of malicious network traffic that was active at various times throughout the exercise. This traffic log enables teams to conduct their own exercise debrief, allowing team leads the opportunity to work with their operators in order to hone their cyber defensive skills.

"It's more just getting us ready to be in that mission mindset,” said McMall. “Comm is a support mission, whereas MDT’s and cyber squadrons are in ops type missions. In doing this we are getting prepared in the ‘PBED’ habit, which is the plan, brief, execute, and de-brief mantra, and that's what we're actually doing for this MAPLE range exercise.

The exercise took roughly four hours to complete, with members using tools such as Snort, Wireshark, and a pfSense firewall. In a real-life scenario, members of the MDT need this familiarization when working as a team in cyber defense missions. 

"There were a lot of attackers and a lot of different variants of malware and offensive attacks that we were able to see,” said Senior Airman Kailan Almirol, 97th CS MDT cyber operator. “We've seen most of them before, but the way that they came in was slightly different from what we've seen. So, I do believe it was a really good team experience; we haven't worked on anything like that with the five of us together in a room."