Skip to Main Content

MD Air Guard Cyber Airmen Conduct First Enduring Defensive Cyber Training Mission

Article and photos by U.S. Air National Guard Airman Alexandra Huettner, 175th Wing Public Affairs

WARFIELD AIR NATIONAL GUARD BASE, Md.– Members of the 275th Cyberspace Operations Squadron, Maryland Air National Guard, conducted the first-ever enduring defensive cyber training mission in a Title 32 mobilization status on an installation’s non-classified internet protocol router network, or NIPRnet, at Warfield Air National Guard Base, Maryland, Nov. 16-19, 2021.

“This training is a very unique opportunity and it is the first that the Air National Guard has been able to do in a sustained and recurring process,” explains Burdon. “That was our first iteration of this new program and we look forward to conducting more of these events in the future.”

The training was conducted in order to branch out from the usual scripted training scenarios and discover what the team was capable of when given unplanned scenarios. This resembles what could potentially be tasked on a real mission while in a Title 10 status, which typically authorizes federal active-duty military service under the president in support of national defense.

While mission-type training often requires a Title 10 status due to the necessity of additional authorities, the unscripted nature of the 275th COS’ training allowed Airmen to be in a Title 32 status without the need for additional authorities to execute. This places Guard members in a mobilized status under the authority of the state’s governor and allows for the training to be conducted completely internally which enables more flexibility.

The team focused on a hunt mission type involving searching for anomalous activity and unusual behavior and determining whether there was a misconfiguration or a genuine threat to further identify and remove.

“It gives Airmen an opportunity to coordinate with mission partners, which they could be doing in a real-world environment too,” said U.S. Air Force Maj. Eric Burdon, director of operations for the 275th COS. “That command and control function as well as actual tactile work on the keyboard is a huge benefit.  It is not an easy task, so it was a great opportunity for them to flex that muscle.”

During the training mission, the team collected and analyzed over 1.7 TB of data across 161 NIPRNet client and networking systems over a 96-hour period.  As well, the team discovered 121 unique installed applications, 526 unique hashes from 51 entry locations, and 4,640 unique file paths of running processes.

The defensive cyber mission provided an opportunity to develop, train and exercise internal cyber defense on the base NIPRNet and was the first of this type of training to ever be conducted by the National Guard. Missions like this open the National Guard to better, more comprehensive training which will result in a more prepared cyber force for the future.