WASHINGTON — An Air Force cyber squadron recently lent its expertise in cloud defense to improve the skills of international partners and the other services, conducting a cyber exercise in a cloud-based simulation where operators had to protect the medical data of fictional citizens from malicious attacks.
Cloud services, while not entirely new, are an increasingly important component of networks and therefore prime targets for malicious cyber actors. The military is beginning to transition much of its infrastructure into cloud environments and must be adept at fending off intrusions and understanding this terrain.
Cyber Dome, a joint U.S. Cyber Command and Israel Defense Forces exercise in December, sought to game cloud defense in an effort to strengthen the cyber partnership between the two nations and share tactics.
“As we both look at problem sets of emerging technology and more and more of our government systems transition to cloud infrastructures like Amazon Web Services, how do we work together to partner off of each other’s strengths and capabilities and help each other work with the industry and grow our skills,” Lt. Col. Steven Payne, commander of the 837th Cyberspace Operations Squadron, said in an interview.
The 837th was specifically chosen to participate in the exercise’s sixth iteration because it has developed expertise in the tradecraft for defending clouds, he said, adding the squadron has worked with industry and built up training material for cyber defenders in cloud technologies.
Exercises such as Cyber Dome allow the squadron to share these insights across the military with other units as well. Payne said they shared their knowledge with a U.S. Army cyber team participating in the exercise to help them become better cloud defenders. The squadron is working with higher headquarters on how to continue such partnerships both within the military and internationally.
“We partnered with Israel on this one. Are there other partners out there also looking to get into the space of cloud tradecraft learning and development? It’s a question we’re looking at,” Payne said.
The squadron itself does not work directly with the Israeli government in an operational sense. Yet exercises like this allow it to share its expertise with units that do to improve collective cyber defense. Moreover, lessons are shared between the Israeli defenders, who have a different vantage point and can provide unique approaches to defending critical networks.
“These exercises give us a chance to really rehearse and practice things that we don’t necessarily get a chance to do day to day,” Payne said. “We get to work with partners and others who have experienced different kinds of situations or scenarios in their cyber defense mission … The Israelis, for example, specifically, they of course bring in a different mindset. They have different geopolitical scenarios or situations that affect them day to day [and] different threats.”
Exercise participants described this sharing of tactics and experiences as a key takeaway from the event.
Teams operated in a custom built range based in Amazon Web Services along with on-premise infrastructure valued at roughly $80,000. They created a fictional ministry of health with a public facing portal for fictional citizens to register their COVID-19 statuses.
“When you have personal data and health statuses … that is very relevant information that any malicious cyber actor would be looking to gather,” Tech. Sgt. William Hopkins, range team lead for the exercise, said.
The AWS infrastructure was connected to fake Internet of Things devices simulating vaccine storage warehouses responding to and providing updates to local defenders on how many vaccines were there, storage temperatures and other important information. Teams had to defend against ransomware attacks, data exfiltration, website defacements and other types of malicious cyber activity.
Despite being more of a civilian example, the key tenets of cyber and cloud defense still apply.
“Protecting data is one of the biggest functions of cybersecurity, is protecting everyone’s data,” Hopkins said. “It doesn’t matter whether it’s a commercial entity, a government entity or an exercise entity. Data protection is always key.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.