Taking on global adversaries in the Cyber Sphere
Cyber Dawn 2022 tests the limits of troops in a limitless threat environment.
Story and photos by Amanda H. Johnson
California National Guard Public Affairs
July 27, 2022
SACRAMENTO, Calif. – In darkened rooms, dozens of computer screens light up the faces of uniformed service members, their eyes, studiously focused on streams of data scrolling across their monitors. Cross talk from team members identifies new information and potential risks to the networks they were monitoring.
“The Darwickians have attacked through cyberspace! Their actions come as retribution for the financial sanctions put on them by the international community,” reports a fictitious news organization, setting up the active threat to Cyber Dawn participants. “Several California state agencies and departments have been affected, and we have leveraged an emergency request to get assistance from teams in
Region IX.”
This event offers a unique opportunity for troops to test their capabilities and knowledge in a series of complex, hyper-realistic scenarios that mimic what they would likely encounter in a real-world cyber incident.
“In 2020, cyber attacks cost Californians $755 million in damages and in 2021, that number increased 85% to $1.4 billion,” said U.S. Army Lt. Col. Ty Shepard, the commander of Cal Guard's Joint Task Force Cyber. “Cyber incidents are an ongoing and substantial threat that has affected power plats, food supply, water supply, health care, law enforcement, and the defense sector.”
During the annual exercise, Cyber Defenders practice their craft against live threat actors in a cyber range created for this event. The cyber range refers to the simulated enterprise network where the teams interact in a good guys vs bad guys reactive affiliation.
“In 2020, cyber attacks cost Californians $755 million in damages, and in 2021, that number increased 85% to $1.4 billion.”
“The intent is to prepare Cyber Incident Responders in FEMA Region IX. We provide the response teams a chance to build their internal processes and procedures.”
“The intent is to prepare Cyber Incident Responders in FEMA Region IX,” said U.S. Army Maj. Mikael Magnuson, the exercise director. “We provide the response teams a chance to build their internal processes and procedures.”
Participants included teams from Alameda-based U.S. Coast Guard, U.S. Marine Corps reservists, Arizona, Nevada, Hawaii, and California State and National Guards.
While the military is good at providing trained and skilled cyber service members into its ranks, training as a team and learning how to do operations as a unit is more challenging, Magnuson said.
Units need space and time to sharpen their skills. Training for infantry troops is physical, like fields and acres of cleared areas. In cyber, the space needs to be created and that takes talent, resources, and money, said Magnuson. The exercise provides exactly what is needed.
Cyber Dawn, a concept developed three years ago, started with a very small footprint involving mostly California State and National Guard teams. It has grown to include every Department of Defense branch of service, and mission partners like the California Highway Patrol, the FBI, Department of Technology, and others.
“Our partners this year for network owners are the Department of Finance, the Franchise Tax Board, the City of Roseville, the Town of Truckee, and the City of San Francisco,” said Magnuson. “Their participation improves the experience for our service members, but also gives them a realistic preview of what it would be like to lead an incident response team, step-by-step.”
In a real-world event, an affected agency or department would notify the California Cyber Security Integration Center, a division of the California Office of Emergency Services. If the CSIC had insufficient resources, then they could request support from the California Military Department, said Magnuson.
Cal Guard's Joint Operations Center would then task JTF Cyber and the activities of Cyber Dawn would be replicated to assist with the situation.
“This is unique, because it integrates all levels of government, industry, law enforcement, and other partners across the western region,” said Shepard. “As recent world events have shown, our ability to protect networks and react to hybrid warfare is crucial in protecting the nation as a whole.”
“[Partner agency] participation improves the experience for our service members, but also gives them a realistic preview of what it would be like to lead an incident response team, step-by-step.”
“As recent world events have shown, our ability to protect networks and react to hybrid warfare is crucial in protecting the nation as a whole.”
Troops from the Nevada National Guard Composite Team, composed of Army and Air National Guard personnel sifts through data logs while hunting, coding, and collecting cyber threat intelligence in Sacramento, June 25, 2022.
Troops from the Nevada National Guard Composite Team, composed of Army and Air National Guard personnel sifts through data logs while hunting, coding, and collecting cyber threat intelligence in Sacramento, June 25, 2022.
An Airman from the Nevada National Guard Composite Team, composed of Army and Air National Guard personnel sifts through data logs while hunting, coding, and collecting cyber threat intelligence in Sacramento, June 25, 2022.
An Airman from the Nevada National Guard Composite Team, composed of Army and Air National Guard personnel sifts through data logs while hunting, coding, and collecting cyber threat intelligence in Sacramento, June 25, 2022.
U.S. Coast Guard Westcoast Cyber Protection Team from Alameda defend the network against active hacking during Cyber Dawn 2022 in Sacramento, June 29, 2022.
U.S. Coast Guard Westcoast Cyber Protection Team from Alameda defend the network against active hacking during Cyber Dawn 2022 in Sacramento, June 29, 2022.
Cal Guard’s 222nd Intelligence Support Squadron, 195th Wing discuss processes to hunt for malicious activity in various ranges on the network in Sacramento, June 25, 2022.
Cal Guard’s 222nd Intelligence Support Squadron, 195th Wing discuss processes to hunt for malicious activity in various ranges on the network in Sacramento, June 25, 2022.
U.S. Coast Guard Westcoast Cyber Protection Team from Alameda defend the network against active hacking during Cyber Dawn 2022 in Sacramento, June 29, 2022.
U.S. Coast Guard Westcoast Cyber Protection Team from Alameda defend the network against active hacking during Cyber Dawn 2022 in Sacramento, June 29, 2022.
U.S. Army Capt. Michelle Andalon, a signal officer for Joint Task Force Cyber reviews the phases of the third annual Cyber Dawn exercise in Sacramento, June 29, 2022.
U.S. Army Capt. Michelle Andalon, a signal officer for Joint Task Force Cyber reviews the phases of the third annual Cyber Dawn exercise in Sacramento, June 29, 2022.
Troops from the Nevada National Guard Composite Team, composed of Army and Air National Guard personnel sifts through data logs while hunting, coding, and collecting cyber threat intelligence in Sacramento, June 25, 2022.
Troops from the Nevada National Guard Composite Team, composed of Army and Air National Guard personnel sifts through data logs while hunting, coding, and collecting cyber threat intelligence in Sacramento, June 25, 2022.
U.S. Army Maj. Mikael Magnuson, Cyber Dawn 2022 exercise director, briefs an audience of distinguished visitors about the various elements of the event in Sacramento, June 29, 2022.
U.S. Army Maj. Mikael Magnuson, Cyber Dawn 2022 exercise director, briefs an audience of distinguished visitors about the various elements of the event in Sacramento, June 29, 2022.