An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : News
NEWS | June 6, 2023

Cyber Yankee prepares DoD, government, and business for potential cyber threats

By Timothy Koster

In Ernest Cline’s 2012 novel, Ready Player One, people have migrated much of their lives into a virtual reality world known as the Oasis. In this digital universe, people play games, make money, and interact with strangers and friends from around the globe. Although we’ve yet to reach this level of integration with VR in the non-literary world, a staggering amount of the world around us relies of a connection to the world wide web to provide the ease of access we take for granted every day.

This instant connection certainly makes aspects of our lives easier – think online banking, shopping, or teleworking – but it also opens our sensitive information such as Personal Identifiable Information (PII) and banking information to outsider threats from malicious actors like hackers.

This vulnerability isn’t just at the personal level, however. Power plants, public transportation, and oil pipelines – almost all of our nation’s critical infrastructure has some level of connection to the internet. According to the Center for Strategic and International Studies, at the time this article was written, there have been forty-seven significant cyber incidents this year around the world that have targeted people and/or governments. Not listed on the site are the countless minor attacks that happen every single day.

These attacks include phishing attempts to conduct espionage, malware designed to obtain confidential information against governments, militaries, and civilians, and ransomware against educational institutions, just to name a few.

This is why the Department of Defense has doubled down on its efforts to recruit and build its cyber capabilities. According to the released, unclassified 2023 DoD Cyber Strategy, the military has four main lines of effort when it comes to the cyberspace: defend the nation, prepare to fight and win the nation’s wars, protect the cyber domain with allies and partners, and build enduring advantages in cyberspace.

To do this, a series of cyber-centric training exercises have been developed to build the military’s cyber capabilities. Cyber Yankee is the second-largest exercise of its kind in the world and brings together National Guard and Reserve cyber warriors from the Army, Navy, Air Force, Marine Corps, and Coast Guard from around the country.
Started in 2015, Cyber Yankee is the premier regional cyber training event for defense, state and federal agencies, and key utility companies to rehearse prevention and response best practices. And, unlike other cyber-focused training events which focus entirely on threats against the DoD’s information Network (DODIN), Cyber Yankee is the only military exercise which focuses on critical infrastructure and key resources that directly affect the American people.

“The fact we exercise [with cyber professionals from the private sector and utility companies], we practice like we fight,” said U.S. Army Lt. Col. Tim Hunt, deputy director of Cyber Yankee and fulltime Guardsman from the Massachusetts National Guard. “So, if there were something where we need to get activated already knowing those people, already having relationships, it goes a long way getting Soldiers and Airmen into action and helping provide and support a response to take care of something that’s effecting the citizens of the region.”

One aspect of the National Guard that makes its Soldiers and Airmen uniquely qualified for this type of mission is their diversity in knowledge, skills, and experience. Most cyber guardsmen are part-time warriors and, outside of their monthly training days, live and work – often within the cyber or information technology domain – in the communities they’re working to defend.

The exercises split participants into two teams, red and blue. The red team serves as the OPFOR, or opposing force, in a traditional military training exercise. Their role is to behave as a malicious state actor trying to infiltrate the United States’ critical infrastructure through a series of cyberattacks. The blue team on the other hand, which comprises both military and industry partners, work to thwart the red team’s attempts to disrupt their assigned sector.

In addition to building the relationships and standard operating procedures with their industry counterparts, exercises like Cyber Yankee work toward training National Guardsmen to serve as the first responders for the Cybersecurity & Infrastructure Security Agency (CISA) during a large-scale cyberattack.

“We have fifty-four National Guards across the greater United States and each governor has Army Soldiers and Air National Guardsmen at their disposal,” said Hunt. “A lot of times we associate a National Guard state response under the governor’s direction for a wildfire, hurricane or natural disaster … but now we’re in this new reality where cyberspace touches all of us every day.”

“If you read the news, in many cases, when there’s a big cyberattack in a state, the National Guard is the first and primary response to that simply because they’re there, the governor can call on them, and put them immediately on status,” said Air Force Lt. Col. Cameron Sprague, director of Cyber Yankee.

Speaking of the news, the organizers of this year’s event turned to the conflict between Russia and Ukraine, a war which has highlighted cyber capabilities on the modern battlefield, to create a more realistic training scenario.

“We have a very tight partnership with the FBI and used real-world intelligence that they gather to simulate the threats against our critical infrastructure in this exercise, similar to what we saw in Ukraine,” said Sprague.

For many Americans the war in Ukraine may seem like little more than a news headline somewhere far away, but the implications of cyberattacks can have far-reaching impact. Take, for example, the ransomware attack on the Colonial Pipeline, the largest American pipeline for refined oil products and victim of one of the largest cyberattacks against critical infrastructure, ever.

The attack forced Colonial Pipeline to cease operations for six days which resulted in immediate fuel shortages and led to public panic and the highest gas prices of the year. As a result, President Joe Biden issued Executive Order 14028 on May 12, 2021, which increased software security standards for sales to the government, tightened detection and security on existing systems, improved information sharing and training, and established a Cyber Safety Review Board, among others.

It also highlighted the importance of training exercises like Cyber Yankee to defend against cyberattacks, deter potential adversaries from initiating an attack, and improving response times and results should someone attempt to attack our critical infrastructure.

“This is the ninth year of Cyber Yankee so the military, the National Guard in particular … has been taking this threat seriously and has been exercising, talking about it, developing relationships across state, local, federal government and private sector to prepare for that day and hopefully it won’t happen,” said Hunt.