The hunt is on: Cyber group hosts exercise to evolve operators

Members of the 833rd Cyberspace Operations Squadron participate in the monthly 567th Cyberspace Operations Group “hunt exercise” at Joint Base San Antonio-Lackland, Texas, March 21, 2019. The three-day exercise afforded teams from the 90th, 92nd, 833rd and 834th COSs, as well as the Air Force Office of Special Investigations, the opportunity to defend against an enemy within a virtual training network. (U.S. Air Force photo by Tech. Sgt. R.J. Biermann)
March 26, 2019

The 833rd Cyberspace Operations Squadron was declared victorious in the 567th Cyberspace Operation Group’s “hunt exercise” on March 22, 2019.

The win came as a blow to the 92nd COS, who created the exercise and found themselves relinquishing their commanders cup trophy to a sister squadron.

Hosted monthly since last year, the exercise allowed participants to practice defending against an enemy within a virtual training network. Its adoption by the 567th COG enabled teams from other units the opportunity to participate.

The exercise was administered by the 92nd COS’ training flight, who develop training plans, all aimed at one goal.

“The more realistic we can make our exercises, the better we can prepare our operators to identify adversary tactics,” said Tech. Sgt. Joshua Costello, 92nd COS training flight chief. “This enhances operators’ ability to quickly detect real-world malicious network activity and stop it before it causes any damage.”

During the exercise, a simulated enemy force called the “red team” prepared the playing field by gaining access to the training network via malicious links placed in phishing emails. Once inside, they used standard operating system programs to disguise their actions as they worked to infect other machines and steal exercise data from a network database.

Throughout the exercise, intelligence analysts worked to gain knowledge about enemy actions on the network to advise their cyber operators on how to best pursue them.

At the conclusion of the exercise, each team briefed judges on their findings of the enemy’s actions within the network. The winner was able to capture the clearest picture of these actions.

According to 1st. Lt. Robert Wilson, 92nd COS training flight commander, winner or not, everyone gained from the exercise.

“These operators are extremely competent and versatile,” said Wilson. “They’re given so many challenges; no two missions are the same. If there’s something they don’t know, they go learn it … they figure out a way to make it happen. And they did that this week.”

The exercise also underscored the impact poor cyber vigilance among network users can have on the strength of the network.

“Both of the attacks we simulated were delivered via phishing,” said Wilson. “After clicking the link, your computer’s compromised. This is something bad guys do all the time. It’s one of the easiest ways to access a network.”

Wilson urges individual users to verify the sender’s identity before clicking email hyperlinks or attachments.

“If you click on a document and it asks your permission to run a program, maybe think twice,” said Wilson. “Phishing is one of the most common ways networks get compromised and is one of the biggest concerns to the individual user.”

The group has big plans for the exercise’s future.

“This will become the group standard,” said Wilson. “And the idea is each cyber protection team will maintain currency by completing one of these a quarter.”

As these units defend Department of Defense and Air Force networks, the 567th COG’s hunt exercises continue to evolve operators into disciplined, ready and lethal experts.