Data Processing Unit conducts cyber defense exercise

Soldiers from the Fairfax-based Data Process Unit respond to a simulated cyber attack during a cyber defense exercise conducted Sept. 15 in Fairfax. (Photo by Cotton Puryear, Virginia National Guard Public Affairs)

FAIRFAX, Va. – Soldiers from the Virginia National Guard’s Fairfax-based Data Processing Unit evaluated their proficiency levels in computer network defense during the unit’s capstone “Obsidian Horde” exercise Sept. 15. The exercise used different cyber scenarios of varying difficulty in order to test Soldier skills and provide senior leaders with an opportunity to evaluate the effectiveness of cyber warfare training conducted in the past year. The scenarios were administered by unit facilitators concurrently over an eight-hour period during the DPU’s scheduled drill.

“I’m extremely pleased with the results of this exercise,” said Lt. Col. Randall Cudworth, commander of the DPU. “It provided us with a great opportunity to gain full visibility on the high level of cyber warfare skills of our DPU Soldiers. Because it was also a training event, it gave them additional network defense experience and the chance to develop more advanced cyber defense skills.”

Additionally, a basic skills training session was provided for Soldiers new to the unit and who had not yet received the training necessary to complete the tasks required in the scenarios. This consisted of seven hours of training in basic network and computer operations.

The exercise began with an assessment conducted by the facilitators in order to determine the proficiency level of each Soldier and ensure that he or she was assigned to the scenario at the appropriate level of difficulty. Each Soldier also completed a self-assessment in order to confirm the evaluation of the facilitators.

“We wanted to make sure that the skill levels required for each of the three scenario-based modules were matched as closely as possible to those of the participating Soldiers, in order to push the limits of their knowledge and experience, and therefore maximize the training value,” Cudworth added. “That meant that each module used the ‘crawl, walk, run’ Army training concept to bring the Soldiers up to speed quickly though hands-on training and constant feed-back.”

The cyber warriors of the DPU can be called to assist state emergency response and law enforcement agencies in the event of any number of different kinds of cyber attacks, and their integration is facilitated by the Fairfax-based Information Operations Support Center. The IOSC consists of eight Soldiers that conduct staff planning and assessment to anticipate potential cyber threats and ensure effective employment of cyber response capabilities.

Using Soldiers from the DPU, the IOSC task organizes special Mission Support Teams capable of conducting cyber incident response for missions such as computer forensics, network architecture analysis and vulnerability assessments, cyber threat analysis and assistance with computer network defense. When the IOSC is made aware of a specific cyber threat, they can specially tailor the MST with Soldiers that have the appropriate skill set to provide an effective incident response.

The basic cyber scenario was designed to both reinforce and further develop basic computer network defense monitoring skills. In teams of two, the Soldiers conducted monitoring of recorded computer network traffic and analyzed events in that traffic in real time. This traffic had been drawn from an actual DoD network that had previously been compromised. The facilitator knew when significant intrusion and compromise events occurred in the traffic flow and evaluated the Soldiers on their respective abilities to identify these events. If the Soldiers missed any of these events, the facilitator also had the ability to rewind the scenario and replay the events in order to teach the Soldiers to recognize them.

With the more advanced scenario, computer network defense skills were reinforced through the use of a simulated computer network system that provided realistic real-time traffic in connection with a particular network asset. Ten teams of two Soldiers were assigned network monitoring duties for these network assets and observed the effects of network traffic on these assigned assets. As the facilitator launched computer network intrusion scenarios of increasing complexity, each team had to identify when an attack was taking place on their assigned asset, the type of attack, and offer countermeasures to mitigate the network threat.

The scenario also reinforced basic and advanced computer network attack and computer network exploitation skills through the use of a simulated computer network server comprised of virtual computers running versions of the Windows Operating System. The DPU Soldiers worked in teams to conduct CNA and CNE operations against the simulated network. They were evaluated on their ability to gain intelligence information placed in one or more of the computers by the facilitator after conducting a computer intrusion and moving laterally through the simulated network.

“The more advanced scenario was a great opportunity for us to both provide an event that would evaluate the DPU Soldiers in a comprehensive way, while introducing a little friendly competition between them,” Cudworth said. “Like a game of ‘Capture the Flag,’ the Soldiers were competing with each other to be the first to capture certain intelligence information from the simulated network. In order to do this, however, they had to bring together the knowledge they had acquired from the training in creative ways.”

About the DPU:

Originally formed in January, 1975, the mission of the Fairfax-based Virginia National Guard’s Data Processing Unit has evolved over the years in response to a changing IT environment to support the Virginia National Guard Bureau and a variety of Department of Defense organizations. Organizations currently supported directly or indirectly by the DPU include United States Strategic Command, United States Cyber Command, U.S. Army Cyber Command, U.S. Army Network Enterprise Technology Command, and U.S. Army’s 1st Information Operations Command, among others. Most recently, soldiers from the DPU have been conducting missions inside the U.S. in support of Operation Iraqi Freedom and Operation Enduring Freedom. The DPU is comprised of approximately 165 Soldiers.

Story by Capt. Peter J. Molineaux ~

Additional reporting by Cotton Puryear –


View more photos on Flickr: