By Master Sgt. J. LaVoie
460th Space Wing Public Affairs
Working under a carefully planned and escalating contested cyber
environment on Oct. 15 members of the 460th Space Wing successfully
completed its first ever exclusively cyber-focused exercise at Buckley
Air Force Base, Colo.
"Exercise Cyber Lightning" was designed to test the wing' s capability
to operate in a contested cyber environment," stated Mr. Kevin Stocking,
460th SW Plans and Programs Chief .
Eight subject matter experts (SMEs) from outside the wing, ranging from
the 688th Information Operations Wing and the Kansas Air National Guard
(both components to 24th Air Force) to the Network Operations and
Security Center and former "cyber aggressors" from Nellis AFB, helped
plan and execute the exercise. They also helped the wing' s exercise and
evaluation team assess the wing' s performance and identify lessons
"According to the SMEs we brought in, who are responsible for executing
and evaluating cyber operations across the Air Force," said Mr.
Stocking, "Cyber Lightning was certainly a first-of-its-kind wing
exercise in AFSPC, and as far as we know, across the entire Air Force
"This is not just an exercise or a game," said Col. Trent Pickering,
460th Space Wing vice commander during a wing briefing kicking off the
day's events. "It's real! It gives us a peek under the tent on how we
will command and control this base, and maintain our mission operations,
in an environment where an adversary is attempting to deny us some of
our key communications capabilities."
The exercise was centered around network degradation, outages, and
hacking activities; phishing and social engineering attempts to gain
access to the base network and solicit information on the wing' s
Critical Information List; and intermittent land mobile radio, email
"pop-ups" and chat room capabilities while responding to an active
shooter scenario and anti-terrorism injects. It also entailed some
"dumpster diving" looking for personal or unit information that wasn't
shredded properly, and office-by-office searches for CAC cards left
unattended in computers which could grant an adversary immediate access
to the wing network
"The cyber aggressors came into my office attempting to log onto our
computers," said Airman 1st Class Jessica Lopez, 460 Mission Support
Group. "I noticed the limited information and the situation seemed
suspicious. I had remembered the briefings we had in the past on how not
to let anyone on our computers due to cyber threats so I used my cyber
awareness and stopped them from getting anywhere near our computers."
Other members of the wing were recipients of social engineering phone
calls from an aggressor proclaiming to be part of the wing deployment
team. "They were trying to get me to give away information about an
exercise deployment activity, and other information on our wing critical
information list" said one recipient. "They were pretty slick, but due
to all of our recent training I figured it out and reported them to our
The wing policy is that any member who violates sound network practices
(e.g., falls prey to a phishing attempt or clicks on a link in an email
without a digital signature) is automatically locked out of their
network account for a minimum of 24 hours and must be retrained on
network security procedures before having their network access restored.
"Overall the exercise went very well," said Mr. Stocking. "It met the
intention of what the commander (Col. Clint Crosier, 460th SW Commander)
provided us as objectives. His basic direction was that we have to
ensure we can continue to command and control the wing in an environment
where all of our normal communications tools and processes were denied.
So at various points in the exercise, we took them all away--from email,
to chat rooms, to base radios--and forced the wing to develop and
implement back-up communications and operational procedures--while under
fire no less. It identified areas where we need to refine our processes
and procedures, but that was exactly the point."
According to Mr. Stocking, we will continue to execute Cyber Lightning
exercises in the future, and incorporate cyber type events in all of the
wing' s standard exercise programs. "These will become more a norm than
an exception," he said.
As an operational wing we have become so dependent on e-mail, computers,
and the network to execute key missions and processes, this exercise was
a reminder that we can't always depend upon them in today's
environment," said Colonel Crosier. "Just as we have had to plan to
operate through a contested space domain over the past decade, events
you can read about in the newspaper every day have demonstrated we now
have to learn how to operate through a contested cyber domain as well.
During a loss or degradation of communication capabilities we have to
continue to perform our critical missile warning mission, provide
support to the national command leaders, and protect the men and women
of Buckley Air Force Base--and failure isn't an option."
In an American Forces Press Service story posted on Oct.18, Deputy
Defense Secretary William J. Lynn III said Oct. 14, "With the creation
of the U.S. Cyber Command in May and last week's cyber security
agreement between the departments of Defense and Homeland Security, DoD
officials are ready to add cyberspace to sea, land, air and space as the
latest domain of warfare.
"Information technology provides us with critical advantages in all of
our war fighting domains, so we need to protect cyberspace to enable
those advantages," Secretary Lynn said. "Adversaries may be able to
undermine the military's advantages in conventional areas by attacking
the nation's military and commercial information technology, or IT,
A lot of the planning, management and execution for this exercise was
the direct result of Capt. Sarah Ford and Mr. Mike Hanke from Wing Plans
and our EET team explained Mr. Stocking. "They deserve the credit for
making this exercise successful," he said. "And we're going to do a lot
more of them."
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.