Minnesota National Guard, Croatia partner during international cyber exercise
A team of five Minnesota National Guard Soldiers took part in the Adriatic Regional Security Cyber Cooperation exercise in Postojna, Slovenia, from June 24 – July 25, 2024. The exercise was held at the Slovenian Armed Forces Baron Andrej Cehovin barracks.
Approximately 50 National Guard Soldiers and Airmen from six states participated in the exercise with their armed forces partners from seven nations. The two-week cyber security training event included approximately 60 representatives from Albania, Bosnia & Herzegovina, Croatia, Kosovo, Montenegro, Slovenia, and North Macedonia who joined with their State Partnership Program counterparts from New Jersey, Maryland, Minnesota, Iowa, Maine and Colorado, respectively.
The overall exercise was led by the Colorado National Guard and their State Partnership Program partner-nation Slovenia, and the Iowa National Guard’s 132nd Combat Training Squadron Detachment 2 took the technical lead for setting up the cyber range and the scenario development with Slovenia’s new Cyber Range Department.
The Minnesota National Guard’s Army Maj. Luke Voeller, the deputy team lead and planner for the Defensive Cyber Operations Element, or DCOE, based out of Joint Force Headquarters in Saint Paul, said that the team of five from Minnesota partnered with one of their State Partnership Program partner-nations, specifically eight Croatian Armed Forces service members. Together they formed one of several blue, or friendly, teams.
“The whole purpose of the exercise was to improve our communication and processes between the Minnesota and Croatian cyber forces,” Voeller said. “It was a red team and blue team activity. We worked in a simulated environment, and what that means is we had a team that emulated a threat actor, the red team, and they placed malicious software on our network and our blue team’s response was to try to hunt and search for all of that malicious activity, consolidate all of the information, and figure out how the adversary got into the network, what they were doing while they were inside of our network, and report that information daily to a white cell, or our administration team. At the end of the exercise, we were able to remove all of the malicious software and ensure the adversary was not able to get back into our network.”
The major goal of the exercise, Voeller said, is to build our trust and partnership between the National Guard and our foreign partners.
“Our major goal is to ensure, if we did have to work together in an international event, that we could work together more efficiently,” he said.
The red team, who played the part of the adversary, was an Iowa National Guard unit, Voeller said. All participants remained in their roles throughout the exercise due to time limit constraints. The first week of the exercise was dedicated to training on several types of tools used by the cyber team to identify adversary activity in the network, and the second week consisted of the blue team hunting for malicious software.
The major takeaway for his team, Voeller said, was an opportunity to learn how to effectively work together in simulated and real-world scenarios.
“First and foremost, the five that we took over, we haven’t worked closely together in an exercise like this before and so even our internal team was able to build our processes,” he said. “In addition to that, the tools that we learned and the different commands that we learned to hunt for and find the adversary activity, we are going to be able to better train on those tools so that we are more prepared for the next exercise or real-world situations.”
As the exercise progressed, the task of identifying malicious threats in the network became increasingly difficult, Voeller said. However, the red team was able to provide scenarios that were tailored to the skill level of the blue team members.
“Our red team had the ability to ramp up or ramp down attacks depending on how the blue team is responding,” he said. “For example, if the blue team is really high-speed and they are finding a lot of attacks then the red team is able to ramp up their activity to give them more things to search and hunt for and to protect. Conversely, if it’s a newish blue team and they’re struggling and they’re not really finding the initial malicious software in the network then they can slow down their attacks for those teams. Each partnership had their own individual cyber range to work from.”
The cyber range, Voeller said, is a simulated environment of a corporate network, which was duplicated and copied for each individual partnership team.
A strength that the cyber team from Minnesota had coming into this exercise, Voeller said, is civilian experience that several team members have in cyber security.
“Cyber is very specialized and the majority of our team in the National Guard has some sort of cyber role in the civilian world as well,” he said. “It greatly helps our team to be more efficient and effective when we do these exercises because there’s already so much experience that the team is pulling from their civilian careers. There are so many facets of cyber security, and we need to bring all these different skillsets together in order to be successful.”
Story by Maj. Benjamin Hughes and Sgt. 1st Class Sirrina Martinez
Maryland & Minnesota National Guard
