NEWS | May 4, 2017

75th Training Command provides supervision, guidance at Cyber Shield 17

By Spc. Christopher Hernandez 345th Public Affairs Detachment

A cacophony of multiple conversations, keyboard clicks, and ringing phones permeate the interior of a building illuminated by fluorescent lights and an assortment of computer screens. In spite of the deafening chorus, U.S. Army Reserve Soldiers of the 75th Training Command, Gulf Training Division out of Birmingham, Alabama, conduct their duties in an undeterred fashion.

For the Exercise Control (EXCON) group of the 75th TC, the aforementioned scene reflects the daily activities of the organization.

“We’re exercise specialists and that’s our background,” said Col. John Zierdt, the Cyber Shield Exercise Leader from the 75th TC and the Cyber Shield 17 White Cell Team Leader. “We provide command and control, written assessments, and feedback to the cyber teams as our overall mission.”

Approximately 100 Army Reserve Soldiers from the 75th TC provided training support in Exercise Cyber Shield 17, a multi-service and interagency training exercise led by the Army National Guard here, April 23-May 5, 2017.

“It’s a collective training exercise that’s afforded to Army Reserve forces aligned with operational elements of the 335th Signal Command (Theater),” said Maj. Patrick Wicker, an officer from the Defense Information Systems Agency-Army Reserve Element out of St. Louis, Missouri, and DISA Blue Team Lead. “Cyber Shield gives us an opportunity to collectively train in incident response and cyber defense activities, since we normally don’t get as much an opportunity.”

According to Zierdt, he and the 75th TC have had experience in the past with Cyber Shield exercises.

“I led the White Cell at CS-16 last year, and it was the first time that the Army Reserve was invited to provide the assessment capability,” Zierdt said.

Zierdt also noted that there were key differences between CS-16 and CS-17.

“Based on a lot of lessons learned last year, we’re integrating mission partners like state civilians and industry representatives that work for critical infrastructures,” said Zierdt. “There is also a lot more involvement this year with the state fusion cells in the intel function, so that’s the biggest change for us.”

Although Army Reserve training exercises are usually overseen by Observer-Controller-Trainers (OCTs), the highly technical nature of cyber security operations necessitated three specific types of assessors for Cyber Shield 17.

“First, we have the training controllers, who are primarily Soldiers from the 75th TC,” Zierdt said. “We control the tempo of the exercise, we speed it up or slow it down, we make sure the Blue and Red Teams are ready for the event to happen, and then we use tools to communicate…and to make sure everything is ready.”

The second category of the assessors, known as the embedded observers (EOs), are assigned to the Blue Cell cyber protection teams, or CPTs of the exercise.

“I’m here to assess whether or not they are executing the exercise (to standard), participating correctly, and judge whether or not if they’ve completed it 100 percent,” said Capt. Derly Gutierrez III, an EO and member of the Southwest Cyber Protection Center, Army Cyber Operations Group out of San Antonio, Texas. “If not, I make recommendations on what to improve. We also have to play as teachers and mentors to a certain degree in this exercise.”

Lastly, the Red Cell (opposing force) is supervised by training analysts (TAs) who survey data and other metrics collected in the exercise.

“As a TA, we analyze all data, take that data down, and brief the teams,” said Staff Sgt. Christopher Bell, a training assessor for the 75th TC. “It’s a unique ability to give each one of these teams and the type of training for what level they’re at. Some teams are moving faster than others while some teams are struggling a little bit more, but in the end, we’re going to provide quality training for every team.”

Besides the usage of data analytics and other metrics used to measure team performance, the assessors harbor expectations and objectives sans software techniques.

“My goal is not only to get a better understanding of what a CPT should do, but also an understanding of how the Guard’s expectations are different from the Reserve, and how they plan to standardize tools and communicate effectively on what they’re seeing as far as threats are concerned,” Gutierrez said. “What we’re looking to get out of the exercise is to get them in the right mindset and take the lessons from this exercise home so they can continue to train in that manner.”

The desired outcome of CS-17 is to achieve collective training event requirements, refine the standards of performance, evaluate teams’ performance against doctrinal standards, and set the conditions for team validation objectives.

“Cyber Shield is a very beneficial exercise in that it allows us to integrate as part of mission support, observe how other states and other Defensive Cyber Operations teams conduct their operations, said Wicker. “This is a great opportunity for collaboration and for lessons learned as a result.”