PORTLAND, Ore. —
A cyber exercise called Ready Redhawk was conducted from February 27 through March 16 at Portland Air National Guard Base, Oregon. The exercise was planned and led by the 142nd Wing Inspector General office.
The three-week exercise tested the 142nd Wing’s ability to meet mission requirements in a technologically degraded environment. Additionally, the exercise served to identify unknown vulnerabilities the wing may have for both physical and cyber security.
Participants in the Ready Redhawk Exercise included the Western Air Defense Sector (WADS) out of Joint Base Lewis-McChord, Wash., the Air Force Operational Test and Evaluation Center (AFOTEC) out of Kirtland Air Force Base, N.M., the 177th Information Aggressor Squadron (IAS) out of McConnell Air Force Base, Kan., and the 262nd Cyberspace Operations Squadron (COS) out of Camp Murray, Wash.
During the exercise, the 177th IAS acted as the adversary, or “red force,” staging attacks on the 142nd Wing’s network and installation, while the 262nd COS, the “blue force,” worked to hunt and clear the nefarious cyber effects.
The 177th IAS studies, replicates, and teaches adversarial cyber tactics, techniques, and procedures on live networks and Air Force installations across the nation. By exposing airmen to tactics used by adversaries, they gain an understanding of how to identify enemy activity and report it correctly.
Conversely, the 262nd COS leads the Air National Guard in conducting Industrial Control Systems Defense Cyber Operations (DCO) and Cyber Protection Team (CPT) missions.
177 IAS Commander, Lt. Col. David Carpenter, explained that his Airmen’s role in this exercise was to act as a nation-state level threat with the objective of gaining close access to base facilities and networks.
“With physical and cyber access, [they could] collect operationally relevant data in order to impact operational effectiveness of blue forces,” said Carpenter.
Throughout Ready Redhawk, the 262nd COS played the role of a quick-turn Incident Response Team (IRT), where they worked to identify (hunt), resolve, deny adversary reattack, and provide recommendations to increase overall security posture.
“Our primary objectives centered around restoring capability to the 142nd Wing and working with local defenders to keep the 142nd in an operational state,” said Tech. Sgt. Christopher Felix, a cyber intelligence analyst with the 262nd COS.
This exercise was the first multi-state/multi-unit exercise to incorporate both cyber aggressors (the 177th IAS) and a Cyber Protection Team (the 262nd COS), on a live network, focused on the critical missions of the Oregon and Washington Air National Guard.
142nd Wing Inspector General, Lt. Col. Kari Armstrong, led the planning and execution of the Ready Redhawk Exercise. She stated that this exercise was unique because it played out on the wing’s actual network. This provided an opportunity for Airmen to respond to real effects while executing their missions, versus responding to simulated effects via an inject card or inspector input.
For the 262nd COS, operating on the 142nd Wing’s network brought with it several challenges.
“When met with a network as large as a full installation we’re starting to talk about thousands of workstations with tons of users, all operating in very different ways,” said Felix. “These issues and many others gave us a ton of tactical problems to solve even before we began hunting.”
Airmen of the 142nd Wing experienced the effects of the exercise as they might play out in a real-world scenario, demanding high levels of awareness, quick thinking, and applying problem-solving skills.
“In this exercise, Airmen got to experience seeing their computers, phones, and radios fail first-hand and then go through the steps of identifying and reporting it, as well as forcing them to use their backup communication methods,” said Armstrong.
Another factor which served to further challenge participants was the fact that Ready Redhawk is one of the first cyber exercises to incorporate a “fight to get in the air” scenario. Essentially, the adversary’s goal was to prevent the wing from being able to perform one of its core missions: protecting the skies of the Pacific Northwest.
142nd Wing Commander, Col. Todd Hofford, emphasized the need to test the wing’s capabilities to meet the U.S. Air Force’s operational imperative number seven, which is the readiness of the Department of the Air Force to transition to a wartime posture against a peer competitor.
“In short, [it’s] our ability to mobilize, deploy, and fight,” said Hofford.
Testing the wing’s ability to launch in degraded conditions is paramount to this concept.
“If we ever go to war, the adversary is going to likely try to stop us from even launching,” said Hofford.
The scenarios that surfaced throughout Ready Redhawk provided difficult and unpredictable challenges to Airmen, driving the emphasis on the need to be ready to meet the mission no matter what.
“What I hope the wing takes away from this exercise is that we need to always be vigilant,” said Armstrong. “We have become accustomed to equating being at home to ‘peacetime,’ and being deployed to ‘combat’. We need to pivot our mindset to being ‘in combat’ at our home base on a day-to-day basis.”