#cyber security#cyber Yankee#Army National Guard#Woody Groton#USA#defence

Army National Guard readies for 2020 Cyber Yankee exercise

Technology magazine learns from Lt Col Woody Groton, CIO of the NH Army National Guard, about interstate collaboration and the annual Cyber Yankee exercise

John O'Hanlon
|Jun 5|magazine15 min read

It hardly needs to be said that human conflict has over the last couple of decades shifted from military confrontation of the kind seen in the wars of the last century to more complex and subtle platforms. Nations still spend significant proportions of GDP on defence hardware, but have woken up in the present century to the fact that more can be done to destabilise, weaken, threaten or confuse other nations or groups of nations by targeting the core systems and communications everyone relies on today.

In the United States, the Army National Guard is, with the Regular army and the Reserves, a key branch of the armed services, with 337,000 personnel on call nationally. Community-based, units report to the governor of their respective states unless called to protect US domestic or national interests at times of conflict or natural disaster. “Always ready, always there.” The Guard has, like the rest of the U.S. military (not to mention business and the rest of society), had to evolve rapidly into the digital era, and one of its key tasks today is to always be ready to foresee and defend against threats to the nation that come from cyberspace.

The ongoing Covid-19 pandemic, a natural disaster, has given rise to uncertainties that could be exploited by an attacker, whether motivated by criminal or political goals. For example, imagine that a hospital system might be targeted at this time, muses Lt-Col Woody Groton, Chief Information Officer of the New Hampshire Army National Guard. As a Certified Information Systems Auditor (CISA) and Certified Information Systems Security Professional (CISSP), Groton leads a team of IT professionals responsible for the Guard’s network and ensures its readiness to counter any threat. “Cyber security is integrated into everything we do. With IoT permeating everything, almost any activity you care to name could potentially be disrupted, so network modernisation is one of the top U.S. Army priorities currently.”

The Army’s cloud strategy isn’t too different from that of any large business or organisation, partnering with names like Cisco, Oracle, Microsoft, AWS and others. “The networking infrastructure we use is all the same. Our logistics system or our new integrated personnel and pay system for example are semi-custom implementations of best-in-breed systems from the likes of SAP, PeopleSoft or Microsoft.” The recently concluded Joint Enterprise Defense Infrastructure (JEDI) contract awarded to Microsoft in 2019, against hot competition from AWS, is a huge step toward placing cloud-enabled technologies like AI at the service of the Department of Defense (DoD). “The one part we keep firmly in-house is in the cryptology piece, and for our classified networks of course we work with the National Security Agency.”

From its inception in 2015, Woody Groton has been a key leader in the annual Cyber Yankee exercise across the six New England states. This, he explains, is an initiative which coordinates the National Guard’s cybersecurity response team (its ‘Blue Team’) with entities outside of the DoD from national agencies like DHS, FBI, FEMA and U.S. Cyber Command to a broad range of local and regional government, law enforcement, academic and commercial bodies as well as private companies. “As an example, in 2019 the U.S. Army account manager for Tenable reached out to us and became a very valuable participant in the exercise, offering additional cybersecurity tools; likewise we’ve worked closely with Cisco Systems among other major players over the years.”

The guard works with regional utilities from critical infrastructure. “A lot of the participants don’t have the resources to put together a cybersecurity exercise with over 300 participants, a virtual network range and a live opposing force. That includes some of the smaller utilities; for them, participating in Cyber Yankee is a learning opportunity that links them with larger players and helps them protect all of their customers.”

Read Our Digital Report

Click Here to Read

Quotables

For some of the smaller utilities participating in Cyber Yankee is a learning opportunity that links them with larger players and helps them protect all of their customers

Lt Col Woody Groton, CIO, NH National Guard | Lt Col Woody Groton, CIO, NH National Guard

A simulated but realistic threat is put forward, and these partners are invited to test their ability to respond effectively. “We work very closely with the electrical power and water industries,” he says. “Engineers from these utilities participate in the exercise to see how ready critical infrastructure is to face any attack.” So training is a clear goal of Cyber Yankee; however he is keen to stress the benefits of deepening relationships between all interested parties at a regional level, and this has been brought into sharp focus by the current Covid-19 crisis, in response to which the entire exercise has been put on hold until July 2020. “The relationships we have built here in NH, for example with the State CIO or the Chief Information Security Officer (CISO) are really important. We have mutual trust and real friendship. That applies right across the region. For example, the Massachusetts Water Resource Authority utility has been an important partner over the years, inviting guardsmen in to review their operational technology systems, since a cyber incident at any utility could be crippling for the entire community.”

For now, Covid is keeping people at home but Cyber Yankee needs to go ahead as soon as it is safe to do so, to give new soldiers and airmen coming into the services the cybersecurity training they need and to cement third party relationships for the future, Groton believes. “But you can be assured we are in a state of heightened awareness and preparedness, at times like this pandemic crisis, to meet any attempts to take advantage of the distraction it provides.”

The National Guard has some amazing talent within its network, he emphasises, with some of the smartest and most experienced penetration testing, cyber intelligence and encryption professionals. Groton is passionate about his team, and for a career soldier he is refreshingly democratic in his approach. “Rank is not really relevant, because we have extremely capable IT professionals here, whose entire focus is technology. When we have a problem we solicit solutions from the team rather than directing them in any particular way!” You might think the army was not the natural home for a geek, he jokes, but in the best sense of that word the Guard attracts people who relish the most intractable problems, and will work all hours till they are solved.

Images

So compelling is the need to guard the whole of society against disruption, that the US Army Cyber Command, formed in 2009, is now changing its name to the Army Information Warfare Command. The level of threat from malicious actors, whether state proxies, criminals or financial opportunists will continue to increase exponentially, Woody Groton predicts, making it vital that the National Guard always keeps several steps ahead of them.

The DoD and the NHNG does not endorse (expressly or by implication) any Non-Federal Entities referenced in this article.

The views presented are those of the author or LTC Groton and do not necessarily represent the views of DoD or its components.
 

Other Companies

HCL Technologies

COVID-19 and Digital Transformation: A HCL Perspective

Read Report
NTT Ltd.

NTT: connectivity with continuity, compliance and security

Read Report
Community Health Network

Driving healthcare innovation through data and analytics

Read Report
T5

T5: Mastering mission critical data center solutions

Read Report
USAF-MIT Artificial Intelligence Accelerator

USAF-MIT AI Accelerator: collaboration for new AI solutions

Read Report
BrokerLink

BrokerLink: Embracing digital to clarify insurance

Read Report
Aligned

Aligned: Putting sustainability at the heart of data management

Read Report
[24]7.ai

[24]7.ai – CX for a changing world

Read Report
SiteOne

SiteOne’s strategy driven by CX and operational efficiency

Read Report
Saphyre

Saphyre: Sophisticated yet simple pre-trade onboarding

Read Report
Protective Insurance

Protective Insurance: Embracing the art of the possible

Read Report
Nautilus

Nautilus: transforming the data center industry

Read Report
Legacy Community Health Services

Legacy Community Health: digitally enabling patient care

Read Report
Altar'd State

Altar’d State: customer-focused digital transformation

Read Report
Visions Federal Credit Union

Visions Federal Credit Union: Member-Driven Digital Solutions

Read Report
Quontic Bank

Quontic: Defining the culture of a truly digital bank

Read Report
Bell

Bell: Digital transformation in cyber security and networks

Read Report
Afore XXI-Banorte

Afore XXI-Banorte: Digital transformation and cultural shift

Read Report
DC BLOX

DC BLOX: Connected data centers for edge markets

Read Report
CIG Capital

CIG Capital: Making investment about more than just money

Read Report

Read the latest issue

Click Here to Read