By Marcus Hill | 50th Space Wing Public Affairs
SCHRIEVER AIR FORCE BASE, Colo. — Nearly 10 Airmen from the 50th Space Communications Squadron continued to hone their cyber-attack defense skills during Capture the Flag events hosted by 92nd Space Operations Squadron.
The exercise began March 25 and will continue as long as COVID-19 transmission prevention keeps Airmen practicing physical distancing guidelines. The CTF exercise, which provides training events held by various information security companies around the world, currently has more than 20 squadrons and nearly 250 operators participating to expand cybersecurity and stay current on cyber threats.
“When we do these events, it helps us fine-tune those skills so we don’t forget them,” said Tech. Sgt. Raymond Evans, 50th SCS cyber warfare operator. “It brings new skills to the table because the cyber terrain is constantly changing; there is always a newer operating system version, applications, and hardware every year, and, in some environments, every month.” The 50th SCS secured an invite to participate through Ezra Ortiz, 50th SCS cyber operations director, who previously worked with the 567th Cyberspace Operations Group.
“The target group is the 567th, but beyond that it becomes a word-of-mouth type event and squadrons can bring guests along,” said 1st Lt. Robert Wilson, 92nd COS chief of training at Joint Base San Antonio-Lackland, Texas. “[Ortiz] is still in touch with a lot of folks over here. Then a lieutenant got in touch with us about our hunt event and we included [50th SCS] on the invite.”
Normally, the 567th COG hosts a ‘hunt’ exercise every two months to keep their operators sharp. The hunt involves teams of cyber defenders identifying “adversary activities” on friendly networks.
If they notice such behavior or recognize a potentially compromised network, they find the threat and stop the activity. Once 567th COG learned COVID-19 delayed their hunt events, the group compiled training for CTF, which took nearly a week and a half to create. “It’s important because the longer they’re stuck at home and not running usual training events, the harder it is to stay fresh and in the groove,” Wilson said.
“We have opportunities like this where we can set up a competition with a wide selection of different challenges. It provides an opportunity for our operators to stretch their muscles and also try things they might not be [able to elsewhere].” The CTF exercise provides “a Jeopardy-style” training for Airmen with nearly 200 training options where participants use communication, teamwork and individual skills to complete the mission.
“We have several [trainings] that are host-based analysis on Unix and Windows systems where you’ll either log in to a system and look for evidence that a bad guy’s been there or you’ll get logs from a Windows system and identify what the bad guy did when he was there,” Wilson said.
“What’s good is this can be used after [COVID-19]. We can use these [trainings] for mission training and incorporate those once we [return to base].” Through their first three weeks of participation, 50th SCS made its mark. The squadron placed two of its teams in the top 10, March 26-27.
“Without this kind of practice and training, in the future, if something big was to happen, we would need to marry automation and AI-driven technologies with skilled operators who can respond quickly in a timely manner and be lethal on the keyboard as well,” Evans said.
“Learning how to operate as a team can make or break an organization.” Evans discovered throughout his career that his pursuit of knowledge afforded him several opportunities. It allowed Evans to defend Air Force networks and to complete road missions.
“CTF brings a drive to want to do this more,” Evans said. “In the cyber protection realm, those who did CTFs [developed] a greater drive to want to be better at their jobs because we wanted to outdo one another. It’s important for us to develop our [tactics, techniques and procedures] to document them. We need those to be replicated no matter who’s behind the computer.”