SCOTT AIR FORCE BASE, Ill.-- The Air Force recently hosted a four-week long training exercise known as “Black Demon“ at Scott Air Force Base, Illinois, to ensure “full operational capability“ status for two teams of cyber protection experts.
The exercise, conducted under the direction of 24th Air Force located at Joint Base San Antonio-Lackland, Texas, validated the readiness of the 854th and 901st Cyber Protection Teams in meeting their operational requirements as established by U.S. Cyber Command.
Scott AFB has seven CPTs which are part of the nation’s “Cyber Mission Force,” and were created specifically to locate, defend and counter attacks targeted toward critical infrastructure, systems or platforms.
“A unique aspect of the CPT is that it’s not intended to defend an entire network, but only what is critical to mission success. Black Demon is a way to validate that our CPTs are ready to do that,” said Maj. Steven Payne, 835th Cyberspace Operations Squadron director of operations.
Payne’s squadron falls under the 688th Cyber Operations Group which has five squadrons that defend and counter cyber threats. Within those squadrons are specially trained, mobile teams that provide advanced tools and capabilities to counter cyber threats.
“The adversary is always coming at us with multiple threats and challenges, and you can see this in the news all the time,” Payne said. “CPTs are needed to counter those threats.”
He explained that the adversary role in this exercise was played by real life aggressors located at another base, and the entire exercise was conducted on a cyber range that simulated the mission or asset to be protected.
Staff Sgt. Jason Patton, a cyber warfare operator with the 854th CPT in the 42nd Cyber Operations Squadron (Reserve), said this was the most comprehensive exercise he’s been involved with.
“It’s my fourth exercise, and while I’ve played all different roles—aggressor, defender, evaluator—this one allowed me to go more in depth and proceed at a slower pace. This allows us to examine the (cyber) traffic, pinpoint the issues and then lock and block it. In addition, I’ve been surrounded by so many smart people, and I have grown this past month by just learning from them and from being part of their team. It’s been great!“
First Lt. Nicholas Miller, a cyber warfare operations officer with the 837th Cyber Operations Squadron, assisted with the validation process for the 901st CPT, and explained his role in the exercise.
“The CPTs are mobile teams who go to various locations to work on an issue or to help protect a certain mission,” Miller said. “In this exercise I was helping five squads defend a network under attack by as many people as possible ... almost like a wild west of attacks. They could be sitting there and listening, or they could control parts of the network, attack power systems or even produce false data. I’ve been in training for about a year and a half, and I was here to test my abilities as well as my management skills for using other people’s abilities.”
He said that CPTs cannot be declared “FOC” or rather “full operational capability” until the validation is complete, which is a “go/no-go” step prior to mission tasking.
This is the first time an exercise like Black Demon has been conducted at Scott AFB, and evaluators say they are poised to continue conducting validation exercises here, which will save the Air Force time and money that would otherwise be spent on travel costs for the validation process.
While the CPTs are mobile and always ready to deploy their specialized skills, they still need collaboration from the host-unit communications squadrons since the CPTs do not own the networks. Host unit communication teams step in to work alongside the CPTs, and in fact, are growing their own more robust defensive cyber teams as part of an Air Force initiative to arm Airmen for the 21st Century battles.
Named the “Cyber Squadron Initiative,” the Air Force has identified 45 squadrons to be pathfinder units that will organize, train and equip cutting-edge applications to provide mission assurance to each unit’s critical missions. Scott’s 375th Communications Squadron is one of the pathfinder units.
Lt. Col. George Sconyers, 375th Communication Support Squadron commander, said that a team of technicians from his unit, the 375th CS and the 618th Air Operations Center, supported Black Demon by playing the role of the host communications unit for the CPTs being validated.
Sconyers said this is a “win-win” situation because exercises such as Black Demon generate advanced training for his teams right here as well, saving thousands in training costs for advanced schools and courses.
“Even with advanced courses available, those still don’t compare to the practical experience our teams get while participating in exercises like Black Demon,” Sconyers said. “Our team provides local expertise to the CPTs as they engage adversary actors. They will advise the CPTs on what is friendly traffic and what is most likely adversary activity. To accomplish this takes familiarity, and this is training we can’t recreate anywhere else. We’re able to build relationships and integrate everyone’s expertise together.”
He added, “Ultimately pathfinder units will assist the Air Force in charting the course for how best to integrate unit-level mission defense teams throughout all phases of mission planning to execution so that we can identify our ‘key terrain’ in cyberspace and safeguard our core missions against cyber threats.“
Editor’s note: Airman 1st Class Daniel Garcia contributed to this article.
Below video product created by Airman 1st Class Kiana Mitchell.