OKLAHOMA CITY – The Oklahoma National Guard cybersecurity team took top honors Sept. 18-19 at the online 2020 NetWars Cyber Shield competition with National Guard and Reserve teams from 22 states.
The Oklahoma National Guard cyber team, which competed under the name OKBOOMER, included Airmen and Soldier specialists in network and telecommunications forensics and system administration. The cyber sleuths investigated the location of cyber threats, identified cyber signatures and linked historical digital footprints to eliminate threats.
“Threat groups and criminal organizations usually stick to a standard set of tactics that are unique between them,” said Sgt. Sean Singley, intelligence analyst with the Oklahoma National Guard defensive cyber operations element. “If you get enough of their signatures or fingerprints, you can start to tie it back or attribute that threat to them, and then know what their entire attack methodology is.”
Points for correct answers and difficulty of threat increased exponentially as the competition progressed. If a team became stuck on a certain question, hints were available. However, teams were penalized for using hints or submitting wrong answers. After the first day of questions, the team was in 10th place.
“We have all done exercises like this as individuals, but as a team, this is the first time we have worked together,” said Chief Warrant Officer 2 Tyson Joachims, network incident handler with the Oklahoma National Guard defensive cyber operations element. “The first thing we have to identify is what everybody’s skill set is and put talent where they are best suited. There is definitely some strategy involved in how you answer questions. Our strategy was no hints, and before you submit something that’s questionable, let’s talk about it first.”
On the second day of competition, the team stuck to its strategy and it paid off. Despite running out of time and not answering the final question, the team navigated the entire competition losing the least number of points of any team and only used one hint. Teams that came in second and third place lost five times as many points and used dozens of hints to complete the tasks.
“They force you to try different tools and different ways of solving puzzles,” Joachims said. “One advantage of the National Guard is that we all have civilian jobs and we are learning things on our own individually. Then, we can bring that back and make the whole of the team stronger. We were able to help each other learn and get through the competition. I’m pretty fortunate to have a pretty great group of guys.”
Compared to a barrage of artillery shells using computer-guided targeting in mountainous terrain or an assault on an enemy compound assisted by infrared drone footage, cyberattacks can be launched by an enemy wearing sweatpants from a bedroom thousands of miles away.
Sgt. Brandon Dixon, network incident handler with the Oklahoma National Guard defensive cyber operations element, said these competitions train Soldiers to use different techniques and strategies when approaching cyber threats.
“In the competition, you come across new techniques a hacker can use,” Dixon said. “Sometimes you end up going down rabbit holes and learning something new accidentally.”
Dixon was also a member of the Oklahoma National Guard cybersecurity team that tied for first place in the 2018 Cyber Shield competition. He said the team hopes to recruit a few more highly skilled competitors before next year’s competition.
“We are the best of the best in the IT field,” Dixon said. “Being a member of the team is based on talent, knowledge and any IT certifications you have that can back your knowledge level. Next year we want to use zero hints and answer all the questions. We have a good formula; there’s just a few things we need to study up on before next time.”
Joachims said cybersecurity is not just for those who have studied and earned certifications in protecting network security – it is the responsibility of each user to ensure the collective network everybody operates on remains as secure as possible.
“There is a big difference between setting something up and defending it from threats,” Joachims said. “Cybersecurity is looking at how somebody is getting in and stealing data. If someone doesn’t do something according to best practices, then that’s where we would be open and susceptible to a threat. That’s why you always hear, ‘Keep your systems up to date,’ and, ‘Make sure you run anti-virus software.’ For some people, that just becomes white noise. But for us, that’s the space where we live and breathe.”