An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Minnesota Guard, Croatia Partner During Cyber Exercise

  • Published
  • By Maj. Benjamin Hughes and Sgt. 1st Class Sirrina Martinez,
  • Maryland & Minnesota National Guard

POSTOJNA, Slovenia—Five Minnesota National Guard Soldiers participated in the Adriatic Regional Security Cyber Cooperation exercise from June 24 to July 25. 

Approximately 50 National Guard Soldiers and Airmen from six states participated in the exercise with their armed forces partners from seven nations. The two-week cyber security training event included approximately 60 representatives from Albania, Bosnia & Herzegovina, Croatia, Kosovo, Montenegro, Slovenia, and North Macedonia, who joined with their State Partnership Program counterparts from New Jersey, Maryland, Minnesota, Iowa, Maine, and Colorado.

The Colorado National Guard and its State Partnership Program partner, Slovenia, led the exercise. The Iowa National Guard’s 132nd Combat Training Squadron Detachment 2 took the technical lead for setting up the cyber range and developing the scenario with Slovenia’s new Cyber Range Department. 

The Minnesota National Guard’s Army Maj. Luke Voeller, the deputy team lead and planner for the Defensive Cyber Operations Element, said the Minnesota team partnered with Croatian Armed Forces service members and formed one of several blue, or friendly, teams. 

“The whole purpose of the exercise was to improve our communication and processes between the Minnesota and Croatian cyber forces,” Voeller said. “It was a red and blue team activity. We worked in a simulated environment, which meant we had a team that emulated a threat actor, the red team. They placed malicious software on our network and our blue team’s response was to try to search for all of that malicious activity, consolidate all of the information, and figure out how the adversary got into the network, what they were doing while they were inside of our network, and report that information daily to a white cell, or our administration team. At the end of the exercise, we removed all of the malicious software and ensured the adversary could not get back into our network.” 

Voeller said the exercise aims to build trust and partnership between the National Guard and our foreign partners. 

“Our major goal is to ensure, if we did have to work together in an international event, that we could work together more efficiently,” he said. 

Voeller said the red team that played the adversary was an Iowa National Guard unit. The first week of the exercise involved training on tools used by the cyber team to identify adversary activity in the network, and the second week involved the blue team hunting for malicious software. 

Voeller said his team’s major takeaway was the opportunity to learn how to work together effectively in simulated and real-world scenarios. 

“First and foremost, the five that we took over, we hadn’t worked closely together in an exercise like this before, and so even our internal team was able to build our processes,” he said. “In addition to that, the tools that we learned and the different commands that we learned to hunt for and find the adversary activity, we are going to be able to better train on those tools so that we are more prepared for the next exercise or real-world situations.” 

Voeller said that as the exercise progressed, identifying malicious threats in the network became increasingly difficult. However, the red team was able to provide scenarios tailored to the skill level of the blue team members. 

“Our red team could ramp up or ramp down attacks depending on how the blue team is responding,” he said. “For example, if the blue team is really high-speed and finds a lot of attacks, then the red team can ramp up their activity to give them more things to search for and protect. Conversely, if it’s a newish blue team struggling and not really finding the initial malicious software in the network, they can slow down their attacks for those teams. Each partnership had their cyber range to work from.” 

The cyber range, Voeller said, is a simulated environment of a corporate network, which was duplicated and copied for each partnership team. 
A strength that the cyber team from Minnesota had coming into this exercise, Voeller said, is civilian experience that several team members have in cyber security. 

“Cyber is very specialized, and the majority of our team in the National Guard has some sort of cyber role in the civilian world as well,” he said. It greatly helps our team to be more efficient and effective when we do these exercises because there’s already so much experience the team is pulling from their civilian careers. There are so many facets of cyber security, and we need to bring all these different skill sets together to succeed.”