HomeNewsArticle Display

Panthers wrap up first ever Cyber Lightning exercise

Buckley Air Force Base, Colo.-  During the recent cyber lightning base exercise, Team Buckley was being tested on the use of land mobile radio usage.  ( U.S. Air Force Photo by Airman First Class Marcy Glass )

Buckley Air Force Base, Colo.- During the recent cyber lightning base exercise, Team Buckley was being tested on the use of land mobile radio usage. ( U.S. Air Force Photo by Airman First Class Marcy Glass )

Buckley Air Force Base, Colo.-  During the recent cyber lightning base exercise, Team Buckley was being tested on the use of land mobile radio usage.  ( U.S. Air Force Photo by Airman First Class Marcy Glass )

Buckley Air Force Base, Colo.- During the recent cyber lightning base exercise, Team Buckley was being tested on the use of land mobile radio usage. ( U.S. Air Force Photo by Airman First Class Marcy Glass )

10/27/2010 -- 460th Space Wing Public Affairs

Working under a carefully planned and escalating contested cyber environment on Oct. 15 members of the 460th Space Wing successfully completed its first ever exclusively cyber-focused exercise at Buckley Air Force Base, Colo.

"Exercise Cyber Lightning" was designed to test the wing' s capability to operate in a contested cyber environment," stated Mr. Kevin Stocking, 460th SW Plans and Programs Chief .

Eight subject matter experts (SMEs) from outside the wing, ranging from the 688th Information Operations Wing and the Kansas Air National Guard (both components to 24th Air Force) to the Network Operations and Security Center and former "cyber aggressors" from Nellis AFB, helped plan and execute the exercise. They also helped the wing' s exercise and evaluation team assess the wing' s performance and identify lessons learned.

"According to the SMEs we brought in, who are responsible for executing and evaluating cyber operations across the Air Force," said Mr. Stocking, "Cyber Lightning was certainly a first-of-its-kind wing exercise in AFSPC, and as far as we know, across the entire Air Force too."

"This is not just an exercise or a game," said Col. Trent Pickering, 460th Space Wing vice commander during a wing briefing kicking off the day's events. "It's real! It gives us a peek under the tent on how we will command and control this base, and maintain our mission operations, in an environment where an adversary is attempting to deny us some of our key communications capabilities."

The exercise was centered around network degradation, outages, and hacking activities; phishing and social engineering attempts to gain access to the base network and solicit information on the wing' s Critical Information List; and intermittent land mobile radio, email "pop-ups" and chat room capabilities while responding to an active shooter scenario and anti-terrorism injects. It also entailed some "dumpster diving" looking for personal or unit information that wasn't shredded properly, and office-by-office searches for CAC cards left unattended in computers which could grant an adversary immediate access to the wing network

"The cyber aggressors came into my office attempting to log onto our computers," said Airman 1st Class Jessica Lopez, 460 Mission Support Group. "I noticed the limited information and the situation seemed suspicious. I had remembered the briefings we had in the past on how not to let anyone on our computers due to cyber threats so I used my cyber awareness and stopped them from getting anywhere near our computers."


Other members of the wing were recipients of social engineering phone calls from an aggressor proclaiming to be part of the wing deployment team. "They were trying to get me to give away information about an exercise deployment activity, and other information on our wing critical information list" said one recipient. "They were pretty slick, but due to all of our recent training I figured it out and reported them to our OPSEC team."

The wing policy is that any member who violates sound network practices (e.g., falls prey to a phishing attempt or clicks on a link in an email without a digital signature) is automatically locked out of their network account for a minimum of 24 hours and must be retrained on network security procedures before having their network access restored.

"Overall the exercise went very well," said Mr. Stocking. "It met the intention of what the commander (Col. Clint Crosier, 460th SW Commander) provided us as objectives. His basic direction was that we have to ensure we can continue to command and control the wing in an environment where all of our normal communications tools and processes were denied. So at various points in the exercise, we took them all away--from email, to chat rooms, to base radios--and forced the wing to develop and implement back-up communications and operational procedures--while under fire no less. It identified areas where we need to refine our processes and procedures, but that was exactly the point."

According to Mr. Stocking, we will continue to execute Cyber Lightning exercises in the future, and incorporate cyber type events in all of the wing' s standard exercise programs. "These will become more a norm than an exception," he said.

As an operational wing we have become so dependent on e-mail, computers, and the network to execute key missions and processes, this exercise was a reminder that we can't always depend upon them in today's environment," said Colonel Crosier. "Just as we have had to plan to operate through a contested space domain over the past decade, events you can read about in the newspaper every day have demonstrated we now have to learn how to operate through a contested cyber domain as well. During a loss or degradation of communication capabilities we have to continue to perform our critical missile warning mission, provide support to the national command leaders, and protect the men and women of Buckley Air Force Base--and failure isn't an option."

In an American Forces Press Service story posted on Oct.18, Deputy Defense Secretary William J. Lynn III said Oct. 14, "With the creation of the U.S. Cyber Command in May and last week's cyber security agreement between the departments of Defense and Homeland Security, DoD officials are ready to add cyberspace to sea, land, air and space as the latest domain of warfare.

"Information technology provides us with critical advantages in all of our war fighting domains, so we need to protect cyberspace to enable those advantages," Secretary Lynn said. "Adversaries may be able to undermine the military's advantages in conventional areas by attacking the nation's military and commercial information technology, or IT, infrastructure

A lot of the planning, management and execution for this exercise was the direct result of Capt. Sarah Ford and Mr. Mike Hanke from Wing Plans and our EET team explained Mr. Stocking. "They deserve the credit for making this exercise successful," he said. "And we're going to do a lot more of them."



USAF Comments Policy
If you wish to comment, use the text box below. AF reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The AF and the AF alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the AF, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying AF endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

AF does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. AF may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. AF does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the AF or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.