News Search

Cyber Yankee 2020 draws to successful conclusion

Lt. Col. Woody Groton, exercise director of Cyber Yankee 2020, leads N.H. Gov. Chris Sununu on a tour of the event on July 31, 2020, at the Edward Cross Training Center in Pembroke, N.H.

Lt. Col. Woody Groton, exercise director of Cyber Yankee 2020, leads N.H. Gov. Chris Sununu on a tour of the event on July 31, 2020, at the Edward Cross Training Center in Pembroke, N.H. The two-week regional exercise enhanced the guard's ability to respond to cyberattacks made against state government and critical infrastructure. This marked the second straight year the NHNG hosted the event.


Cyber Yankee 2020, a regional exercise designed to provide cyber responders a virtual range to train and test their skills against cyberattacks, was hosted by the New Hampshire National Guard at the Edward Cross Training Center in Pembroke, N.H., July 21—31.

Military representatives from Guard, Reserve, and active duty components participated, as did partners from various local, state and federal agencies.

“Cyber Yankee is primarily a hands-on keyboard cyber incident response exercise for National Guard Soldiers and Airmen in FEMA Region 1, which are the six New England states,” said Lt. Col. Woody Groton, exercise director. “We also work with critical infrastructure; so various utilities, primarily from the electrical and the water industry.”

Among the participating utilities were Avangrid, Eversource, ISO New England, National Grid, The Massachusetts Water Resource Authority, The Metropolitan District, and Unitil, Groton said.

This marked the sixth year of the exercise and the second one hosted by the NHNG. Though on-site attendance was down this year due to COVID-19, more than 200 players participated.

The event was broken down into four targeted groups, or “Blue Teams,” comprising mission partners from across New England. A “Red Cell” barraged blue teams with myriad cyberattacks, while a “White Cell” regulated and assessed event operations.

Capt. Nathaniel Richter, a cyber operations officer for the 157th Air Refueling Wing, Pease ANG Base, outlined his Blue Team 1’s defensive strategy.

“Identify, protect, detect, respond and recover--those separate functions relate to the different types of activities we’re doing,” he said. “The entire sequence is all cyclical in that we will be running different parts of the system at different times, depending on what is happening in different parts of the network.”

Capt. Christopher Qubeck, of the Massachusetts Air Guard’s 202nd Intelligence Support Squadron, was tasked with spearheading Red Cell’s network attacks.

“As the red team, we’re playing the part of the bad guys,” Qubeck said. “We go into their virtual network and kind of wreak havoc on them. So we will go in and inject exploits and different types of hacks into their network, and hopefully they catch it and are able to mitigate it.”

Richter spoke of the challenges his young team faced combating Red Team’s onslaught of attacks.

“It can very much be a steep learning curve,” he said. “Most of our personnel are information technology professionals, but they’re not necessarily cyber security professionals. So they are related skillsets and there is a lot of crossover.”

Groton said the challenges participants faced in Cyber Yankee, which are designed to emulate real-world threats, enhance readiness against an ever-increasing number of attacks.

“Cyber security, especially in critical infrastructure and state government, is a huge issue right now,” Groton said. “You can see it in the news every day. Ransomware attacks are on the rise; loss of data, loss of intellectual property. It’s hard to keep up with the adversary.”

“We’ve also, in the last several years, seen significant uptick in cyberattacks and attempted cyberattacks against the electrical industry and water,” he added. “By training on this ahead of time, we’re better prepared in case of an actual incident.”

In addition to the training, important partnerships were fostered during the course of the two-week exercise.

“It’s about developing relationships with other states so that everyone is familiar with each other so that if they do get a call to assist, you’re not beginning from nothing,” Richter said. “You have some familiarity with the personnel and how they do business.”

Groton agreed.

“The adjutant general talks about building enduring partnerships,” he said. “Well, six years of Cyber Yankee, we have done that. We have built enduring partnerships with state government and the critical infrastructure segment.”

USAF Comments Policy
If you wish to comment, use the text box below. AF reserves the right to modify this policy at any time.

This is a moderated forum. That means all comments will be reviewed before posting. In addition, we expect that participants will treat each other, as well as our agency and our employees, with respect. We will not post comments that contain abusive or vulgar language, spam, hate speech, personal attacks, violate EEO policy, are offensive to other or similar content. We will not post comments that are spam, are clearly "off topic", promote services or products, infringe copyright protected material, or contain any links that don't contribute to the discussion. Comments that make unsupported accusations will also not be posted. The AF and the AF alone will make a determination as to which comments will be posted. Any references to commercial entities, products, services, or other non-governmental organizations or individuals that remain on the site are provided solely for the information of individuals using this page. These references are not intended to reflect the opinion of the AF, DoD, the United States, or its officers or employees concerning the significance, priority, or importance to be given the referenced entity, product, service, or organization. Such references are not an official or personal endorsement of any product, person, or service, and may not be quoted or reproduced for the purpose of stating or implying AF endorsement or approval of any product, person, or service.

Any comments that report criminal activity including: suicidal behaviour or sexual assault will be reported to appropriate authorities including OSI. This forum is not:

  • This forum is not to be used to report criminal activity. If you have information for law enforcement, please contact OSI or your local police agency.
  • Do not submit unsolicited proposals, or other business ideas or inquiries to this forum. This site is not to be used for contracting or commercial business.
  • This forum may not be used for the submission of any claim, demand, informal or formal complaint, or any other form of legal and/or administrative notice or process, or for the exhaustion of any legal and/or administrative remedy.

AF does not guarantee or warrant that any information posted by individuals on this forum is correct, and disclaims any liability for any loss or damage resulting from reliance on any such information. AF may not be able to verify, does not warrant or guarantee, and assumes no liability for anything posted on this website by any other person. AF does not endorse, support or otherwise promote any private or commercial entity or the information, products or services contained on those websites that may be reached through links on our website.

Members of the media are asked to send questions to the public affairs through their normal channels and to refrain from submitting questions here as comments. Reporter questions will not be posted. We recognize that the Web is a 24/7 medium, and your comments are welcome at any time. However, given the need to manage federal resources, moderating and posting of comments will occur during regular business hours Monday through Friday. Comments submitted after hours or on weekends will be read and posted as early as possible; in most cases, this means the next business day.

For the benefit of robust discussion, we ask that comments remain "on-topic." This means that comments will be posted only as it relates to the topic that is being discussed within the blog post. The views expressed on the site by non-federal commentators do not necessarily reflect the official views of the AF or the Federal Government.

To protect your own privacy and the privacy of others, please do not include personally identifiable information, such as name, Social Security number, DoD ID number, OSI Case number, phone numbers or email addresses in the body of your comment. If you do voluntarily include personally identifiable information in your comment, such as your name, that comment may or may not be posted on the page. If your comment is posted, your name will not be redacted or removed. In no circumstances will comments be posted that contain Social Security numbers, DoD ID numbers, OSI case numbers, addresses, email address or phone numbers. The default for the posting of comments is "anonymous", but if you opt not to, any information, including your login name, may be displayed on our site.

Thank you for taking the time to read this comment policy. We encourage your participation in our discussion and look forward to an active exchange of ideas.