NY Army Guard's Cyber Protection Team 173 fights computer battle during Kingston Armory exercise

KINGSTON, New York -- New York Army National Guard Major Corbin Lounsbury's Soldiers fight their battles with laptops.

"Our computer is our weapons system," explained Lounsbury, the commander of the New York and New Jersey National Guard's Cyber Protection Team 173, or CPT 173 for short.

From February 23 to 26, the CPT Soldiers fought an online campaign against a simulated "threat actor" who executed a blended cyber operation against an electrical utility.

The Soldiers were physically located at the Kingston Armory, but their battle took place inside the U.S. Cyber Command's Persistent Cyber Training Environment. This is a national-level computer simulation that replicates the challenges a CPT Soldier faces.

"The system can be programmed to provide cyber-Soldiers with varying threat levels, adversaries, and scenarios", Lounsbury explained.

The scenario was built around a classic attack against a computer network, said Major William Mackey, the officer in charge of the New York National Guard's Joint Force Headquarters' Defense Cyber Operations Element.

In the exercise scenario, the attackers conducted "reconnaissance" by identifying security weaknesses in the computer network, stole user logins and passwords in an operation known as "credential harvesting~~",~~" Mackey said.

That information was then used to gain access to the computer and shut down key systems, he added.

The mission for CPT 173 was to determine how the "bad actor" got into the system, close those holes in the defenses, find the malware - in the case "ransomware"-and end the threat, Mackey said.

The members of Lounsbury's Cyber Protection Team were also joined by the Division of Military and Naval Affairs Critical Infrastructure Response Team and the Defensive Cyber Operation Element in battling the simulated threat.

Thirty-four Soldiers took part in the exercise.

Ransomware is software that is placed on a system to shut it down. The hackers offer to remove the software once money-the ransom-is paid.

According to the FBI, in 2024, there were 3,156 ransomware attempts against American businesses and individuals, which cost over $12 billion.

Healthcare organizations have been especially susceptible to these attacks, according to the FBI's Internet Crime Report for 2024, but utilities-charged with providing electricity, water, and natural gas to hundreds of thousands of households - are also a concern.

A likely mission for a National Guard CPT is to help local governments and critical infrastructure companies counter these threats, Lounsbury said.

~~.~~Fortunately, most of the CPT 173 members work in the computer security field in their civilian jobs, he said. As Guardsmen have always done, they use their civilian skills to further the mission.

Lounsbury, for example, has worked for General Dynamics in network protection since 2018.

TV and movies portray cyber experts defending a computer system by feel and instinct. But in real life, everything is much more methodical, Lounsbury said

Just as any other unit would do when they are given a mission, the CPT 173 leaders spent two days using the Military Decision-Making Process and Joint Planning Process to plan their response to the threat, Lounsbury .

The CPT Soldiers determine how to counter a computer threat and then help the threatened firm's computer technicians make the right moves, he said.

"Actions are very planned and very deliberate, and nothing is done without approval," he said. "There are a lot of reporting and tracking processes we need to follow," he added.

Along with the specialized hardware and software installed on their computers, the CPT Soldiers also have access to a portable server kit~~,~~ that includes a collection of devices loaded with incident response tools.

The Soldiers can use these to identify and neutralize the threats to a network, he explained. The mission normally breaks down into "hunt the threat, clear out the adversary, then harden the system against further attacks," Lounsbury said.

The 173 Soldiers were very successful in countering the cyberattack during the exercise, Mackey said.

The team determined what actions the simulated attacker took, found the malware, and then "hardened" the network defenses and set up a system to monitor for further attacks, Mackey said.

This was the first time a National Guard cyber unit conducted this type of simulation exercise and they still wrapped up their mission a half-day earlier than expected, Mackey said.