Hawaii National Guard and University of Hawaii host the 3rd Annual Po’oihe Cyber Security Exercise

  • Published
  • By Airman First Class Robert Cabuco
  • 154th Wing Public Affairs
Recently, the federal government had fallen victim to a cybersecurity breach of its computer networks, leaking personal information of millions of federal employees. The hackers of today are more skilled and use more sophisticated methods, which increases the scope of targets they can attack.

During a statewide hurricane preparedness exercise, private, commercial and government agencies in Hawaii defend against cybersecurity breaches on critical infrastructures and services. The Exercise Vigilant Guard/Makani Pahili 2015, sponsored by the U.S. Northern Command, National Guard Bureau and Hawaii Emergency Management Agency (HI-EMA), develops relationships and improves collaboration between these agencies in preparation for an actual natural disaster.

Critical infrastructures, such as those within the energy sector, would prove to be a viable target for cyber-criminals. This is why "we are focusing on the energy sector as a critical infrastructure" in this year's exercise, says Jodi Ito, information security officer for the University of Hawaii and primary coordinator for the Po'oihe Cyber Security Exercise 2015.

"One of the things in Hawaii is that we are very dependent on critical infrastructures, because we do not have alternative sources. The ability to be able to drill and protect these [resources] in a protected network environment makes for better learning experience preparing us for an actual crisis," said Ito.

The Po'oihe exercise is sponsored by the Hawaii National Guard and was integrated into Vigilant Guard 2015, a regional annual exercise, and Makani Pahili 2015, a state annual hurricane preparedness exercise. In the exercise scenario, a Category 4 Hurricane has swept through the State of Hawaii paving the way for a pandemic outbreak and a cybersecurity attack.

The participants are split into four teams: A Blue team for defenders, Red team for aggressors, Black team for infrastructure, and White team for judges and referees.
Staff Sgt. Chad Stanley, from the 154th Communication Flight, Hawaii Air National Guard, participated on the Black team. He discovered that "Po'oihe was a great chance to see how military and civilian skill sets can complement each other" in a collaborative environment.

Senior Airman Jasper Green, from the Hawaii Air National Guard's 292nd Combat Communications Squadron on Maui , was assigned to the Blue team. He said, "As a first time participant, I had a great experience with the exercise. I learned that planning and communication can enhance the overall outcome of defense posturing."
Green recently graduated from Hawaii Pacific University with a bachelor's degree in Information Technology.

Industrial facilities like water plants, power grids, telecoms networks and defense warning systems are controlled by systems that perform a number of elementary yet mission-critical tasks. However, the systems that manage their daily activities are highly vulnerable, from an IT security standpoint.

In times of natural disasters, leadership and administrators attention is focused on preparation before the storm and recovery activities after it passes. For cyber-criminals, these are the perfect times to launch an attack on the state's critical infrastructure assets. These are prime targets for a multitude of malicious groups including terrorist cells, criminal syndicates, rogue governments, disgruntled employees and many, many others.

Ito explains that the exercise provides additional targets such as "county information centers, which provide information to the civilians about things like shelters that they can go to and other types of critical information. Another critical infrastructure is the tug and barge industry, because we're dependent on the service to move all of our goods between the islands. So they become a target for hackers whose attention is focused on trying to affect their databases, affect the Web servers, bring down their email servers to simulate a hostile attack during a disaster."

With the increased scope of this year's exercise comes increased participation. Participants included personnel and equipment from Hitachi (Japan), Guam, California National Guard, Hawaii National Guard, Army Reserves, Navy, active duty Air Force, FBI, state, city and county, Hawaiian Electric Company, industry, academia (UH faculty, staff and student and including a few high school students). The two-day exercise has over 170 participants involved and over 50 volunteers who participated in the planning and design of the range setup and the scenario design and execution.

This exercise marks the second time members from Hitachi (Japan) has participated. Ito says, "They are interested in participating because they don't have the opportunity to participate in these types of exercises back in their country."

According to Ito, "In Japan, the exercises are a little more regimented, the scenarios are a more controlled. Their government has a little more hand in it. Our exercise represents a more academia, industry, and government partnership. This type of exercise, because of the different personalities from all of these different agencies, lends itself to completely different free-flowing form where the participants can exercise more creativity in their responses. This makes the exercise more dynamic, less structured, controlled or scripted."

The participants are challenged and find it to be an opportunity to think differently. One thing specifically different in this exercise from the years past is they were told they cannot patch anything immediately or they cannot apply antivirus, because in an emergency situation, they would be constrained from doing that. They wouldn't know what they would affect or break as part of those patching solutions. In a normal attack situation, their first response is to patch and block the network, but they are not able to do that in an emergency situation, so the responders are forced to think differently than they are used to.

Ito says that "We are drilling this as an exercise. Although there is a little competition amongst the teams, the goal is to have them do their best. They also must be able to talk to each other, develop relationships in a collaborative environment."

During the event, points are earned for various achievements and milestones for each team. After the storm, the California Air National Guard team provided the silver lining and scored the most points defending Hawaii against cyber aggressors.