At the Front
MIDDLE RIVER, Maryland — Visiting the 175th Cyberspace Operations Group’s operations area at the Air National Guard Base at Martin State Airport in the Baltimore suburbs is like entering a black hole.
First, you must leave mobile devices or anything with Bluetooth capability in a locker. Then, you proceed to a door with a placard that warns that the facility has an “intrusion detection alarm system.” Entry is possible only with an escort who has the correct code for the security touchpad.
Once inside, blinking lights alert airmen to your level of security clearance. Visitors without a clearance receive flashing red lights. There are also signs that remind members that what they do there needs to stay there, including one reminiscent of an earlier era: “Loose tweets sink ships.”
The extensive precautions come with the mission. “In this decisive decade, the success of our nation depends upon a free, open, and secure cyberspace,” states the Defense Department’s unclassified 2023 cyber strategy. The 175th COG is one of the Guard units on the front lines of that effort, and the wrong people can’t be allowed to see its work.
Col. Jason Barrass, the group commander, says the 175th COG and its five subordinate squadrons are unique. They wield the full spectrum of offensive, defensive and intelligence cyber capabilities at one place.
“We’re paving the way on this stuff, because most of these organizations, they either have an offensive mission, a defensive mission or they’re doing intel,” he says. “No other one has all three in one location.”
The group is part of the 175th Wing, which also includes the 104th Fighter Squadron and its A-10 Thunderbolt IIs. The Air Guard also has COGs in Kansas (the 184th) and Washington (the 252nd), but the 175th is the only one in a flying wing, which is another source of pride in the Maryland Air Guard unit.
“If you look at the way that the United States military has fought and won conflicts and wars for really the last 100 years or so now, it all comes down to combined-arms warfare,” says Maj. Justin Schaber, the assistant officer in charge of training for the 175th COG’s 276th Cyberspace Operations Squadron.
Schaber, like most of the more than 350 members of the group, is a drill-status Guardsman with a full-time civilian cyber job. He is a senior security engineer for Amazon Web Services.
The group’s squadrons conduct their training and many of its missions at banks of computers behind all the security at the group’s facility. Each squadron has its own hardware. Cyber operators work at individual keyboards, but no one operates solo. An additional perspective, sometimes several, is always nearby.
“Cyber is the ultimate team sport, but it requires that everyone on the team is willing to pull their own weight,” says Brig. Gen. Teri Williams, the vice director of operations (Cyber) at the National Guard Bureau and a former commander of the Army Guard’s 91st Cyber Brigade, headquartered in Virginia. “Due to all of the time and the effort required, I would also recommend a touch of passion for cyber in their kit bag.”
That passion is necessary because cyberspace is increasingly contested with multiple “malicious actors,” according to the DoD cyber strategy. The list includes Russia, North Korea, Iran, violent extremist organizations and transnational criminal organizations, but it begins with the People’s Republic of China.
China has engaged in prolonged campaigns of cyber espionage, theft and compromise against U.S. critical infrastructure, including the Defense Industrial Base, the Pentagon strategy says. And in the event of war, the PRC is likely to launch destructive cyberattacks against the U.S. homeland to “hinder military mobilization, sow chaos and divert attention and resources.”
The Air Force can be rigid sometimes. This environment, this domain, this profession is not. Flexibility is important.
—Col. Jason Barrass, the commander of the Maryland Air National Guard's 175th Cyberspace Operations Group
THE 175TH COG is comprised of two offensive and one defensive cyber operations squadrons, a cyber intelligence squadron and an operations support squadron.
The 275th Cyber Operations Squadron defends the so-called blue space with an emphasis on the DoD Information Network. The squadron performs routine vulnerability analysis and assessments, fortifying friendly networks against attacks. It also hunts for malicious activities like intrusions.
This defensive squadron also mobilizes on federal Title 10 orders as a service-aligned cyber protection team. Upon mobilization, it’s apportioned to Air Forces Cyber as the 856th CPT. The missions typically involve 44 airmen and last six months with duty at Martin State Airport, as their weapon system is here, Barrass says.
However, they can also “hunt forward,” deploying to wherever the friendly network they’re protecting resides, even overseas. After serving for six months, the 275th COS usually doesn’t mobilize again for two and a half years.
The 175th COS and the 276th COS conduct offensive operations. They observe adversary activity, defend against attacks and maneuver to defeat them. Offense occurs in “red space” — or enemy networks — and “gray space,” neutral cyberspace that isn’t controlled by anyone, Barrass says.
Both squadrons have been mobilizing airmen for six-month, Title 10 deployments to Fort Meade, Maryland, to support U.S. Cyber Command, for the last seven years. These are real-world missions. They serve as part of the 24th Cyber National Mission Force, which conducts full-spectrum cyberspace operations to defeat malicious actors who target the United States and its allies.
During a deployment last year, the 276th conducted “more than 255 tip-of-the spear cyberspace targeting and exploitation missions against two near-peer adversarial forces and helped streamline many processes,” says Lt. Col. Christopher Quinlan, the squadron’s director of operations.
Each of the 175th COG’s offensive squadrons mobilize 22 airmen every 18 months. The missions are assigned to one squadron, which can leverage all its personnel or mix them with volunteers from the group’s other squadrons. The Delaware Air Guard’s 166th COS is also part of the rotation. Other Guard cyber units, including Army Guard forces, also deploy to CYBERCOM.
Barrass says the offensive squadrons return from deployments with knowledge of the latest infiltration techniques employed by the nation’s adversaries, which they share with the defensive operators. The group also moves people among the squadrons to spread experiences and best practices. He says it’s another advantage of having both offense and defense under one roof.
“The Air Force can be rigid sometimes,” Barrass says. “This environment, this domain, this profession is not. Flexibility is important.”
The 275th OSS conducts most of its support functions at Martin State Airport. It builds and maintains cyber ranges, develops and plans exercises and executes training for the entire group.
The group’s fifth squadron, the 135th IS, currently operates near Fort Meade but will relocate to Martin State Airport once its classified networks come online here. The squadron’s federal mission involves collecting intelligence from the signals residing on or transmitting between digital networks. It assesses what it collects for intelligence value, satisfying both national collection priorities and combatant commanders’ requirements.
State missions are also part of the 175th COG’s repertoire. The 135th IS helped Maryland identify locations for vaccination sites during the COVID-19 pandemic. And for years, cyber operators have conducted vulnerability assessments for the Maryland Emergency Management Agency.
Some were approved under the Pentagon’s Innovative Readiness Training process and conducted in a federal Title 32 status. Others were undertaken on state active duty. The group’s use of Title 10, Title 32 and SAD is in line with the DoD cyber strategy to “fully leverage” the Guard with its separate statuses to facilitate cyber-defense partnerships between the federal government and state and local governments.
Additionally, the 175th COG works with Estonia and Bosnia and Herzegovina on cyber training and exercises. Both Eastern European nations are paired with Maryland in the Guard’s State Partnership Program.
In September, the group and Estonia, which absorbed a denial-of-service attack by neighboring Russia in 2007, participated in a cyber exercise. Baltic Blitz 23 involved 30 airmen from the 175th Wing at the Baltic nation’s Amari Air Base. The exercise centered on securing simulated rail transportation systems from cyberattacks.
“The first mission I did with the State Partnership Program was called Baltic Jungle. We brought the entire [175th] Wing out here [Estonia] and it was mostly an aviation exercise with a very small cyber portion,” says Lt. Col. Bob DeLuca, member of the 175th COG and the Baltic Blitz exercise director. “This time it has grown so big that cyber is its [own] exercise.”
Cyber is the ultimate team sport.
—Brig. Gen. Teri Williams, the vice director of operations (Cyber) at the National Guard Bureau
AIRMEN DON’T BECOME cyber operators overnight, or even after a year. It takes, on average, two to three years, Barrass says. The process begins with initial skills training, which is always conducted away from home station. Barrass says Guardsmen start this training pipeline at Keesler Air Force Base, Mississippi, or Goodfellow Air Force Base, Texas. Next, airmen undergo advanced, specialized training at either Keesler, Goodfellow, Corry Station Naval Technical Training Center in Florida, or the National Security Agency or the CNMF at Fort Meade.
Afterward, Guardsmen complete their job qualification requirements by demonstrating and performing tasks for their unit trainers. Some of this training unfolds at Martin State Airport, while other parts occur at NSA or the CNMF.
Barrass and other group members point out that the training resources are limited, and the attrition rate can be high, but those who make it through the pipeline are highly skilled. Many members of the 175th COG, like other Guard cyber units, also bring valuable civilian-acquired cyber skills and experience that many of their active-component counterparts don’t possess.
Schaber says his military cyber training and experience is also an asset in his full-time job with Amazon Web Services. “Being able to see the threats out there from a different viewpoint can then translate back to the civilian world on how these major linchpin companies can protect themselves, can protect their customers,” he says.
Many cyber companies have taken notice. Master Sgt. Samillia Glover, the flight chief of C4 systems for the 275th COS, says Guard cyber units often lose talented full-time enlisted cyber professionals “to the Microsofts or the Amazons, the folks that are giving out that $150,000 salary, plus bonuses, plus that nice retirement package and stock options.”
The military pay tables can’t compete, she says. Active-component cyber units have the same struggle. But the Guard can and does keep private-sector cyber talent in uniform and available to defend military networks and other critical infrastructure.
The DoD cyber strategy calls for exploring “greater use of reserve components as a way to share talent with the private sector, like those adopted in National Guard cyber units.”
Adds Williams: “We haven’t really cracked the code as a nation on how to share anonymous information in cyber horizontally and vertically, but the Guard has,” she explains. “They come together from all walks of civilian jobs in cyber and then there is an inherent trust as they share knowledge and information in a way that is anonymous enough to protect the innocent but rich enough for them to enhance their knowledge.”
Mark Hensch is the NGAUS senior writer/editor. He can be reached at [email protected].
TOP PHOTO: Master Sgt. Samillia Glover, a 275th Cyberspace Operations Squadron flight chief, shares threat information with her airmen. (Photo by Drake Sorey)
GUARD CYBER FORCES
ARMY NATIONAL GUARD
■ 985 Cyber Personnel Across
■ 1 Cyber Brigade
■ 5 Cyber Battalions
■ 5 Cyber Security Companies
■ 5 Cyber Warfare Companies
■ 11 Cyber Protection Teams
AIR NATIONAL GUARD
■ 1,510 Cyber Personnel Across
■ 3 Cyber Operations Groups
■ 19 Cyber Operations Squadrons
NOTE: The Air National Guard is establishing a cyberspace wing from a former airlift wing in Ohio. It’s scheduled to be fully mission capable in 2027.
SOURCE: National Guard Bureau