Michigan DOT Gains Cybersecurity Insights via Operation Resilience

In June 2020, the 272nd Cyber Operations Squadron provided the Michigan Department of Transportation and other state agencies insight into the identification of possible cyber threats to their information technology networks during Operation Resilience.

[Above photo by Sgt. 1st Class Helen Miller, Michigan National Guard.]

Members of the Michigan Air National Guard – consisting of 17 cyber operators, three intelligence analysts, and one cyber transport system specialist – participated in Operation Resilience, a federal Innovative Readiness Training or IRT program.

Illustration by U.S. Air Force Staff Sergeant Alexandre Montes

Major Richard Frantz, IRT team lead, explained in a statement that the IRT program provides a “real-world training environment” not only so military service members can improve their skill sets but then share that expertise with civilian entities at a reduced cost to communities across the U.S.

“Operation Resilience proved to be a high-value IRT engagement with state of Michigan partners that set the foundation for future training and engagements,” he said.

The military unit’s cyber operators collaborated with the Michigan Department of Technology/Management and Budget (DTMB) as well as the Michigan Department of Transportation – conducting an intelligence-driven assessment on critical host and network devices that run the Advanced Traffic Management System or ATMS throughout Michigan.

Photo by the Michigan DOT

ATMS provides real-time video traffic information for major roadways, controls “flex lane” on select highways for rush hours and enables rapid response for highway emergencies via monitoring through four state transportation operations centers. These capabilities enable more than 9.8 million Michigan residents and many transiting non-residents to commute safely and timely, the Michigan DOT said.

The military’s cyber operators successfully conducted operations both remotely through virtual private network or VPN access and on-site at Battle Creek Air National Guard Base. Simultaneously, two technicians physically deployed to the hosting center in Lansing to configure and troubleshoot equipment.

The unit then performed 13 cyber threat pursuits, with no advanced persistent threats discovered on the four critical servers of the ATMS. Operators did discover eight vulnerabilities and recommended mitigations for each, with that assessment providing detailed reporting for improving ATMS cybersecurity and assurance.

Laura Clark

“This exercise gave us the opportunity to build on our existing partnership with the National Guard so that we are better prepared for joint ventures in the future,” noted Laura Clark, chief security officer for the state of Michigan. “As the threats to the digital security of our state continue, it is vital to have a strong working relationship between the state of Michigan and the Michigan National Guard.”

An estimate of like-services performed by the private sector would likely cost the state an estimated $210,000 to $420,000 based on four 10-hour Additionally, this IRT event was the first-ever engagement between Michigan National Guard cyber entities at this scale, serving as a test case for future state engagements or emergency/incident response. The event resulted in the creation of numerous processes, procedures, and a mutual understanding between the 272nd Cyber Operations Squadron and DTMB.

“Our organization really took a big leap forward in maturing our capabilities because of this IRT collaboration,” said Major Frantz.

As a first-time event of this nature, both parties said they had to establish relationships, learn about their respective capabilities, and develop working communications. As a team, Clark said both the Michigan National Guard and Michigan’s state government achieved “a big win” by increasing the cybersecurity of vital transportation networks.

“This will allow us to strengthen the defenses and increase protections for Michigan’s residents,” she said. “We look forward to continuing this collaborative effort between the two organizations.”

Related articles