Earlier this year, Coast Guard Cyber quietly moved up to the big leagues. It’s Red Team, the specialized force adept at emulating our adversaries by hacking into other systems, earned Department of Defense (DoD) certification.
This milestone is significant because it allows the service to independently conduct DoD-level cybersecurity assessments using the most advanced techniques and to partner with other military branches and U.S. Cyber Command to safeguard critical networks and systems. This means better protection for the Marine Transportation System as well as the Coast Guard’s operational platform.
Perhaps even more impressive: the Coast Guard achieved this certification in record time with a team of just 10 people — a fraction of the size of Army and Navy teams that took much longer.
How did they do it? The story is a case study in what a small, but dedicated team with the right mission can accomplish. “The goal was to enhance our security,” said Cyber Operational Assessments Branch Chief John Miles. “That’s the attitude this branch has always had.”
Getting started
The Coast Guard set up the Cyber Operations Assessment Branch in 2013 but didn’t have a Red Team until three years ago. Typically, cybersecurity protection in organizations is split between Blue Teams, which defend networks, and Red Teams, which play the role of attacker to find weaknesses in systems. The service added a Blue Team in 2017, but a Red Team was a harder sell.
Lt. Cmdr. Kenneth Miltenberger was instrumental in making the case to leadership and took charge when the Red Team was approved in 2021. He and Miles began looking towards certification almost immediately, gathering documentation and getting the training required by the National Security Agency (NSA). The NSA conducts the actual assessment and following completion will ask U.S. Cyber Command to accredit the successful team as a DoD-Certified Red Team (DCRT).
“It was a huge hill to climb,” Miltenberger said, “but we saw the need across the Coast Guard to test our systems and people against the most advanced threats.”
Getting ready
In May 2023, the Coast Guard Red Team was granted interim authority to operate by the NSA. They just needed a mentor from an already certified Red Team to observe their operations. An Army DCRT stepped in to do this. Over the next nine months, CGCYBER’s Red Team was able to complete the three mentored operations that are required as part of the application process, as well as an additional one. This was in addition to their regular work. (See box) 
Initially, Miltenberger drove the effort. But when he left for Alameda in July 2023 to assume command of the 2003 Cyber Protection Team (CPT), Lt. j.g. Justin Steiner stepped in. At the time, Steiner knew very little about Red Teams and still had to complete training himself. “I didn’t have a full grasp of what we were trying to do,” Steiner says. “I don’t think I knew how crazy it was going to be. I just knew we were doing this to make our country safer.”
In addition to Steiner and Miles, the team included five other Coast Guard members and two contractors. They began meeting frequently to decide where to target their efforts. All of them had to learn things like how to build malware that couldn’t be detected by security tools. Team members also needed to get trained on how to move stealthily through a network once they’d hacked their way in. “We’d divide into groups and come back and teach each other what we’d learned,” Steiner said. “When I’d go home at the end of the day, I’d have another 4 to 6 hours of work ahead of me.”
This kind of motivation, shared across the team, was the reason Miles thinks they were so successful. “The attitude of this branch, since we built it from nothing, is if you don’t know how to do it, you figure it the heck out,” he said.
Steiner’s leadership was another plus, says Lt. j.g. Domenico Bulone, a member of the Coast Guard Academy’s first graduating class of cyber systems majors, who joined the team in August 2023. “A lot of the work he did was to get us set up and molded into the team we needed to be to work with the NSA,” he said.
From November to December last year the team sequestered themselves and went through the scoring mechanics. They spent another two months drilling often to figure out every possible thing that could go wrong and come up with contingencies, Steiner says.
Certification time
At 8 a.m. on Feb 27, the NSA’s certification team, arrived at the Cyber Assessment Branch offices in Alexandria, Virginia.
The certification process included two sections: administrative review and operational testing. For part of the testing, the team needed to gain initial access, or hack, into a network. They also had to establish persistence on a network, and pivot from one system to other systems within the same organization—all while evading defenses and not getting caught.
As these challenges continued over the next few days, the NSA team members asked the Coast Guard Red Team questions and discussed how they were doing. “Those were three and a half very long and stressful days of having them here,” says Miles.
But in the end, all the hard work paid off. On March 30, the Coast Guard Red Team, officially became a DCRT, less than 3 years after it had been formed. By comparison, the larger Army and Navy teams took over 5 years to meet the same standards. In recommending certification, the NSA Certification Team also specifically singled out Steiner for his knowledge and his contributions. “He was there to answer all the hard questions that the evaluation team had,” says Bulone.
What’s next
Now that the CGCyber Red Team can operate on its own, the goal is to get better, and continue growing. When MyCG caught up with Steiner recently, the team was getting ready for a collaborative mission with the Coast Guard Blue Team of network defenders. During the weeklong exercise, the Red Team hacked into the Coast Guard network, with the Blue Team watching, to give them an opportunity to see what a malicious actor might do in real time and to react to it.
For members interested in joining either of these teams, Steiner says the biggest skill you can develop is self-learning. In addition to official courses, he’s learned a lot from just Googling, and teaching himself new things. “As cheesy as it sounds, don’t give up,” he says. “Sometimes just a little more pushing and being positive and trying to be creative can help you solve a problem.”
Bulone agreed. “The cool thing about cyber is a lot of the information you need to improve yourself is readily available and free online,” he says. “If you want it badly enough, you just have to go after it and prepare yourself.”
-USCG-
Resources:
In the news: