Key Takeaways
- Cyber Yankee 2026 is the Connecticut National Guard’s premier regional cyber‑training exercise, held May 4‑15 at Camp Nett, Niantic.
- The exercise pairs military cyber personnel with civilian utility experts to defend natural‑gas, electric, and water infrastructure against simulated attacks.
- Structure: one week of classroom instruction followed by a week of tactical cyber‑operations, organized into blue (military), orange (civilian), and red (adversary) teams.
- Participation has grown from ~100 attendees in 2015 to over 360 in 2026, representing seven National Guard states, multiple federal services, international partners, and ten private‑industry companies.
- Real‑world relevance is highlighted by the 2020 Hartford ransomware incident, where Cyber Yankee‑trained Guard members helped isolate and remediate the breach.
- Despite its expansion, the exercise’s strength remains its limited size and regional focus, which fosters practical relationships that translate directly to real‑incident response.
Overview of Cyber Yankee 2026
Cyber Yankee 2026 marks the twelfth iteration of the National Guard’s premier annual regional cyber training exercise. Hosted by the Connecticut National Guard at Camp Nett in Niantic, the event runs from May 4 through May 15, 2026. Since its inception in 2015, Cyber Yankee has evolved into a cornerstone of cyber‑defense preparation for critical civilian infrastructure across the Northeast and beyond.
Purpose and Vision
The exercise brings together “real operators” from the Guard, federal agencies, and private‑utility companies to collaborate on defending essential services before a real attack forces such coordination. Maj. Gen. Francis J. Evon Jr., adjutant general of the Connecticut National Guard, emphasizes that gas, water, and electric systems do not defend themselves; protecting them requires a skilled, integrated team capable of swift, coordinated action.
Exercise Structure
Cyber Yankee spans two weeks. The first week consists of classroom training covering cyber threats, defensive tactics, incident‑response procedures, and inter‑agency communication protocols. The second week shifts to tactical‑level defense cyber‑operations, where participants apply learned concepts in a live‑fire environment. This phased approach ensures that theory is reinforced by hands‑on practice under realistic conditions.
Team Colors and Roles
During the tactical week, participants are divided into three color‑coded teams. Blue teams comprise military cyber warriors from the National Guard and sister services. Orange teams consist of civilian partners—primarily engineers and IT specialists from utility companies such as natural‑gas, electricity, and water providers. Red teams act as adversaries, emulating hackers, hacktivists, or foreign state actors attempting to infiltrate and disrupt the infrastructure. The blue and orange teams must detect, mitigate, and respond to red‑team incursions while maintaining service continuity.
Focus on Civilian Infrastructure
What distinguishes Cyber Yankee from other Department of Defense‑centric cyber events like Cyber Shield is its exclusive focus on civilian critical infrastructure. Rather than defending DoD networks, the exercise concentrates on protecting the natural‑gas pipelines, electric grids, and water treatment facilities that sustain daily life. This orientation aligns training with the most likely targets of nation‑state or criminal cyber campaigns aimed at societal disruption.
Scale and Participation
Since its modest start with roughly 100 participants split between Massachusetts and Connecticut, Cyber Yankee has grown substantially. The 2026 edition features six teams and more than 360 personnel. Contributors include National Guard members from Maine, Massachusetts, New Hampshire, New Jersey, New York, Rhode Island, and Tennessee; representatives from the Marine Corps, Space Force, and Coast Guard; and international partners via the State Partnership Program (Cyprus, Brazil, El Salvador, Kenya, Paraguay, Uruguay, Canada, and Sweden). Civilian involvement spans ten private‑industry firms, the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy, and the Commonwealth of Massachusetts.
Leadership Perspective
Air Force Col. Cameron Sprague, the Connecticut National Guard’s cyber operations officer and director of Cyber Yankee 2026, underscores the exercise’s relevance: “There are credible threats to the United States critical infrastructure… Cyber Yankee is all about being able to defend ourselves against that.” He also notes that cyber defense is a “team sport,” stressing that effective restoration and protection of services during a real attack depend on seamless collaboration across military and civilian boundaries.
Real‑World Application: Hartford Ransomware Incident
The value of Cyber Yankee’s training was demonstrated in September 2020 when a ransomware attack crippled critical systems in Hartford, Connecticut’s school district. The disruption caused delays that rippled through families’ daily routines. In response, the Connecticut National Guard’s cyber team was activated, working alongside city officials to isolate the threat, eradicate the malware, and restore services. Although the attack exposed vulnerabilities in Hartford’s cyber posture, the Guard’s prior participation in Cyber Yankee enabled its members to remain calm, focused, and effective under high‑stress conditions—a direct testament to the exercise’s preparatory power.
Growth While Preserving Core Strengths
Although Cyber Yankee’s expanding footprint reflects its proven success, Col. Sprague cautions against losing the exercise’s distinctive advantages. Its limited size and regional emphasis foster deep, personal relationships among participants who are likely to work side‑by‑side during an actual cyber incident. These bonds, built through shared training and mutual trust, are difficult to replicate in larger, more generic events and represent a key factor in the exercise’s ongoing effectiveness.
Conclusion
Cyber Yankee 2026 exemplifies a proactive, collaborative approach to safeguarding the nation’s critical infrastructure. By uniting military cyber experts with civilian utility professionals in realistic, scenario‑based training, the exercise enhances readiness, refines response tactics, and strengthens the inter‑sector partnerships essential for defending against evolving cyber threats. As society’s reliance on digital systems intensifies, initiatives like Cyber Yankee will remain vital to ensuring that essential services remain resilient, secure, and continuously operational.