A training exercise held by the U.S. military’s New England-area National Guard cyber units last week saw a simulated cyberattack disable infrastructure across the United States.
A report by the Defense Virtual Information Distribution Service (DVIDS) detailed a scenario in which hackers took down power, water, and gas companies starting on the west coast of the United States and branching out toward the east before threatening New England’s critical infrastructure.
The scenario, which ran for two weeks, is known as the annual Cyber Yankee exercise and saw National Guard units working hand in hand with the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Energy Regulatory Commission, and the U.S. Cyber Command (CYBERCOM) to simulate the attack.
In the latest exercise, which is in its seventh year, participants were taught to be on the lookout for anomalous activity on networks that could indicate the intrusion of hackers and then work to counteract attacks targeting infrastructure.
“In order to be effective defenders of a network, you need to know what the adversary TTPs [tactics, techniques and procedures] are,” said Maj. Michael Frank, the cyber warfare officer for Defensive Cyber Operations-Internal Defense Measures (DCO-IDM) Company Bravo, 6th Communications Battalion, in an interview with C4ISRNET.
“Doing cyber threat emulation here and actually going through the steps of OCO [offensive cyber operations] and going through what we would expect an adversary to be doing to us, we have a better idea of how to defend our networks. . . for them to get a chance to do it from this side is hugely valuable,” he added.
The simulated attack comes weeks after the ransomware attack on Colonial Pipeline, which disabled a large percentage of the United States’ fuel infrastructure. Colonial Pipeline is responsible for roughly 45 per cent of all U.S. southern and east coast fuel.
This year’s exercise saw the first use of a new cybersecurity template called “Cyber 9-Line” to determine the nature and severity of a cyberattack. CYBERCOM, which provided the template, said it would allow its users to “further diagnose a foreign attack and provide timely, unclassified feedback back to the unit, who shares with state and county governments to address the cyber incident.”
Lt. Col. Cameron Sprague, the deputy exercise director for Cyber Yankee, said that the training simulation was designed to be as realistic as possible.
“It’s really hard to do an exercise like this effectively,” Sprague said on C4ISRNET. “Operating effectively in incident response environment is really hard. That’s what a lot of teams first take away when they’re walking through this is how we’re actually going to do an incident response plan. That’s the big point of this. That’s why a lot of them come back year after year.”