FORT MEADE, Md. --- Imagine if you will, a range of worst-case cyber scenarios, rippling across U.S. critical infrastructure all at the same time.
Across the country, system outages caused by cyberattacks disrupt hydroelectric dams, shipping ports and electrical power grids. Meanwhile, hacks into the financial sector trigger drastic drops on the New York Stock Exchange, and senior government officials are questioning whom to trust after a spate of phishing emails attempted to gain access to protected data repositories.
The massive power disruptions leave millions in the dark, frustrated, confused and without relief during the year's hottest months.
Maryland state authorities hosting a high-profile foreign relations summit are forced to contend with violent civil unrest when scheduled public demonstrations erupt unexpectedly amid regional cyberattacks against critical infrastructure. Seeking to restore order, the governor is forced to declare a state of emergency.
This complex and dynamic wave of events was only the scene-setter for Cyber Guard 2017, a weeklong exercise conducted in June to test and exercise the men and women of U.S. Cyber Command's Cyber Mission Force and interagency partner teams from across federal and state organizations tasked with defending critical infrastructure.
Setting the Tone
The sixth annual Cyber Guard exercise, co-led by Cybercom, the Department of Homeland Security and the FBI, wrapped up with the tone set by the Cybercom commander in his June 12 opening remarks.
"I will accept failure in a training environment if it generates knowledge and insight that makes us better," said Navy Adm. Michael S. Rogers, who also serves as director of the National Security Agency and Central Security Service. "What I constantly tell the team leads is it's about pushing the envelope. It's about challenging your teams, and it's about trying different things."
More than 700 cyber operators and critical infrastructure experts from Cybercom, the National Guard and Reserves, the intelligence community, and public- and private-sector organizations teamed together to support each other during an onslaught of cyber threat scenarios. Teams navigated a coordinated response to protect, defend and mitigate a variety of cyber threats ranging from the simply disruptive to nearly catastrophic.
No Borders or Physical Boundaries
Hosted at the Joint Staff's state-of-the-art facility in Suffolk, Virginia, Cyber Guard also explored the complex aspects of operations in cyberspace, a domain not confined by borders or physical boundaries, but frequently defined by legal authorities. These challenges manifested in the first known use of a "dual-status commander" role in cyber operations through the Maryland National Guard team.
In this position, the Maryland National Guard commander transitioned into a dual force leadership role. Operating under statutory Title 32 authorities, the Maryland joint team responded to issues relating to the Maryland Aviation Department's air traffic control information. Then, in support of DHS, cyber protection teams that are part of Cybercom's Cyber National Mission Force, acting under statutory Title 10 authorities, developed their role in protecting and securing critical control systems on a private, regional electricity network.
Exercise officials emphasized the importance of training during the event, as opposed to a typical game outcome with a "winner" or "loser." The exercise environment was simulated within a closed network so participants could truly experience what it is like to perform operationally under a great deal of pressure in time-sensitive situations, officials said.
"The maturation of the exercise is impressive," said Coast Guard Rear Adm. David M. Dermanelian, Cybercom's training and exercises director. "We're doing more than just network activity. We are providing the best venue to date for operators to experience the most realistic training environment possible, both in terms of network and scenario."
Cyber Guard teams drove toward capability and capacity, particularly within the U.S. Cyber Mission Force. Five teams seeking full operational capability were assessed on their speed, agility and precision while applying real-world techniques to defeat notional adversaries.
An "opposing force" replicated a range of adversaries seeking to disrupt critical U.S. infrastructure. The Blue Team, or "friendly forces," worked to defend their critical infrastructure networks against the live, opposing force in a closed-network environment. A cadre of trained personnel assessed each team in accordance with Cybercom standards.
"While we've been doing this for a few years, we are always learning," said Air Force Lt. Gen. J. Kevin McLaughlin, Cybercom's deputy commander. "Every year, we learn something new that we wish we would have thought about the year before. This is still a domain of warfare in its infancy in terms of how we think about it."