The National Guard has been preparing for a major cyber attack that would bring down utilities across the US, after the hack of the Coloni...
The National Guard has been preparing for a major cyber attack that would bring down utilities across the US, after the hack of the Colonial Pipeline brought the nation's fuel supply to its knees.
Troops from across the New England region practiced tackling a massive simulated breach across critical infrastructure sectors including power, water and gas during a two-week training exercise this month.
The exercise involved a situation where a huge cyber attack targeted utilities on the West Coast before moving east across the country.
Much like in a real-life scenario, National Guardsmen worked alongside government agencies - including the FBI, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, the Federal Energy Regulatory Commission, and US Cyber Command - as well as private sector utility partners to respond to the crisis.
While the crisis was a simulation this time round, such an attack is looking increasingly possible.
A series of recent, devastating attacks have sent warning signs about the risk cybersecurity breaches can bring to national infrastructure.
When the Colonial Pipeline was targeted by hackers in May, it was forced to shut its entire network carrying 45 percent of all fuel to the East Coast, sparking a national fuel crisis that sent gas prices soaring.
Weeks later, the food supply chain was dealt a blow when hackers led to the four-day closures of plants belonging to America's largest beef supplier JBS.
The National Guard has been preparing for a major cyber attack that would bring down utilities across the US, after the hack of the Colonial Pipeline brought the nation's fuel supply to its knees. Pictured the two-week training exercise
Troops from across the New England region practiced tackling a massive simulated breach across critical infrastructure sectors including power, water and gas during the Cyber Yankee Event (above)
The Cyber Yankee event, which has been held for the last seven years and was carried out in Camp Edwards, Cape Cod, tested the ability of the National Guard cyber units to respond to a real-life cyberattack and trained them to collaborate with government and industry partners.
Troops were divided into Blue Teams - Guardsmen and industry partners who played their own roles responding to cybersecurity breaches - and Red Teams - Marines and Marine Reservists who posed as the threat actors.
Industry and government partners joined the exercise remotely due to the pandemic.
The exercise involved practicing using the new Cyber 9-Line tool where National Guard units in individual states can pass intel on potential threats to the centralized Cyber Command.
Similarly, the Cyber Command can alert state units about threats.
Maj. Michael Frank, cyber warfare officer for DCO-IDM company bravo, 6th Communications Battalion, told C4ISRNET that authorities must understand how the attackers work to be able to defend from them.
'In order to be effective defenders of a network, you need to know what the adversary TTPs [tactics, techniques and procedures] are,' he said.
'Doing cyber threat emulation here and actually going through the steps of OCO [offensive cyber operations] and going through what we would expect an adversary to be doing to us, we have a better idea of how to defend our networks.
'For them to get a chance to do it from this side is hugely valuable.'
This year marked the first year the gas pipeline sector was involved in the exercise - coming just weeks after the Colonial Pipeline attack (pictured the Colonial Pipeline Co. Pelham junction and tank farm in Pelham, Alabama)
An Exxon station in DC is seen out of gas in May after the cyberattack crippled the biggest fuel pipeline in the country
Lt. Col. Cameron Sprague, J6 and CIO for the Connecticut Air National Guard and deputy exercise director for Cyber Yankee, told C4ISRNET it is difficult to run an exercise that is true to life.
'Operating effectively in incident response environment is really hard,' he said.
'That's what a lot of teams first take away when they're walking through this is how we're actually going to do an incident response plan.
'That's the big point of this. That's why a lot of them come back year after year.'
Maj. Ryan Miler, state cyber operations officer for the Connecticut Army National Guard, told the outlet that one of the key aims for the exercise is to build trust between the private companies, the state National Guards and the various government agencies.
'We do it in an exercise environment so that when it does happen, we've already got those relationships established not just from a National Guard but from all of our critical infrastructure, our federal, local, state partners,' Miller said.
'We've established those lines of communication and then it's that much easier to get together and respond.'
The exercise involved practicing using the new Cyber 9-Line tool where National Guard units in individual states can pass intel on potential threats to the centralized Cyber Command
Marines address visitors during Cyber Yankee 21 on Camp Edwards in Massachusetts. The exercise involved a situation where a huge cyber attack targeted utilities on the West Coast before moving east across the country
Guardsmen worked alongside government agencies - including the FBI - as well as private sector utility partners to respond to the crisis
Each year, additional partners are brought on board to join the event.
This marked the first year the gas pipeline sector was involved - coming just weeks after the Colonial Pipeline attack.
The pipeline was taken offline on May 7 in the attack, halting 2.5 million barrels per day of fuel shipments along the line running from Texas to New Jersey.
The hack sparked concerns of a national fuel crisis with thousands of gas stations running out of fuel and motorists racing to fill up their cars, pushing the national average price of gas past $3 for the first time since 2014.
Officials said the hack was the most disruptive cyberattack on energy infrastructure in American history.
The blame was leveled at criminal cybergroup DarkSide - which is believed to be based in Russia or Eastern Europe with ties to Russia.
Colonial Pipeline shelled out almost $5million to DarkSide to get its pipeline back online as soon as possible.
Cybersecurity was a major talking point between Russian President Vladimir Putin and US President Joe Biden at the G7 summit last week (pictured)
Just weeks later, JBS fell victim to an attack, forcing it to shut down its computer servers, suspending meat production systems at its US plants for four days.
US officials are now vowing to ramp up the nation's defense against cybercriminals with the White House announcing the creation of a new inter-agency taskforce to better coordinate its response to attacks.
Cybersecurity was a major talking point between Russian President Vladimir Putin and US President Joe Biden at the G7 summit last week.
Biden told Putin that certain critical infrastructure should be 'off-limits' to cyberattacks.
Putin denied that Russia was behind recent hacking attacks.
The FBI has also put cybersecurity high on its agenda with its fiscal year 2022 budget proposal including an additional $40million for cybersecurity investigations.
It also includes another $15million to help the FBI improve its own cybersecurity.
No comments