It’s a nightmare scenario for the federal government: a catastrophic cyberattack against the nation’s critical infrastructure, one that disables the power grid or financial system.
The Department of Defense and many other agencies pour billions of dollars into cybersecurity technology investments to prevent such attacks. Yet DOD and U.S. Cyber Command officials say that there is currently no training program designed to imitate sophisticated attacks and help federal cybersecurity professionals prepare for them — and there likely won’t be until 2018 at the earliest.
Without such a program — which DOD calls a “persistent training environment”— the department will be unable to adequately prepare for what a massive, real-world cyberattack will look like.
The Need for New Capabilities
“We don’t have the scale or the complexity to truly represent a realistic and relevant threat, the ones that we’re truly trying to train to,” said Brig. Gen. Charles L. Moore Jr., deputy director for global operations for the Joint Chiefs of Staff, speaking at a House Armed Services Committee hearing late last month, according to Defense One.
According to FedScoop, Moore said a document containing what the initial capabilities for the persistent training environment would entail is under review, and that if as expected it gets approved and funding stays in line with current expectations, the program could be up and running by fiscal year 2019.
If the country did face a major cyberattack against critical infrastructure, Cyber Command would aid in the response, as directed first by U.S. Northern Command and also by the Department of Homeland Security, Defense One notes.
Lt. Gen. James McLaughlin, Cyber Command’s deputy commander, was asked at the hearing whether his forces were ready to respond to a variety of cyberattacks on critical infrastructure. “I would not be able to say I’m confident we would be able to respond to all of those,” McLaughlin said. “Control systems are different than platforms like airplanes and tanks, which are different from networks.”
In addition to being able to more closely mimic realistic attacks, the persistent training environment will be able to handle a wider variety of commercial companies that might want to participate, as well as a more diverse set of systems, networks and devices, Defense One reports. Additionally, Cyber Command and DOD officials will receive continuous training against sophisticated attacks, not just one-off training exercises.
Building Off of Existing Structures
The new kind of training environment would use as its foundation several existing training programs, FedScoop reports, including Cyber Command’s Cyber Guard and Cyber Flag exercises.
As FedScoop reports: “Cyber Guard is a rigorous nine-day training exercise that gathers Cyber Command personnel, similar operators working for NATO allies, private cybersecurity professionals, critical infrastructure company representatives and other technology partners to engage in simulated cyber warfare. Attacking and defending forces are divided to pit intelligent specialists against one another.”
In mid-June, Cyber Command finished Cyber Guard, which brought together 800 representatives from DOD, DHS, FBI and industry to practice battling large-scale cyberattacks.
While such joint training exercises are useful, McLaughlin said at the hearing that the new environment will go further.
“Part of what we will build are the high-fidelity replications of each of those unique types of targets that we would defend against,” he said, according to Defense One. “We are building the ability for civil or other partners … [to] connect into that environment, and then the people that want to actually do it, they will actually sit down, plug into what looks to them like their realistic replication of what they’re trying to defend, and then do their job in a realistic scenario against hackers.”