Joint Staff hosts huge electronic exercise

A coordinated cyber attack has left much of the nation in darkness. There is a huge oil spill in the Gulf of Mexico. Traffic control systems have been shut down in Tennessee. And ports along the West Coast have been all but crippled.

That is the scenario more than 800 individuals from an array of military and civilian agencies faced this week during Cyber Guard 16, an exercise designed to test the ability of the military, government and industry to work together, respond to and defend against electronic attacks against the nation’s critical infrastructure.

Led by U.S. Cyber Command, the Department of Homeland Security and the FBI, the exercise was held at the Join Staff Suffolk Complex, located off College Drive in North Suffolk, though teams also joined remotely from Fort Meade, Md., Scott Air Force Base in Illinois and Pensacola, Fla.

The main point of the exercise was not to determine who might have caused the fictitious disasters, though some teams, like the FBI, were definitely trying to determine “attribution.”

Nor was the intent to develop or test America’s potential military response to such an attack by some other nation or terrorist group — those responses will be tested in another exercise, Cyber Flag 16, set for later this month at Joint Staff Suffolk.

Instead, the goal of Cyber Guard 16, which concluded Saturday after eight intensive days of immersion into what, for its participants, looked and felt like a real national disaster unfolding before their eyes, was to encourage cooperation among agencies and industries and help identify weaknesses in the response plans of participating organizations.

“The battlefield is the wrong place to meet for the first time,” said one agency chief on Friday.

That official watched as a team sequestered in a purpose-built room within the facility grappled with the problem of an unknown entity that had broken into the Federal Aviation Administration’s computer system and stolen software that would give the hackers knowledge of the location of military aircraft around the nation.

Cyber Guard 16, the fifth in an annual series of such exercises, was the first to include private-sector participants — among them Dominion Virginia Power; the ports of Los Angeles, San Diego and Long Beach, Calif.; American Electric Power; National Oilwell Varco; and others.

The first version of the exercise, held in Suffolk in 2012, was designed simply to test the ability to coordinate incident responses between the federal and state governments and to explore the ability to use the National Guard to buttress the response to a cyber attack.

The exercise has grown, with more agencies involved and more offsite participation each year since 2012.

The scalability of the exercise and the adaptability of the facility that Joint Staff Suffolk now occupies are two of the best features of the Cyber Guard series, according to Major General John Charlton, vice director for Joint Force Development, J7. J7 assists the Chairman of the Joint Chiefs of Staff in training and equipping the various branches of the military to operate in a unified and integrated manner.

Charlton said Cyber Guard 16 was the result of 10 months of planning and three months of building and reconfiguration within the Joint Staff Suffolk complex.

Hundreds of support staff from a variety of agencies were involved in preparing for and hosting the event at the 48,000-square-foot facility, he said.

More than 1,100 computer workstations were set up for the exercise, utilizing “miles and miles” of fiber-optic cables that run below the floors throughout the building.

“This place was built to do these exercises,” Charlton added, noting that the level of detail his staff was able to support extended even to producing fictitious live news feeds and “all of the simulation necessary to make it seem realistic.”

Future versions of Cyber Guard, he said, could involve even more agencies — some sending teams to Suffolk to participate on site and others joining the closed network from remote sites.

During a tour on Friday, officials provided media access to several rooms where “blue teams” worked to stabilize and respond to the damage caused by the increasingly diabolical electronic incursions of the “red teams,” which took on the role of a coordinated electronic foe for the exercise.

In the exercise control room, known as “The White Zone,” large, flat-screen monitors showed flowcharts and diagrams representing various facets of the exercise. Dozens of smaller computer monitors arrayed at workstations around the spacious room had been temporarily switched to show innocuous charts or the Cyber Guard 16 logo.

Controllers there were the conduits between the blue force and the red force. If the troubleshooters on the blue force were solving their problems too easily, an order from the control room would cause the red force to raise the stakes by introducing some new twist to the scenario.

By Friday, the scenario had become complicated, indeed.

Rolling blackouts in the Midwest had darkened Michigan, Pennsylvania and Ohio. Traffic systems that control lights, signs and highway gates had become unresponsive in Tennessee. Control systems at a refinery in Port Arthur, Texas, had been shut down, causing a major oil spill in the Gulf of Mexico. A cascading power outage in Arizona was having effects as far away as Los Angeles. California’s ports were under electronic attack, making it impossible to fuel vessels and stranding an ever-growing fleet of container ships off the coast. And through it all, the red team continued to throw electronic glitches, spearfishing emails and other complications — both minor and major — into the mix.

“Our goal is to have the red team test them and get them to the point of failure,” one official explained.

The idea, said Coast Guard Rear Admiral Kevin Lunday, director of exercises and training for U.S. Cyber Command, is to get the participants “to perform up to the point of failure, because that’s where learning is going to happen.”

Better to fail within this controlled environment in the middle of a test, officials said, than to risk failing in the middle of a real cyber attack.