Cyber Guard marshals resources from government, industry
- By Mark Pomerleau
- Jun 23, 2016
How would the government respond to a coordinated cyberattack against critical infrastructure that started with rolling blackouts in the Northeast, oil spills in the Gulf and a shutdown of ports in California? This was a fictitious scenario that played out at the fifth annual Cyber Guard exercise June 9-18 in Suffolk, Va.
Cyber Guard seeks to foster coordinated cyber incident response between federal and state governments. Cyber Guard 16, co-led by Cyber Command, the Department of Homeland Security and the FBI, featured more than 100 defense and civilian agencies, international and industry partners, internet service providers, power utilities and port authorities.
DHS, the lead agency during a domestic disaster, replicated the capabilities of its National Cybersecurity and Communications Integration Center, a situational awareness resource that shares information among public and private sector partners to build awareness of vulnerabilities, incidents and mitigations. In fact, officials told members of the media during a media day, Cyber Guard 16 was the first time NCCIC was operating from a remote location -- in this case Pensacola, Fla.
During the exercise, NCCIC was supporting incident response requests from agencies such as the Federal Aviation Administration and had intelligence analysts embedded with cyber protection teams from Cyber Command.
The FBI’s NCCIC counterpart, the National Cyber Investigative Joint Task Force, participated as well. NCIJTF consists of over 20 partnering agencies that coordinate, integrate and share information that supports cyber investigations. FBI’s Cyber Watch, or CyWatch, a 24-hour command center for cyber intrusion prevention, also participated.
FBI’s participation highlighted its duties as the nation’s primary investigative and law enforcement entity. If a crime is committed, FBI personnel will work with industry to develop a case. At Cyber Guard, 23 FBI agents were paired with local industry personnel, giving them the opportunity for to build trust with members of the private sector.
While the FAA’s operational role was classified, officials explained that its presence was due, in part, to the fact that the national airspace is deemed critical infrastructure. FAA personnel said the exercise was a chance to strengthen coordination with DOD and bring staff together to improve communication in the event of an incident.
One of the 13 National Guard units participating in the exercise was the California Guard, which was activated by the governor to conduct incident response on critical infrastructure. The California Guard units worked with DHS and the FBI to share information about what they were finding.
Officials were very positive about the progress made at this year’s exercise, and over the last four years more broadly. “We’re extremely excited about the learning that’s going on -- not just the learning, but the development of the force overall,” Maj. Gen. John Charlton, vice director for Joint Force Development, said.
“We are taking steps up in terms of developing our cyber capabilities -- not just on an individual cyber warrior basis, but as an organization,” he said. “We’re pulling in our interagency partners, our multinational partners, our industry partners because that’s what that fight’s going to look like.”
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.