National Guardsmen have just completed a two-week training exercise responding to a simulated cyberattack that destroyed critical utilities in the United States. The drills have become an annual event, but this year gained even more prominence after launching several major ransomware and cyber attacks over the past few months that crippled large parts of America’s infrastructure.
The exercises were part of the seventh Cyber Yankee, a training event that brings together guardsmen from across the New England area to test their responses to simulated cyberattacks. This year’s drills simulated a cyber attack targeting utilities on the west coast before spreading east across the United States towards New England. The exercise was designed not only to provide hands-on training in responding to active cyberattacks, but also collaboration between the National Guard and private sector partners, the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Federal Energy Regulatory Commission, and the U.S. Cyber Command, among others.
Marine Forces Reserve / LCpl Mitchell Collyer
Marine Forces Reserve and Army National Guard personnel participating in Cyber Yankee 2021.
“We do this in a training environment so that by the time it happens we will have those relationships built not just by a National Guard but by all of our critical infrastructure, our federal, local and state partners,” said Maj. Ryan Miler, State Connecticut Army National Guard cyber operations officer. “We have established these lines of communication and then it is much easier to come together and react.”
At this year’s Cyber Yankee, the new Cyber 9-Line system developed by US Cyber Command (USCYBERCOM) was used for the first time in the annual exercise. Cyber 9-Line provides the National Guard cyber units with a template of questions that will enable them to quickly provide USCYBERCOM with the details of an alleged cyber attack in the chain of command. Once CYBERCOM has this information from Cyber 9-Line, it can diagnose this attack faster and more efficiently and return information to the reporting unit, which can then pass this information on to affected local governments and industrial partners. “The Cyber 9-Line is still in its infancy, but after we launched this program a few months ago, we already have it [seen an impact]”Said Lt. US Air Force Col. Jeff Pacini, deputy chief of CNMF Future Operations, in a USCYBERCOM press release last year. “Ultimately, it’s about helping one another.” The Cyber 9-Line Questionnaire is similar to other nine-line formats used by the US armed forces for requests such as medical evacuation or close air support.
A USCYBERCOM slide with the questions the Cyber 9-Line tool asks.
Lt. Col. Cameron Sprague, the Connecticut Air National Guard’s chief information officer and assistant trainer for this year’s Cyber Yankee, said the simulated cyberattacks should be as realistic and complex as possible in order to prepare for the type of incidents across the country more frequently:
It is really hard to do such an exercise effectively. Many cyber exercises involve capture-the-flag game-like activities that are too simple and not necessarily applicable to real-world crises. It’s really difficult to work effectively in an incident response environment. That’s the first thing many teams take with them when they go through this. This is actually how we’re going to create an incident response plan. That’s the big point.
The trainers said the teams that carried out bogus attacks provided a way for the National Guard to get a better idea of what to expect in the event of actual cyberattacks and ransomware operations. Knowing how your enemies conduct attacks can help you be better prepared to defend against them.
Last year’s Cyber Yankee exercises gathered over 200 guardsmen to combat various cyber threats. The guardsmen were divided into four blue teams tasked with responding to simulated cyberattacks, a red cell, which carried out these attacks, and a white cell, which “regulated and evaluated event operations”.
U.S. Army Col. Woody Groton, who headed the Cyber Yankee last year, said in 2020 that the exercise is aimed at providing guards against the same types of cyber threats currently facing U.S. businesses and infrastructures are exposed:
Cyber security, especially in critical infrastructures and in the state government, is currently a big issue. You can see it on the news every day. Ransomware attacks are increasing; Loss of data, loss of intellectual property. It’s hard to keep up with your opponent. We have also seen a significant increase in cyber attacks and attempted cyber attacks on the electrical industry and water in recent years. By training this in advance, we will be better prepared in the event of an actual incident.
Marine Forces Reserve / LCpl Mitchell Collyer
Marines address visitors during Cyber Yankee 2021.
Cyber attacks on civil infrastructures have become a priority as a national security problem in recent years as they have become more frequent and crippling. A ransomware attack paralyzed the largest fuel pipeline in the United States in May 2021, causing fuel shortages in some parts of the east coast. Georgia-based Colonial Pipeline officials eventually paid nearly $ 5 million in ransom to end the cyberattack, about 85% of which the FBI was later able to get back in the form of cryptocurrency.
A similar ransomware cyberattack followed the Colonial Pipeline attack in June 2021, this time against the world’s largest meat processing company. However, it is not just large private sector companies that are being attacked as ransomware attacks against local governments and institutions in the US are increasing at an alarming rate. In one example, a Louisiana National Guard unit foiled a 2020 cyber attack on government offices believed to have originated in North Korea and may be related to elections in that state.
While many of these attacks are reported to have been carried out by criminal organizations rather than state actors, many fingers have been pointed in the direction of the Russian government. Some attacks are even believed to have originated directly from Russian intelligence agencies, such as the 2020 cyber attack on information technology management company SolarWinds that broke into servers owned by US government agencies and private companies. Russia denied any involvement in this attack.
“I can assure you that we are raising this through the highest levels of the US government,” White House press secretary Jen Psaki said after the ransomware attack on meat processing in June. “The President certainly believes that President Putin has a role to play in stopping and preventing these attacks.”
AP / Patrick Semansky
Biden and Putin meeting in Geneva in June 2021
The most recent summit between US President Joe Biden and Russian President Vladimir Putin in Geneva focused on cyberattacks and ransomware plots. Biden reportedly gave Putin a list of 16 critical American infrastructure sectors that the White House wants Russia to be “banned” from cyberattacks, including energy and water utilities. Putin, meanwhile, said Russia had nothing to do with the Colonial Pipeline attack, claiming instead that the United States was responsible for most of the world’s cyberattacks.
The White House recently announced that it would give ransomware attacks a priority similar to terrorist attacks and set up a new task force that will enable various government agencies at multiple levels to coordinate information sharing and response to cyberattacks. “It is a specialized process to ensure that we pursue all ransomware cases, regardless of where they are directed in this country, Attorney General in the Justice Department. The Biden government signed an executive order in May 2021 to strengthen and modernize cybersecurity defenses across the federal government, including intelligence services and the defense ministry.
As recent events have shown, cyber attacks do not need to disable missile defense systems or satellites in order to cause damage and major disruption. Cyberattacks on private companies like Colonial Pipeline can do just as much damage by disrupting the operation of fuel supplies, while a ransomware attack on a commercial electricity company could undoubtedly wreak massive damage, given the basic utility and public safety systems that the nation relies on every day depends, get dark. We can probably expect exercises like Cyber Yankee to grow and become more complex as the cyber threat continues to spread and the US government finds more ways to contain and defend itself against it.
Contact the author: Brett@TheDrive.com