Cyberspace and critical infrastructure operators and experts from more than 100 organizations spanning government, academia, industry and the international coalition participated in the fourth annual Cyber Guard exercise, June 8-26.
U.S. Cyber Command, the U.S. Department of Homeland Security and the Federal Bureau of Investigation co-led the exercise. More than 1,000 participants — including active-duty, National Guard and Reserve units and personnel from all five military services — took part in the exercise in Suffolk, Virginia.
Participants rehearsed a whole-of-nation response to destructive cyberattacks against U.S. critical infrastructure.
U.S. Cyber Command Commander Navy Adm. Michael S. Rogers spent a day with Cyber Guard participants, touring exercise areas and speaking with players. Rogers also serves as the director of the National Security Agency and chief of the Central Security Service.
"Cyber Guard is designed to exercise the interface between the Department of Defense — the active and Reserve and Guard components — that are focused on the cyber mission, and to partner with other elements of the U.S. government as well as state and local authorities," he said.
The exercise also sought to develop shared situational awareness among government agencies, the private sector and allied partners.
Partnership is Key
In Suffolk, Cyber Guard players practiced actual operations on a closed network against simulated expert adversaries.
Private-industry participation included several information and sharing analysis centers, as well as public and private research institutions.
Rogers said Cyber Guard leveraged and used the capabilities from the private sector with capabilities of the federal government within DoD and, more broadly, the FBI and DHS.
The inherent challenge, Rogers added, is to build partnerships among organizations that don’t necessarily have common backgrounds, standards or terms. Bridging that gap, and bringing them together, harnesses the capabilities of all participants to meet their differing needs, he said.
Coast Guard Rear Adm. Kevin Lunday, U.S. Cyber Command’s director of training and exercises, discussed lessons that Cyber Guard offered for Cybercom.
One of these, he said, was the importance of synergy with the private sector partnerships.
"Most critical infrastructure in the United States, particularly in the information technology area, is owned by the private sector," he said. "So we rely on them, particularly when we are responding to a major incident or attack on the private sector."
U.S. allies also participated in Cyber Guard, he added.
"We understand that any time we do joint operations, those are inherently coalition operations, and we have to bring [in] our allies," Lunday said.
Also important is a total-force approach within DoD, he said.
"Some of our deepest expertise is in the Guard and Reserve elements," Lunday said, "so taking a total-force approach in terms of preparation and response to this kind of event is very important."
Lunday said his role was "to plan and hold Cyber Guard 15 as a joint exercise to bring participants into the most realistic environment possible, in a closed network against a live expert opposing force, and cause them to press themselves to failure in an environment where we can accept the consequences of failure, and then learn because that’s where learning occurs."
Despite the success of this year’s Cyber Guard, Lunday stressed the need for a persistent training environment in which forces can train in a realistic environment continuously, rather than only a few times each year.
"The scenario we practice in Cyber Guard is not a question of if that will happen — it’s when," he said. "And the second question is, when it happens, will we as [the] Department of Defense, we as a nation, be ready for it?"