The U.S. Department of Defense wrapped up a 20-day series of cyber-exercises incorporating more than 100 federal and state organizations as well as private industry and academia, the DOD announced on July 1.
The exercises, known as Cyber Guard 15, involved a closed network that allowed distributed access for participants across the United States and security experts posing as attackers. Led by U.S. Cyber Command, the Department of Homeland Security and the Federal Bureau of Investigation, the training simulation involved civilian agencies, such as the Federal Aviation Administration, and a variety of military groups, such as the Department of Defense's Cyber Protection Teams, Computer Network Defense Service Teams and National Guard teams from 16 states.
In addition, for the first time, the exercise included participants from the private sector, including members of the financial services, electricity sector, and multi-state information sharing and analysis centers (ISACs).
"Most critical infrastructure in the United States, particularly in the information technology area, is owned by the private sector," Coast Guard Rear Admiral Kevin Lunday, U.S. Cyber Command's director of training and exercises, said in a statement. "So we rely on them, particularly when we are responding to a major incident or attack on the private sector."
While not the first U.S. government cyber-exercise, the effort comes as a number of agencies are recovering from significant attacks. In June, the Office of Personnel Management acknowledged that its networks had been breached, allegedly by attackers from China, and information on background checks on millions of job applicants stolen from its systems. The same month, the Internal Revenue Service announced that criminals had accessed the taxpayer records of more than 100,000 people through its online Get Transcript service.
While the Cyber Guard exercises are intended to develop the response capabilities needed to deal with a widespread attack on critical infrastructure, participants gain needed experience in dealing with incidents, Peter Tran, senior director of RSA's worldwide cyber-defense group, told eWEEK.
"An exercise specific to testing how adequate our security is and how resilient our cyber-weapons are is long past due," he said. "But we still have a lot of work to do, since these exercises typically do not test all the tactical issues."
Cyber Guard 15 is the fourth annual event that the Department of Defense bills as an evolving exercise that has expanded to answer the needs, and the increasing reliance on the Internet of the United States and its military. The three lead agencies all have roles in the nation's cyber-capabilities: The Department of Homeland Security is responsible for defending the nation's networks and systems; the FBI responds to and investigates attacks and incidents; and the Department of Defense defends critical U.S. networks and uses cyber-capabilities to help carry out its military missions.
Most of the exercises took place in a cyber-range facility in Suffolk, Va., according to information released by the DOD.