In September 2020, the Army Cyber Institute (ACI) partnered with Charleston, SC, and Savannah, GA, to conduct the first-ever virtual Jack Voltaic exercise – JV 3.0. The Jack Voltaic, Cyber Research project is an innovative, bottom-up approach to critical infrastructure resilience that provides insight into existing cybersecurity capabilities and identifies gaps. JV 3.0 contributed to a repeatable framework that cities, and municipalities nationwide can use to prepare.
Originally planned as a 3-day event in April 2020 to be held simultaneously in these two port cities, the ACI decided to make JV 3.0 two single-day, virtual events—one for Charleston on September 22, 2020, and one for Savannah on September 24, 2020—because of complications arising from the coronavirus disease 2019 (COVID-19) pandemic.
The JV 3.0 exercise leveraged NUARI’s DECIDE® platform during the exercise, enabling participants to gain critical insights and better understand their respective gaps in incident management for a cyber disruption or destructive event.
The DECIDE® platform is a tool that simulates cyber-attacks for organizations and their partners, stressing and testing incident response plans, resulting in after-action reports to improve strategic communication, compliance, risk, and overall resilience.
Leveraging the DECIDE® platform and Microsoft Teams, the ACI and its partners prepared the participants for the transition to distributed execution through several virtual tabletop exercises (TTXs) and rehearsals that included Jack Pandemus, a half-day event that simulated a cyberattack during pandemic conditions.
OBJECTIVES
The Army Cyber Institute’s research objectives included the following:
- Examine the impact of a cyber event on Army force projection
- Exercise the cities of Charleston and Savannah in emergency cyber incident response to ensure the provision of public services and safeguard critical infrastructure
- Reinforce a whole-of-community approach in response to cyber incidents through sustained, multi-echelon partnerships across industry, academia, and government
- Examine the coordination process for providing cyber protection capabilities in support of Defense Support to Civil Authorities requests
- Support the development of a repeatable and adaptable framework that allows a city to exercise its response to a multisector cyber event
Along with Charleston and Savannah, Army Cyber Command, the U.S. Coast Guard, South Carolina, and Georgia National Guards, participants in the exercise also included Dominion Energy, Southern Company, Chubb Insurance, Verizon, and AT&T.
The virtual tabletop exercise placed participants in a situation where they first encounter technical glitches in managing cargo. As the activity progressed, participants discovered they had been hit with spam mail and Emotet. Later, the participants found that they were hit with a ransomware attack, which then causes regional power outages in the simulation.
SUMMARIZED FINDINGS
- A sophisticated adversary can delay force projection without directly targeting military networks or systems and without its efforts being recognized as an attack. The risk of a contested homeland and/or contested movement must be addressed and mitigated.
- Vulnerability to cyber disruption is a whole-of-community problem that requires multi-echelon cooperative action by governmental entities as well as private industry to solve. JV’s bottom-up approach focuses this multi-echelon cooperative action on preparing the communities most likely to be targeted.
- Natural disaster response is more mature than cyber response, especially when a cyber disruption is dispersed across a region or is nebulous or otherwise unclear. Incorporating cyber elements into existing exercises may expedite the convergence of response maturation as well as solidify information-sharing channels and expectations.
- Cyber incident identification and declaration are delayed and may not even occur in cyberattack scenarios that fall below a catastrophic threshold. Proactive development of cyber incident response plans, guidance, and resources may expedite response times and reduce the effect of a cyber disruption.
- Leveraging technology to conduct exercises and improve the incorporation of cyber elements into exercises can increase flexibility and participation. Distributed exercises can closely simulate normal conditions in which no incident has been declared as well as the emergency operations center environment in which responders are working closely with one another to address an incident.
For the full report as well as more information on JV, please visit the JV website at https://cyber.army.mil/Research/Jack-Voltaic/.