FORT MEADE, Md. - Partners from across government, academia, industry and the international coalition recently completed Cyber Guard 14-1, a two-week exercise designed to test operational and interagency coordination as well as tactical-level operations to protect, prevent, mitigate and recover from a domestic cyberspace incident.
Elements of the National Guard, reserves, National Security Agency and U.S. Cyber Command exercised their support to Department of Homeland Security and FBI responses to foreign-based attacks on simulated critical infrastructure networks, promoting collaboration and critical information sharing in support of a "whole-of-nation" effort.
The National Guard plays a key role in directly helping the states affected by a cyber incident, allowing federal forces to focus on their more traditional mission. The majority of the participants were National Guard service members representing 22 states.
"Citizens of our nation are counting on us to generate the necessary capacity and capability to meet the challenges of this problem set," Navy Adm. Michael S. Rogers, Cybercom commander and NSA director, said in remarks to more than 70 distinguished visitors to the exercise. "We are continuing to learn and mature. We have to build a construct to work seamlessly and effectively with our partners, and not just within the government, but also with industry and academia - outside [the Defense Department]."
Building and ensuring partnerships, processes, and human and technical capabilities were common themes during the exercise.
"We talk all the time about physical networks connecting computers and communications," said Robert Anderson, executive assistant director of the FBI's criminal, cyber response and services branch, in remarks to exercise participants. "But we must remember that on both ends of that computer network, there is a network of people working toward a common goal: to defeat our adversaries. Cyber Guard helps us get better at using the network of warriors on the front lines - like you - to achieve our goal."
The event, executed by Cybercom and hosted by the FBI at the National Academy in Quantico, Virginia, was the largest yet, hosting more than 550 participants, roughly double the number who participated last year. Continuing the event's evolution into a holistic, whole-of-nation effort, observers from academia, private industry and state utilities were on hand to observe.
In the event of a domestic cyber incident, federal agencies have specific, complementary roles, officials said.
DHS is the lead for coordinating the protection, prevention, mitigation of, and recovery from a cyber incident. The Justice Department and the FBI are responsible for the investigation, attribution, disruption and prosecution of domestic cyber crimes, as well as the collection, analysis and dissemination of domestic cyber threat intelligence. DoD is responsible for defending the nation from attack, collecting, analyzing and distributing foreign threat intelligence, and supporting DHS in their protection, prevention and recovery role.
"Practicing as an interagency team is essential to ensure national response to cyber events produce results that are effective and efficient," said Greg Touhill deputy assistant secretary of homeland security for cybersecurity operations and programs. "Exercises like Cyber Guard help us develop and refine key information sharing and coordination processes, understand each other's capabilities and authorities, and operate in a manner that keeps us in the right formation to present the best national response."
The exercise also included several Cyber Protection Teams, part of Cybercom's Cyber Mission Force being built over the next few years. The teams defend DoD information networks and help support DoD's requirement to provide foreign intelligence and assessment and active-duty capabilities to defend the nation.
"Cyber Guard provided an opportunity for agencies to execute and refine the DoDIN command and control construct model," said Phil La Perla, chief of readiness and exercises for the Defense Information Systems Agency. "The 90th (Cyber Protection Team), aligned to DISA, also benefited by teaming with the U.S. Coast Guard in defending DoD information networks, building on our great relationship with DHS." Some of DISA's network management teams also participated in the event.
In addition to the observers, FBI hosted an "Industry Day" that included 105 participants from a broad cross-section of private industry, including energy, finance, and information technology security. The event continued to strengthen relationships with private industry to facilitate information sharing that could prevent, mitigate or respond to a cyberattack, officials said.
"This robust, interagency exercise to defend the nation has accelerated in maturity over the last three iterations," said Coast Guard Rear Adm. Kevin Lunday, Cybercom's director of training. "We used this event to develop teamwork and collaboration, and we have gone from just a few Guard teams two years ago to incorporating critical government and private sector partnerships to test whole-of-nation solutions in this dynamic domain."
Eric Rosenbach, deputy assistant secretary of defense for cyber policy, took note of other ways the exercise has improved and evolved.
"I think it's really impressive what you've done from the authority, policy and law standpoint," he said in comments to the distinguished visitors at the event. "I also think how you've connected the technical parts - the ranges, your tools and capabilities - is also impressive."
Lunday also noted that in each iteration of the exercise, the scenarios from the adversary - simulated by a 'red team' - get more realistic and incorporate lessons learned from previous exercises.
"What you're doing here is critically important to how we will respond on behalf of our nation to a major cyberattack," he said. "The more we know and share about the adversary and the better-defined our processes are, the better we can defend the nation."