Representatives from the U.S. Cyber Command and the Joint Chiefs have admitted to lawmakers that the U.S. military cannot fully test its ability to defend against a full fledged cyber attack on civilian infrastructure. The current digital training facility utilized by counter-intelligence agencies in the U.S. is incapable of simulating a “catastrophic” attack and will not be able to simulate such an attack until 2019.
On Friday, U.S. Cyber Command wrapped up Cyber Guard, a massive exercise that gathered 800 members of Department of Defense, Department of Homeland Security, and the FBI to practice repelling a major network attack on U.S. infrastructure. The event took place at a “cyber firing range” located in Suffolk, VA. Despite their combined efforts the agencies were not able to simulate a full out attack.
Brig. Gen. Charles L. Moore Jr. commented on the shortcoming of the simulated attack, he said to the House Armed Services Committee:
“We don’t have the scale or the complexity to truly represent a realistic and relevant threat, the ones that we’re truly trying to train to,”
Lt. Gen. James K. “Kevin” McLaughlin, Cyber Command’s deputy commander, also commented on the inability to simulate a true attack and the implications lack-luster training can have on our digital security as a nation. When asked whether or not he thought his agency could repel a massive attack he responded:
“I would not be able to say I’m confident we would be able to respond to all of those, Control systems are different than platforms like airplanes and tanks, which are different from networks.”
McLaughlin claims this is only a temporary setback. He assured lawmakers that Cyber Command is building what they call a “Persistent Training Environment” that will allow them to prepare for any and all cyberattacks against the U.S.
McLaughlin claims the Persistent Training Environment is a much larger and more complex system than what is currently being used. The PTE can host a wider array of commercial industry participants, a larger array of systems, networks and devices; and will be able to better emulate a catastrophic cyber attack. He also claims it will allow trainees to learn to defend against attack around the clock rather than during occasional, premeditated, occasions. He states the new cyber training facility will allow intelligence agents to get a more realistic training experience that will provide a more realistic replication of an actual attack.
“Part of what we will build are the high-fidelity replications of each of those unique types of targets that we would defend against, We are building the ability for civil or other partners … and connect into that environment and then the people that want to actually do it, they will actually sit down, plug into what looks to them like their realistic replication of what they’re trying to defend. And then do their job in a realistic scenario against hackers.”
McLaughlin states that the Joint Chefs are in the process of reviewing the initial capabilities document of the plan. If the review concludes in the next few weeks, as it is planned to, the PTE will be completed by the end of the 2019 fiscal year.