Cyber professionals from the U.S. and multiple other countries are in the midst of an annual competition led by U.S. Cyber Command meant to enhance the nation’s cybersecurity in wake of months of devastating attacks.
The annual Cyber Flag competition this year brought together 430 cyber professionals on 17 teams representing U.S. Cyber Command and other Defense Department agencies, the House of Representatives, the National Guard, and the U.S. Postal Service. It also incorporates teams from the United Kingdom and Canada.
Each year, the teams are presented with a scenario involving a major cyber incident, with this year’s scenario involving an attack by two adversaries on a logistics support depot. The competition runs through Friday and is operating across eight time zones, with teams competing to win.
“Think of these like a compound, like a Bin Laden compound, where they go and they rehearse and they rehearse and they rehearse, and they get to see this network in a place where they can do the live target practice, do the live cyber defense that they need to stay sharp,” U.S. Navy Lt. Commander Gabe Edwards, the Cyber Flag exercise lead, told reporters Wednesday.
The exercise is the Department of Defense's largest annual cyber training exercise, and this year utilized a virtual training platform to allow teams to compete from their home bases. As a result, the exercise was five times larger than in previous years.
The competition is being held in the wake of months of escalating cyberattacks, including ransomware attacks on Colonial Pipeline, which provides 45 percent of the East Coast’s gas, and on JBS USA, the nation’s largest provider of beef.
Additionally, the SolarWinds hack allowed Russian-government-backed hackers to compromise nine government agencies for most of last year, and new vulnerabilities in Microsoft’s Exchange Server discovered in March potentially compromised thousands of organizations.
Edwards said that a ransomware attack like the one on Colonial was a potential part of the exercise this year.
“We’re having the teams experience the same scenario, but they can carry error forward through the exercise, so based on the actions they take, they continue engineering their environments in ways that structure the scenario from there on, it’s kind of a choose your own adventure type of an exercise,” Edwards said. “This year we have used a ransomware payload to inject into the scenario if it progresses to that.”
Edwards noted that future Cyber Flag exercises would incorporate a wide range of threats in an effort to think outside the box on potential threats.
“You name it, we’ll model it,” he said.
U.S. Coast Guard Rear Admiral Christopher Bartz, chief of Exercises and Training at U.S. Cyber Command, told reporters Tuesday that Cyber Flag was essential in light of the attacks.
“It hit home this spring, I think every American was starting to understand really what the capabilities of adversaries, both state and non-state are, so it’s important for the American public, and Cyber Command is going to do whatever it can to defend the nation,” Bartz said.
Bartz noted that U.S. Cyber Command would use the results of the exercise to improve cybersecurity defense capabilities in a world where cyber threats are only multiplying.
“It’s trying to stay one step ahead of what our adversaries are doing, and that is what we are going to point our training to,” he stressed.