WASHINGTON — An upcoming cyber conference could help the U.S. Army better understand how to use its defensive cyber efforts to protect critical assets and harbor a more robust national cybersecurity ecosystem.
The Jack Voltaic series, developed by the Army Cyber Institute at the U.S. Military Academy to game out the state of cybersecurity at local ports, kicks off its next conference Feb. 24 at The Citadel military college in Charleston, South Carolina.
The exercise has thus far focused on defending critical infrastructure across two cities — Charleston and Savannah, Georgia — allowing them to gain a better understand of incident management if a cyber disruption occurs.
Army Cyber Command, as well as the Guard and Reserves, have cyber protection teams that hunt actors on Defense Department networks and eradicate threats. This exercise could provide insights as to how to better use and deploy those teams.
“Are there places where it would be appropriate to apply those capabilities, and then where are the mechanisms to do that,” Lt. Gen. Stephen Fogarty, chief of Army Cyber Command, told C4ISRNET, regarding lessons he hopes to get out of the event. Fogarty is providing the opening conference keynote.
One mechanism he suggested is “Defense Support of Civil Authorities,” the process for which the U.S. military can assist state and local entities.
From the Army’s perspective, it has to deploy from ports. If those areas, which are under the control of state and local governments, succumb to cyberattacks, it hinders the Army’s ability to deploy. Thus, it is in the best interest of the Army and the rest of the services to lend a hand in aiding localities in improving their cyber defense, which leads to better national cybersecurity.
“We require strategic mobility. Again, we don’t want to be fighting on our shores; we want to keep that offshore. We have to be able to get to the fight,” Fogarty said. “For us, it’s making sure there’s clear understanding by civil authorities what our requirements are, what our expectations are, and then what we can [do] to assist them and protect that strategic capability for the nation.”
After Jack Voltaic 3.0 in September 2020, officials realized there was a need to keep the conversation going regarding critical infrastructure resiliency.
“It’s too important to conduct once, write down some lessons and then move on,” said Col. Jeffrey Erickson, director of the Army Cyber Institute. “Rather, we wanted to continue to foster an ecosystem of information and knowledge exchange through a series of conferences with Norwich University Applied Research Institutes, the Georgia Cyber Center, The Citadel and the Critical Infrastructure Resilience Institute at the University of Illinois.”
Events such as Jack Voltic also help the Army better tune to certain threats, Fogarty said, noting that partnerships with industry and academia help alert the service to different types of challenges, and vice versa for local governments.
There’s “an array of threats that local authorities — they’re going to be the principal responders to. Their ability to identify these [threats] — essentially to rehearse what their responses are, understand what their capabilities are, where their limitations may be, where they make investments — that’s, really what they principally get out of this,” Fogarty said. “For the Army, what I want to do is I want to worry about getting the people, the material that we require to conduct operations there.”
Officials believe success equates to increased awareness across all sectors.
“Success this week looks like increased awareness in the community, new (and greater) connections between public and private sectors, and potential new critical infrastructure resiliency events in the future. Only through more sets and reps can we continue to increase resiliency at all levels,” Erickson said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.