Late last week, Circadence® participated in the Jack Voltaic 2.0 Cyber Research Project held in Houston, Texas. The event was described as a “bottom-up approach to critical infrastructure resilience,” where the City of Houston, in partnership with AECOM and the Army Cyber Institute (ACI) gathered with critical infrastructure partners to study cybersecurity preparedness gaps.
Developed by the ACI at West Point, Jack Voltaic 2.0 took place July 24–26 at the Houston Emergency Center and results from the activity will be published in a technical report from the Army Cyber Institute in November 2018.
Our own Laura Lee, executive vice president of rapid prototyping, attended the exercise and shared her experience in a quick Q & A.
What made this event special?
LL: This truly was a first of its kind event where a major city brought together both public and private entities across many different critical infrastructure sectors to prepare for a cyber event. It involved energy, healthcare, transportation, water and government services all working together to resolve an attack. The City of Atlanta suffered a cyberattack in early 2018 that caused millions of dollars and interrupted services in the city for weeks. The goal of this event was to avoid that type of situation and prepare, just like Houston does for hurricanes or the Super Bowl. There are always risks but the key is getting ahead of an event and developing policies and procedures to handle it.
What was the environment of the event like?
LL: During service restoration and when determining what was happening during the simulation, technical experts were serious in their pursuits to remediate the issues. Each team chose a leader and immediately and got to work. Harris County (where Houston resides) were quietly discussing what they were seeing for web attacks in their network, while the Port of Houston Authority were dealing with ransomware. Each team reported up to the Houston Emergency Center, with some teams reporting live via an online conferencing system. The activity was taken very seriously, and it felt like a real-world response.
What was one of the highlights of the event?
LL: The team from Memorial Hermann Health was asked to brief what they saw in ransomware and how they handled it. It was a Webex broadcasted to the 150 people in the Houston Emergency Center. All the teams were listening carefully to the report, trying to understand if they were seeing similar things. At this point, the hospital had successfully handled the attack, and everyone was gaining confidence and excitement.
Why did Circadence participate in this research exercise?
LL: Circadence is in a unique position to support city and state-wide cyber exercises because the company’s cybersecurity training and assessment platform, Project Ares®, offers virtual worlds that represent businesses and agencies in the real world. We have a synthetic internet with simulated users performing normal day-to-day jobs all in a closed, safe environment. For the event, it allowed key users to see and test what happens with the latest malware or cyber tactic. By using the Project Ares platform, we can select multiple environments that make up a city and then bring in real people, as if it was the actual city under attack. This gives a new dimension and real-world feeling to traditional “table top” exercises that are typically used for disaster preparedness. It’s a way to bring all the people required (government, industry, academia) together and includes the technical and policy personnel so everyone learns how to work together. We are passionate about helping every critical industry sector, every state, and every city learn to successfully mitigate cyber risk.
Circadence – Contributing to Critical Infrastructure Cybersecurity
Circadence supported the 6-month event planning process for the Jack Voltaic 2.0 Cyber Research Project. “We met almost monthly and created a realistic scenario within Project Ares, which resulted in a coordinated attack on the city,” said Laura. “We worked together to create events that would challenge each participant and then during the event, we ran the Live Fire exercise portion for the technical team players. We also displayed the results and analysis in real time within the large Emergency Center area so the policy makers could understand what was happening technically.”
Cyberattacks rarely affect a single target. Instead, unanticipated effects could ripple across interconnected infrastructure sectors, which is why infrastructure resilience is more critical than ever. Varying defensive capabilities and authorities complicate the response. If exploited by a determined adversary, these unidentified gaps leave our nation vulnerable. Circadence was proud to participate in this exercise and help close gaps in critical infrastructure cybersecurity through its Project Ares platform.
Watch the full press briefing from the City of Houston here.