US Cybercom virtual war game girds against increased threats

Foreign hackers are taking advantage of the coronavirus pandemic to undermine institutions and threaten critical infrastructure, a top U.S. military cyber official said Thursday.

The comments from Coast Guard Rear Adm. John Mauger of U.S. Cyber Command came a day after Defense Department officials briefed reporters on virtual war games that digital combatants from U.S. and allied militaries have been holding to sharpen their abilities to counter online threats with real-world impact.

“We’ve seen increased adversary activity” since the pandemic began, Mauger said on a conference call, declining to discuss the threat in more specific detail. “We’re one part of the whole of government effort to defend our democracy in this complex cyber environment.”

On Wednesday, Cybercom offered reporters a window into what it described as its largest virtual training exercise to date — in this case, a simulated attack on an airfield’s control systems and fuel depots. Attackers tried to plant malware and gain access through phishing while defenders hunted for the intruders and their tools.

The Defense Department has hosted similar training exercises in previous years for its own fighters, as well as those from allies and other U.S. agencies. Partner agencies include the Coast Guard, Energy Department and Army Corps of Engineers, which oversees the nation’s dams.

The June 15-26 exercise is unique because the pandemic forced it entirely online, in nine different time zones, bringing together 17 different “blue teams” to defend against one “red team” of attackers — more than 500 participants in all.

“We realized that the opportunity to bring that many people together in a single facility was not possible,” Mauger said. “It was not possible because of travel and it was not possible because of the need to stay physically distant from each other.” It's the 10th year such exercises have been held.

Britain, Canada and New Zealand participated. Australia, the other partner in the so-called Five Eyes alliance, was not able to participate but plans to join exercises set for later this year, officials said.

Cybercom accelerated development of the virtual training environment to better analyze ways to protect threats to critical infrastructure, including in energy and transportation systems. Officials said the virtual environment can also be used to test cyber soldiers’ abilities to identify new strains of malware. After being discovered in the real world, they could be introduced into a war-game scenario.