The red team found a way into the network through a computer running Windows XP and took the dam down.
Had it been a cyberattack on a real dam, it would have been a catastrophe. Instead, it was a part of a training exercise conducted by Regis University, the state, and the Colorado Army and Air Force National Guard.
Those attending the two-day weekend exercise learned “what a malicious actor may be doing to your network,” said Laura Cobert, chief warrant officer in the Guard’s cyber protection team.
The exercises, which began four years ago, are conducted twice yearly.
This particular exercise was based on a real cyberattack against a small dam in upstate New York that was conducted by Iran, said Jeremy Lammon, master sergeant in the Air National Guard. Although the 2013 attack showed Iran was capable of hacking into the dam, there was no serious damage. “It just showed that it could be done.”
No one realized the attack had happened until last year, Lammon said. On many cyberattacks, it takes an average of 350 days before it comes to the victim’s attention, “and usually you find out when somebody says, “Hey, by the way, I found your data online.”
Besides the Guard, representatives of the FBI, Department of Homeland Security, several water departments, private businesses and five states attended.
The exercises offer a chance to get those responsible for protecting cyber infrastructure together, so they can build relationships, said Daniel Massey, program manager in the Department of Homeland Security’s cybersecurity division.
“When something goes wrong, that is the wrong time to exchange business cards,” said Daniel Likarish, director of Regis’ Center on Information Assurance Studies.
“This helps build a community of interest and practice. And if there is an event, there is trust already established,” Likarish said.
Cyber warriors look for weaknesses in systems linked to larger networks. Some small local governments have small one- or two-person information technology shops, but they can provide access to state networks or other large systems. “It’s a back-door strategy. An attack isn’t going to be at the front gate. We find a machine that wasn’t properly secured.”
