(EDITOR’S NOTE: See related story: Student creates ‘worst-case scenario’ for cyberattack exercise)
The Ridge College of Intelligence Studies & Applied Sciences at Mercyhurst University joins top intelligence and cybersecurity professionals from across the nation in simulating large-scale cyberattacks to key infrastructure in Buffalo, New York. Cyber Impact 2022, overseen by the U.S. Department of Defense (DOD) and carried out by the U.S. Army Task Force 46, takes place March 8-10.
Faculty, staff, and students from the Ridge College have been invited to participate and will provide academic presentations, conduct tabletop exercises, and create cyberattack scenarios to engage participants in developing responses.
One can only imagine the ramifications of cyberwarfare, digital attacks that have the potential to wreak havoc on government, critical infrastructure, and financial systems. Much of the potential fallout of such incursions remains ambiguous.
“We are in the digital age … as we look at the attacks that are occurring, we are one click away from affecting a power grid or a banking institution, and this is only going to get more prevalent,” said U.S. Army Col. David Hayes, assistant chief of staff, communications, 46th Military Police Command.
Hayes said the aim of the three-day exercise is to test the nation’s resilience, strengthen preparedness and cooperation among partners, and improve the effectiveness of a joint response in protecting national security.
“This exercise will examine cyber-effects during a large-scale disaster response effort and allow participants to identify gaps and develop solutions,” Hayes said.
Originally, the exercise was to be held two years ago in Buffalo but was canceled due to COVID-19. Ironically, Hayes noted, a year earlier the Erie County Medical Center in Buffalo was the victim of a major ransomware attack that shut down its IT systems, which the facility has since spent nearly $10 million rebuilding, according to The Buffalo News. The March exercise is happening at yet another significant time in history with the Russian assault on Ukraine, which includes cyberattacks along with kinetic military action.
Between 150 and 200 participants spanning government and industry at the local, state, and federal levels will be on hand for Cyber Impact 2022, including those representing police and emergency response units, environmental conservation authorities and power utilities, U.S.-Canadian border security, and more.
“The Ridge College has a long history of collaborating with governmental agencies and business organizations on research, internships, and projects,” said Mercyhurst President Kathleen A. Getz, Ph.D. “That we have been invited to participate in an event of this magnitude, to identify cyber threats, distinguish gaps in response, and develop solutions for safeguarding our homeland, is a credit to the work of our faculty, staff, and students, and is a testament to the reputation we have built in the fields of intelligence and cybersecurity.”
Mercyhurst Cybersecurity Professor Christopher Mansour will be among the distinguished panel of presenters from institutions including MIT, the FBI, FEMA, the Army Cyber Institute, Niagara University, Ontario Police Cybercrime Investigation Team, and District 9 of the U.S. Coast Guard, which oversees operations across the five Great Lakes.
“Considering how devastating cyberattacks on critical infrastructure can be, it’s important to test our vulnerabilities so that we can work toward preventing them in the future,” said Mansour.
Critical infrastructure represents operational systems that are important to the security and economy of a nation, among them communication networks, health care and public health sectors, financial institutions, nuclear reactors, water systems, IT, transportation, government operations, and more.
One high-profile example is last May’s ransomware attack on Colonial Pipeline that halted plant operations for days and led to a fuel crisis and increased prices.
During Mansour’s presentation, he will highlight types of cyberthreats and how to best mitigate their damage. However, in all cases, he stressed that the best solution is prevention.
The three-day exercise will feature the following:
Day 1 – Academic Presentations, Seneca One Auditorium, M&T Bank, 1 Seneca St., Buffalo
Day 2 – Tabletop Training Exercise, Red Team Maneuvers, Key Bank Center, 1 Seymour H. Knox III Plaza, Buffalo
Day 3 – Communications Exercise, Facility Site Visit, After-Action Review, Highmark Stadium, 1 Bills Dr., Orchard Park
In addition to Mansour’s academic presentation on Day 1, Brian Fuller, director of operations for the Ridge College, will help to moderate the tabletop exercise on Day 2 while assisting with Red Team activities designed to reveal vulnerabilities in security. Ridge College students are also participating.
Those students who helped to create cyberattack scenarios that participants will be challenged with addressing include Jacob Maynard, Colin Dodge, and Jackson Feiock. Those who will be on site to assist with the Red Team exercises are Ryan MacGurn and Matthew Sorensen.
“This is an extraordinary opportunity for Mercyhurst, the Ridge College, and most importantly our students, Fuller said. “Not only have our students been provided the opportunity to build Homeland Security level products for the scenarios that will be actively utilized in a DOD-level exercise, but they will be participating in the exercise and seeing how their work is implemented, while providing cybersecurity expertise as part of the exercise’s Red Team.”
PHOTO: Dr. Christopher Mansour, Brian Fuller