The Army Cyber Institute (ACI) at Georgia Southern University recently held an all-virtual cyber exercise – Jack Voltaic™ 3.0 – which simulated a cyber-attack around the cities of Savannah, GA and Charleston, SC.
To test participants’ abilities, the scenario-based exercise presented malware and ransomware attacks against targets in the cities – along with emergency scenarios, such as a cargo ship accident, a flood, and the failure of 911 systems.
“This is important because it helps the city of Savannah prepare for not only cyber incidents but also civic unrest and military maneuvers through our community to help us prepare and be ready for those eventualities, ” David Donnelly, Savannah’s Emergency Management Director, said.
In the simulation, participants first encountered problems in managing cargo, then discovered they had been hit with spam mail and Emotet – a common malware strain. Later, they were hit with a ransomware attack which then caused regional power outages in the simulation. Jack Voltaic 3.0 was specifically modeled to also account for the COVID-19 epidemic, removing certain simulated workers from the exercise to hamper the participants’ progress and require them to work around it.
The aim of Jack Voltaic™ is to understand and mitigate any shortfalls in response that could impact the U.S. military’s ability to deploy out of the two ports, should these cities face a real-world worst-case scenario such as the one portrayed in the simulation.
“It’s really looking at: how can we use this to help tax the cities … with not a single catastrophic event, but multiple?” Lt. Col. Doug Fletcher, the Army Cyber Institute’s lead planner for the exercise, said. “We’re really trying to understand, what’s the impact cyberattacks have on critical infrastructure, in particular, how does the response impact that and what are some of the gaps and interdependencies that exist in that critical response?”