JOINT BASE SAN ANTONIO-LACKLAND, Texas -- As the cyber realm evolves, effects from cyberattacks are moving from the digital world to the physical one.
Just three years ago, nearly 225,000 energy customers in Ukraine woke to a powerless city after regional electrical companies were hacked and shut down by malicious Russian cyber actors. Earlier this year, the city of Atlanta, Georgia, had to suspend many of its services while ransomware ran rampant through government computers.
To ready the Air Force’s Cyber Protection Teams, which defend priority Department of Defense networks and systems against such malicious cyber-physical acts, the 90th Cyberspace Operations Squadron has developed an innovative new training tool.
“‘Bricks in the Loop’ helps cyber Airmen conceptualize and understand the relationship between the network and physical domains in operational technology infrastructures,” said Christopher De La Rosa, 90th COS cyber modeling and simulation environments lead. “Significant differences exist between information technology and OT networks, necessitating different approaches to training our Airmen in IT and OT cyber defense.”
In other words, BIL links cyber (IT) and physical (OT) resources to afford Airmen the opportunity to see how a cyber action can effect a physical asset. Unfortunately, any cyber-physical training option using life-size training assets would be too costly to create, so current options are predominantly virtual-based, according to De La Rosa.
To remedy this, his team created a scaled, physical training environment made of toy, plastic bricks purchased off-the-shelf. They combined this with an IT network built from open source or low-cost, and easy-to-use software options. The build cost less than $4,000 and took only four months.
The “loop” serves as a simulated Air Force installation with assets such as a fire station, police station, airport, airport passenger terminal, jets, tanker trucks and other vehicles. Many of these elements can purposefully be hacked and made to light up, move forward or backward, spin, alarm or stop working all together, all to alert the trainee a cyber action has taken place. The toy bricks are built on 15x15 inch tiles so they can be easily transported and re-built to support on-demand training or to model service-level exercises.
“The look and functionality of the environment allows the trainee to easily translate the model to critical missions on most bases, and the potential damage that could occur from a malicious cyber-physical attack on those missions,” said De La Rosa. “There are many more scenarios relevant to Air Force bases that, if disrupted, may have a critical impact on assigned missions.”
In the future, the team hopes to include additional assets that will lend to more training scenarios, including fuel operations, security, water filtration, and fire alarm and suppression systems. The team is also seeking to incorporate a remote access and control feature providing trainees the opportunity to connect from anywhere.
Training cyber Airmen isn’t new to the 90th COS. In the last two years alone, the squadron has developed 110 cyber capabilities comprising real-time operations and innovation efforts, CMF support efforts, and additional supporting capabilities and enabling efforts, including BIL.
As AFCYBER Airmen continue to deliver full-spectrum global cyberspace capabilities and outcomes to the Air Force, joint force and nation, so will the 90th COS in its endeavor to keep them proficiently trained and ready.