The Pentagon would carry out a pilot program relying on modeling and simulation to help improve its response to cyberattacks on critical infrastructure, under language in the Senate version of the fiscal 2019 defense authorization bill. The effort would aim to:
- assess defense critical infrastructure vulnerabilities and interdependencies to improve military resilience;
- determine the likely effectiveness of potential cyberattacks, and the countermeasures and tools used to respond;
- train personnel in incident response;
- conduct complex and large-scale exercises and test scenarios; and
- foster collaboration among the federal government, state and local government, military forces and private entities responsible for critical infrastructure.
The overarching objective of the pilot would be to develop risk analysis methodologies and apply advanced commercial simulation and modeling capabilities, based on hyperscale cloud computing technology and artificial intelligence/machine learning technology, for use by active and reserve component military forces, industry and civil government organizations, according to the committee report accompanying the defense policy measure.
Section 1630 also calls for the assistant secretary of defense for homeland defense and global security to submit recommendations regarding the establishment of a program of record for DOD for the further development and sustainment of advanced, large-scale modeling and simulation on modern cloud infrastructure of cyber warfare involving critical infrastructure. The recommendations would be due with the administration’s FY 2019 budget request.
In its Statement of Administration Policy on S. 2987 released last week, the White House objects to the provision, saying the Department of Homeland Security (DHS) — not DOD — is the lead federal agency responsible for critical infrastructure protection, supporting state and local cyber security, and leading the nation’s efforts to prepare for and respond to terrorism and other manmade disasters, such as cyberattacks.
H.R. 5515, the House-passed version of the authorization bill, includes a related provision authorizing DOD to provide technical personnel to DHS to enhance cooperation, collaboration and unity of government efforts to protect critical infrastructure from cyber incidents.
Photo by Staff Sgt. Christopher McCullough