Army cyber protection teams upgrade training with a 'real' city

Indiana National Guard's Muscatatuck Urban Training Center in Butlerville, Ind.  

Army cyber teams will face off against industrial control systems at Indiana National Guard's Muscatatuck Urban Training Center in Butlerville, Ind.

The Army's cyber protection teams are upgrading their training program to include a real-life, round-the-clock, cyberattack on a city port.

"There's a dearth of realistic training venues," John Nix, director of federal for SANS Institute, told FCW. "There are lots of cyber ranges, but they don't have those rich training scenarios where you have an adversary that is being emulated -- a real advanced persistent threat -- and they bang away at the Cyber Protection Teams."

A task force comprised of two CPTs will endure a weeklong, 24-hour-a-day training exercise, called the SANS Cyber Situational Training Exercise (Cyber STX), at the Indiana National Guard's Muscatatuck Urban Training Center in Butlerville, Ind., starting Aug. 20.

While far from the Army cyber team's first cyber training exercise, this is the first with a full-scale cityscape. The 45-acre facility offers typical metropolitan trappings, physical and cyber infrastructures and control systems -- water facilities, a prison, hospital and traffic lights. There's also an electronic warfare component, restricted airspace, and human interference, such as web queries, social media and email that teams must wade through to fulfill the mission.

"It's going to be where cyber connectivity and kinetic activity meet," said Ed Skoudis, co-founder at Counter Hacker and a SANS Institute fellow. He said the exercise's overall scenario involves hackers trying to gain control of construction cranes control systems to damage a city port.

Earlier versions of the exercise lacked industrial control systems. "This is the first real opportunity to exercise that cyber-physical in the similar environment as our nation's critical infrastructure," Nix said.

John Womble, Army Cyber Protection Brigade training officer in Ft. Gordon, Ga., said the training exercise will be used as an evaluation tool to test if cyber operators are ready for combat. If all goes well, the exercise will create opportunity for the Army to expand beyond SCADA systems and simulate other network breaches, including election systems, power grids, and company networks.

The task force will face cyber challenges around the clock, Womble said, because "the enemy doesn't go to sleep so we can relax, so we have to train for that."

Womble couldn't disclose how many operators were on each team, but said the Army's goal is to push about 12 teams or two task forces through this training process each year going forward.

The goal is to get real-world feedback that gets operators "comfortable being uncomfortable" so they can "maneuver around different adversaries," Womble said, without naming the specific adversarial threats.

"If we can understand all the different possibilities in ways to gain access to the network, we can better protect the network," he added.

The exercise is the last for fiscal 2018 but Womble plans to do more in 2019 -- if the budget allows.

"If we have a budget for FY19, we're on a continuing resolution right now, so if everything goes well, hopefully, we'll have a budget" to do more, he said.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.