As geopolitical tensions sharpen and cyber operations move into the shadows of critical infrastructure, non-profit organization MITRE published a fact sheet on its December 2024 national-level tabletop exercise, offering a glimpse into how government and industry leaders are grappling with the growing possibility of a sustained cyber assault across American installations. The white paper lays down five steps to prepare critical infrastructure for a cyber war, including creating a civil defense mindset, managing limited resources during emergencies, planning for operations under extreme conditions, strengthening emergency communications systems, and ensuring workforce readiness for emergencies.
Authored by Mark Bristow, Irving Lachow, Meredith Keybl, and Lisa Mackin, the MITRE white paper draws on insights from more than 200 participants across 70 public and private sector organizations who took part in a national-level simulation of prolonged cyber disruption. The exercise revealed a stark reality that isolated breach response is no longer sufficient. As adversaries target the interconnected systems that power the nation’s electric grids, water infrastructure, transportation networks, and emergency communications, the priority must shift toward strategies that enable sustained resilience. Survival in this new threat environment hinges on the ability to operate through persistent attacks, not just recover from them.
The publication summarizes key takeaways from MITRE’s tabletop exercise and subsequent stakeholder discussions on infrastructure resiliency, societal preparedness, and coordinated national-local responses. It delineates observations, challenges, and actionable recommendations, emphasizing the importance of collaboration, contingency planning, and operational readiness for prolonged cyber disruptions. Furthermore, while security considerations limit the findings shared in the document, full details are available to U.S. critical infrastructure owners/operators and government entities.
MITRE detailed that stakeholders stressed the need to prepare the public for disruptions to essential services like electricity, water, telecommunications, and transportation during a cyber conflict. Infrastructure owners must collaborate with federal, state, and local governments to align restoration priorities and coordinate emergency responses.
This requires adopting a civil defense mindset—a framework that emphasizes education, awareness, and self-reliance to ensure citizens, communities, and businesses understand risks and can respond effectively.
Additionally, strengthening the nation’s ability to counter adversary-driven disruptions will also require contributions from state, local, tribal, and territorial governments; the private sector; academia; and civil society, apart from the federal government.
Disruptions to interconnected infrastructure sectors can quickly overwhelm response efforts, as mutual aid agreements may fail in widespread incidents. In addition, uncoordinated restoration and prioritization activities in the federal, state, and private sectors can lead to delays and prolonged outages. Many contingency plans focus on isolated events rather than sustained outages or resource shortages caused by cyber warfare.
To mitigate these risks, the MITRE white paper called upon infrastructure owners/operators must conduct exercises to test their contingency plans, and state, local, tribal, and territorial governments should work with private sector operators to address interdependencies and resource orchestration using scenarios that simulate widespread impacts.
The white paper also recognized that maintaining essential infrastructure services during extreme conditions is critical, especially in the face of cyber warfare, which poses unique challenges beyond those of natural disasters. For example, cyber attacks against multiple interconnected critical infrastructures can create cascading impacts that devastate cities and states in ways that make recovery exceedingly difficult.
Planning for the scope and scale of these effects, which could last for weeks, is vitally important. In addition, pre-identified regulatory easements can expedite recovery efforts, while training personnel for manual or disconnected operations is a must if automated systems are compromised. Stakeholders must enhance cyber resiliency plans and ensure personnel are prepared to manage manual operations during prolonged crises.
It also detailed that stakeholders often overestimate the strength of Primary, Alternate, Contingency, and Emergency (PACE) communications plans. Voice communications, often used as a default backup, may not sustain operations during prolonged outages caused by cyber warfare. The limited number of backup communication options between individual operators and the government further exacerbates the ability of key stakeholders to share situational awareness and collaborate on response actions. In addition, the growing threat of deepfakes underscores the need for authentication. Infrastructure owners/operators and state, local, tribal, and territorial governments should strengthen communication protocols by improving backup systems and implementing authentication to ensure resilience during cyber incidents.
Lastly, MITRE highlighted that workforce availability may decline during prolonged emergencies due to personal or contractual challenges, threatening critical infrastructure operations. To mitigate these risks, stakeholders should create contingency staffing plans, provide long-term support for critical staff and their families, and train personnel to manage workforce shortages during extended emergencies.
In conclusion, the MITRE white paper noted that protecting critical infrastructure from evolving cyber threats requires proactive collaboration and innovative strategies. “Stakeholders must build resilience by preparing communities, improving PACE communication plans, and training personnel for manual operations and contingency scenarios. MITRE, working in partnership with industry and government, is advancing research to mitigate these challenges. We must all work together to strengthening our defenses, ensuring recovery, and building lasting resilience in the face of cyber warfare.”
Last December, MITRE released the results of its latest Enterprise round of ATT&CK Evaluations, an independent assessment of enterprise security solutions. Enterprise 2024 focuses on two major threat areas – common ransomware behaviors on Windows and Linux systems, featuring techniques tied to prolific strains like LockBit and CL0P; and macOS threats, modeled after North Korea’s tactics, such as exploiting supply chains and deploying modular malware to steal sensitive data.
