1. APPENDIX E – LIVE-FIRE EXERCISE
   1. Table of Contents

APPENDIX E – LIVE-FIRE EXERCISE

The LFX is a JV exercise component that uses an on-range, simulated, virtual environment. The LFX follows a scenario that correlates with the TTX scenario. It exposes participants to threat tactics, tools, and shared techniques and tests cyber equipment and response capabilities in real time. Though it is an integral part of JV, it was canceled for JV 3.0 because of issues arising from the COVID-19 pandemic.

In a cyberattack simulation such as JV, a realistic training environment is key to the exercise’s success. In the LFX, the on-range network, virtual range environment emulates critical infrastructure environments to enhance training. The LFX pits two teams of technical analysts and operators—a Red Team (attackers) and a Blue Team (defenders)—against each other in various scenarios. In the exercise, the opposing forces and scripted injects attack participants’ networks. The LFX demonstrates the impacts of successful attacks and allows defenders to exercise their cybersecurity skills in an operational environment.

The sophistication of the LFX virtual environment varies based on available capability. The LFX aims to examine and validate coordination and command and control among various multiagency coordination centers, such as emergency operation centers. The tactics, techniques, and procedures employed during the LFX follow an exercise plan that includes a list of equipment and unit control measures, including means of communication.

The intention for JV 3.0 was to develop customized virtual networks that mimicked the architecture and behavior of each participant organization (e.g., the City of Charleston or SDDC). This was to be achieved by coordinating with each participant organization to determine the priority and level of detail to be included in the virtualized network and developing distinct yet integrated organizational virtual network enclaves.

To the degree possible, the cyber range was to include virtual hosts and networks that mimicked the relevant portions of the IT systems participants use on a daily basis. Specifically, network architectures, the numbers and types of hosts, and the software platforms of participants were to be incorporated into the cyber range. The network tools and business software were to include enterprise resource planning software (for human resources and accounting); network file sharing and accounts; and human-machine interfaces for city traffic, power infrastructure, Port Authority operations, and transportation of goods to and from ports by truck and rail, allowing participants to read sensor output and track activity. For example, participants would be able to interface with ICODES, which would display a warning when a ship was about to list (see figure 24).⁴⁴ One important aspect was that the virtual range and the physical range were to affect one another in the exercise to create a realistic and holistic experience. For example, the effects of an attack on physical devices would have been reflected in the information provided to participants or would have affected their ability to perform a specific task.

⁴⁴ “ICODES Upgrades to Enhance Military Distribution and Deployment Processes for Joint Services,” Tapestry Solutions (website), August 18, 2017, https://www.tapestrysolutions.com/2017/08/18/icodes-upgrades-enhance-military-distribution-deploymentprocesses-joint-services/.

Figure 24: Participants would have received a warning in ICODES if a ship was about to list.

All of the participating organizations’ networks were to be integrated into a holistic network that imitated the Internet. Participants from one sector (e.g., energy) would have been able to communicate with participants from another sector (e.g., Port Authority) using standard Internet working protocols. This component is vital because participants from different sectors need to be able to contact one another in their attempts to mitigate the impacts of the physical or virtual crises they are encountering. After all, one of the goals of JV is to encourage participants from different sectors to interact with one another; observe the interdependencies among various sectors; and survey other organizations’ roles, responsibilities, strategies, and capabilities.

Table of Contents

• 1. FOREWORD
• 2. ACKNOWLEDGMENTS
• 3. INTRODUCTION - JACK VOLTAIC 3.0
• 4. JACK VOLTAIC RESEARCH METHODOLOGY
• 5. EXECUTION
• 6. FINDINGS
• 7. CONCLUSION
• APPENDIX A – ACRONYMS
• APPENDIX B – PARTNERS
• APPENDIX C – SCENARIO
• APPENDIX D – LAW/POLICY TABLETOP EXERCISE (TTX)
• APPENDIX E – LIVE-FIRE EXERCISE
• APPENDIX F – MILITARY TESTIMONIALS
• APPENDIX G – PRIVATE INDUSTRY TESTIMONIALS
• APPENDIX H – ALL HAZARDS ANALYSIS (AHA)
• APPENDIX I – CIRI FORT-TO-PORT DISRUPTION
• APPENDIX J – REQUIRED DELIVERY DATE (RDD) SIMULATION
• APPENDIX K – DSCA/DSCIR