Houston runs 3-day cyberattack stress test
- The City of Houston is running a three-day exercise to test its ability to deflect and cope with cyberattacks, Mayor Sylvester Turner announced Wednesday.
- The trial, known as Jack Voltaic 2.0 Cyber Research Project, will simulate a concurrent cyberattack and a natural disaster, testing how the incidents affect response capability, collaboration among government agencies, communications and military integration. The exercise is being run with assistance from the Army Cyber Institute at West Point, AECOM and Circadence and runs July 24-26.
- In a statement, Turner said Houston was "the ideal location to conduct this research to prevent, protect, mitigate, respond, and recover from threats and hazards that can affect not only our community but the impacts they have on the nation’s critical infrastructure."
The exercise comes after a series of attacks on cities’ cyber infrastructure, including a high-profile ransomware attack on Atlanta in March. That attack caused outages across the city’s digital systems, wiped digital records and forced city officials to resort to working on paper in the weeks after the attack. Baltimore had to temporarily shut down its 911 system after a ransomware attack just a week after Atlanta’s. And over the past year, smaller cities across the country — including Medford, OR; Wellington, FL; and Bozeman, MT — have experienced data breaches from online billing systems as attackers target the Click2Gov network.
Houston’s exercise is the second Jack Voltaic trail; the first was run in New York City in 2016. Speaking to the Army News Service in 2017, Col. Andrew O. Hall, director of the Army Cyber Institute, said such "live-fire" exercises are effective in showing cities where the gaps are in their cyber defenses, and in showing the military what steps communities would take in response to malicious incidents.
It’s clear that cities will be on the front lines of defense against cyber attacks. Andrew Salkin, senior vice president for City Solutions at 100 Resilient Cities told Smart Cities Dive that cities needed to think beyond "we’re going to protect ourselves from attacks," and instead "think about the services that the city has that are connected to technology that can be enhanced, protected and leveraged to help the city do a lot of different things."
At last year’s Smart Cities Week, Kelsey Finch, policy counsel at the Future of Privacy Forum, gave several tips for creating a more secure city, including committing to security throughout the lifespan of any new technology and building privacy into every step of the process.
Follow Jason Plautz on Twitter