Military, GovGuam agencies plan for cyber resilience
Updated: Aug 1
By Dana Williams
As Gov. Lou Leon Guerrero addressed a cybersecurity gathering recently, she shared a recurring nightmare she had when she was the head of the Bank of Guam. “Every day as the CEO, I would wake up afraid that all the money in the bank would be gone,” she said. “It wasn't a paranoia. It was real. Real threat and fear.”
While serving as governor, she said she has been contacted by U.S. Homeland Security Secretary Alejandro Mayorkas who wanted to make sure Guam had an islandwide cybersecurity plan.
While physical defense of Guam is important, the governor said, “our biggest vulnerability is in cybersecurity. When somebody hacks into our airport, or into our Port Authority, or into our electrical grid, or into our water, we become paralyzed.”
She also attended a briefing with officials from the Indo-Pacific Command. “I'm not going to say what they said. But we all know this,” she said. “China, Russia. The big forces are out there. They're focusing on Guam.”
The July 17 meeting at Dusit Beach Resort brought together representatives from the Cybersecurity and Infrastructure Security Agency, the National Guard, the FBI, the U.S. Cyber Command and the Indo-Pacific Command. Government of Guam agencies, law enforcement and private companies were also represented.
The meeting, hosted by the Guam National Guard, was what spokesman Mark Scott called “a collaboration of different cyber stakeholders on island.”
Scott said while military and civilian computer security operations have traditionally been separate, the plan is to bring agencies together to improve cyber resilience.
Cyberattacks on Guam have drawn international attention during the past few months.
On May 24, Microsoft reported that a Chinese state-sponsored hacking operation known as Volt Typhoon or Bronze Silhouette, active since mid-2021, “has targeted critical infrastructure organizations in Guam and elsewhere in the United States. In this campaign, the affected organizations span the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors.”
“Microsoft assesses with moderate confidence that this Volt Typhoon campaign is pursuing development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises,” the company stated.
The same day, the U.S. National Security Agency and security agencies from Canada, Australia, New Zealand and the United Kingdom issued an advisory on Volt Typhoon. Rather than installing software on targeted machines, Volt Typhoon “uses built-in network administration tools to perform their objectives,” the advisory warns. This “allows the actor to evade detection by blending in with normal Windows system and network activities.”
In March, Docomo Pacific President and CEO Rod Boss explained to customers that a “cybersecurity incident” occurred that involved servers being hacked. The company shut down affected servers to isolate the intrusion, and internet, mobile and other communications and entertainment services were disrupted.
Earlier in March, Guam Memorial Hospital’s information technology department discovered a hacker had gained access to computer systems. The FBI and Guam Homeland Security were contacted, and the hospital shut down its network – including phone lines and email – as a precaution.
The vulnerability of Guam’s infrastructure was evident during Typhoon Mawar when interdependent systems collapsed in a cascade of utility failures – power, water, communications, fuel and transportation were all affected.
On Guam, civilian agencies and private companies provide essential services to the military. But those agencies and companies don’t have the same security systems as the Department of Defense. The Senate Armed Services Committee’s 2024 National Defense Authorization Act report recognized the problem.
“Because U.S. military installations rely on this critical infrastructure, it is a prime target,” the report stated. “This was highlighted most recently by the compromise of critical infrastructure systems in Guam and elsewhere in the United States by the People’s Republic of China.”
Nationally, the Department of Defense is working to analyze and disseminate information about threats to critical infrastructure.
At the Guam meeting, representatives from the U.S. Cyber Command demonstrated a tool that defenders can use to hone their skills at protecting those assets.
Just as military units train in jungles, beaches and simulated city environments, computer warriors train on a cyber range.
U.S. Cyber Command Capt. Stephen Romans demonstrated the Persistent Cyber Training Environment, a realistic setting complete with emails and web pages scraped from actual sites. The system allows for individual and group training, and tracks the progress of participants.
“Managers can go in and assess the readiness posture of their organizations, and it also allows for collective force-level training where users come together to participate in large-scale exercises,” Romans explained. “It goes back to the ‘train as you fight’ mentality.”
The program also allows for multinational collaboration, so different forces from different countries can train together, just as they do in traditional military exercises.
And like in traditional exercises, there is a red team and a blue team, one attacking and one defending. Trainers can add information about what industries they want to simulate, such as hospitals. “There are pre-set fields of the environment type, the security posture, and if you want traffic generated, like simulated traffic going across the network, then that's all included as well,” he said.
Scott said individuals play a role in keeping networks safe, whether they are at home or at work. Everyone should be careful of social engineering tactics that urge them to click links or download applications, and they should protect their accounts with two-factor authentication.