Cyber Fortress: The War Game Preparing the U.S. for Cyberattacks on Critical Infrastructure

As cyber threats against critical infrastructure continue to escalate, the United States is experimenting with new ways to prepare both government and industry for potential attacks.

One of those efforts is Cyber Fortress, a large-scale operational technology exercise designed to simulate cyber incidents affecting essential infrastructure like energy, water, and gas systems.

Watch Lee discuss Cyber Fortress in Episode 64 of the CYBR.SEC.CAST:

CYBR.SEC.CAST Episode 64: Rob Lee

Dragos CEO and U.S. National Guard Lt. Col. Rob Lee on why he returned to military service and the role exercises like Cyber Fortress play in preparing both government and private sector operators for real-world cyber incidents, including those tied to the Iran War.

CYBR.SEC.MediaBill Brenner

The exercise plays a central role in the work of the Army National Guard’s 91st Cyber Brigade, where Dragos CEO Rob Lee serves as a lieutenant colonel.

Originally launched as a Virginia state-level exercise, Cyber Fortress began as a partnership between the National Guard and Dominion Energy. The goal was to train military personnel on how to respond if the National Guard needed to assist during cyber incidents affecting infrastructure.

Dominion Energy provided access to training environments and industry expertise that helped bridge the knowledge gap between military cyber units and real-world operational systems.

“They opened up their ranges and taught the military about how the electric industry actually works,” Lee said.

Today the exercise focuses broadly on operational technology systems across sectors including electricity, water, and natural gas.

Participants spend the first week receiving training from industry experts and cybersecurity vendors. The second week becomes a live-fire cyber exercise where teams defend networks against simulated attacks.

“We build a real environment with actual equipment,” Lee explained.

Red-team operators simulate realistic adversaries while defenders, including National Guard cyber personnel and private-sector infrastructure operators, work together to detect and respond to attacks in real time.

Related:

Cyberwar’s New Red Line: Why Attacks on Civilians Must Be Stopped

Dragos CEO and National Guard Lt. Col. Rob Lee warns that cyber operations targeting civilian infrastructure, from hospitals to water systems, are crossing a dangerous line the cybersecurity community must confront directly.

CYBR.SEC.MediaBill Brenner

“We mix military personnel and asset owners into the same teams,” Lee said.

That collaboration reflects a fundamental reality: most critical infrastructure in the United States is owned and operated by private companies.

In a major cyber crisis, effective defense will require tight coordination between government and industry.

Cyber Fortress is designed to build those relationships before a real emergency occurs.

“If we ever find ourselves in a major conflict scenario,” Lee said, “the infrastructure that keeps society running will be part of that battlefield.”