NNSA hosts cybersecurity exercise to strengthen incident response capabilities

For two weeks in September, the National Nuclear Security Administration’s (NNSA) Office of the Associate Administrator for Information Management and Chief Information Officer (OCIO) conducted its third annual cybersecurity exercise, IMperial Catfish. Developed in cooperation with NNSA’s Office of Defense Programs, and with assistance from the Department of Energy’s Office of Intelligence and Counterintelligence, the exercise provided lessons learned to improve processes and policies around detecting, characterizing, and reporting information technology and operational technology threats in the Nuclear Security Enterprise (NSE).

“We are pleased to consider this exercise series a success,” said Steven McAndrews, NNSA Deputy Chief Information Officer. “It allows us to leverage our relationships throughout the NSE, with industry partners, and other government agencies to increase collaboration, demonstrate capabilities, and streamline communication. It also provides us with a great opportunity to robustly test our processes and procedures in a controlled environment.”

Each year, the NNSA OCIO conducts cybersecurity and cyber operations exercises under the moniker of “IMperial” that simulate high-consequence attacks by fictitious malicious actors to bolster cyber incident response efforts. This year, a fictional Advanced Persistent Threat (APT) dubbed PUNCHY PANDA, mimicked the tactics, techniques, and procedures of various real-world adversarial groups against a fictious U.S. defense contractor, before joining other fictional APTs, DANCING BEAR and CRAFTY CRANE, in attacking our fictitious exercise labs Hawkings National Laboratory and Aperture National Laboratory, which are hosted at the Special Technologies Laboratory and the Savannah River National Laboratory’s (SRNL) space within Augusta University’s Georgia Cyber Center Complex. 

This year’s exercise included representatives from the Center of Excellence for Cyber Threat Intelligence, Information Assurance Response Center, Nevada National Security Site, Pacific Northwest National Laboratory, and SRNL, along with additional participants and external observers from the Department of Energy’s Integrated Joint Cybersecurity Coordination Center, Office of Science, and Security and Compliance Office, as well as NNSA’s Office of Emergency Operations, Nuclear Enterprise Assurance Division, Pantex Plant, and the Sandia Field Office.

NNSA OCIO has conducted the IMperial exercise series since 2022, with the goal of applying NNSA’s incident reporting and analysis plans and procedures to a realistic scenario. These exercises identify opportunities to improve cyber security systems and strengthen cyber operations policies and procedures. The comprehensive, real-life nature of these exercises align NNSA with national-level, organization-level, and Congressional cybersecurity priorities.