Cyber experts, unite: Testing a team approach to a cyberattack

April 3, 2024 | By Cari Shane

Last week in Washington, D.C., cybersecurity experts and executives from the worlds of energy, telecommunications and finance gathered in a workspace overlooking the White House to fight off a real-time cyberattack. Fingers flew over keyboards as experts rushed to stop an attack that threatened to crash multiple networks at the same time.

Their pulses were pounding, but never fear — this time the attack was just an exercise. In fact, the attack was being launched by security experts from those same organizations, ominously hidden nearby behind a wall of darkened windows at the Boston Consulting Group’s D.C. office, where the exercise took place.

These sorts of cyber-defense events aren’t new, but this one was unusual in several respects. The Mastercard Tri-Sector Cyber Defense Exercise, or CDX, brings together members of the public and private sectors to both launch and fight off a cyberattack, creating a more dynamic scenario that can evolve in real time. This year the event included not just tech experts but also representatives from the executive level, including operations and resilience experts.  

“This was an opportunity to work together the way we would in a real national crisis, as a team working against a coordinated episode,” says Michael Lashlee, Mastercard’s chief security officer. “The information gleaned from this event will help us master the skills and techniques required for responding to increasingly sophisticated cyber threats.”

Those threats are only growing. The White House recently issued a warning to all U.S. governors about increased activity by nation-state hackers looking to disrupt water facilities across the country. Industries like health care are also showing persistent vulnerabilities to ransomware attacks like one that recently crippled pharmacies around the country.

Because of how interconnected the global economy is, an attack on one sector could create cascading problems affecting telecommunication, energy and finance, which is why training companies to work together in the face of an attack is more important than ever. The message: Companies may be competitors in the marketplace but allies in cyber defense.

The adversary in the 2024 CDX event was a fictional nation-state. Led by experts from the U.S. Cybersecurity & Infrastructure Security Agency, the hackers — dubbed the red team — launched the attack. The blue team defenders worked to thwart the offensive.

But the exercise extended beyond the keyboard. In a nearby room, representatives from each company, along with CISA, the U.S. Department of the Treasury, the U.S. Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response, the Office of the National Cyber Director, and the information-sharing centers for the finance, communications and energy sectors, gathered to coordinate a strategic response.


Public and private sector cyber experts, including Mastercard's Rishi Madan, Brian Mattingly and Robert Durie, left to right in far left photo, and Mandeep Sandhu, far right photo, participated in a simulated cyberattack exercise in Washington, D.C. last week. Meanwhile, executives from the same organizations, including Mastercard Cybersecurity Fellow Ron Green, center photo, speaking, and Mastercard Chief Security Officer Michael Lashlee, center photo, right, worked together to organize a strategic response. In the banner photo, Mastercard's Ulises Galeano, left, and Caitlin Francis plan their defense. (Photo credit: Arsalan Danish) 

Industry partners supporting the event included ICS Village, a nonprofit that creates interactive simulated environments to test the security of industrial control systems, and Immersive Labs, which provided access to its Cyber Crisis Simulator. The U.S. Cyber Team — student cyber experts who compete worldwide in cyber competitions — met with attendees to discuss workforce development strategies and the importance of gaming in developing future cyber stars.

Learning how to coordinate a defense across companies was invaluable, says Ulises Galeano, director of information security engineering at Mastercard. “Let’s say all the stoplights went down because of a hacker. If we’re all helping coordinate traffic and we all say ‘go’ at the same time, we’re gonna have a traffic jam. We need to coordinate how much traffic we can let in before we stop at the next block, and then the next block and the next.”

“This exercise helped set up mechanisms of response across sectors while also enhancing our own approach to responding to a coordinated attack,” says Caitlin Francis, a senior security monitoring and response analyst at Mastercard. “This helps build trust between sectors.”

The ultimate goal of running exercises like the CDX with the participation of government defense experts is to create a national cyber range where companies and government entities can come together to train and combine operations.

“Companies like Mastercard take protection very seriously, constantly creating plans, running exercises,” says the company’s Cybersecurity Fellow Ron Green. “But you’re better as a team working to defend this nation, collectively.”

Exercises like this one need to continue, he says. “Somebody is already planning the bad day. So we either get ready and prepare for it — how to fight it and how to respond — or we won’t be ready.”

Cari Shane, contributor