Defense leaders and cybersecurity experts have warned that cyber infrastructure is part of the battlefield of today and tomorrow.
We wanted to know what role communities can play in combating that, so we talked with Karen Guttieri, who helps lead the Jack Voltaic™ cyber resilience research program. She’s a research analyst at West Point’s Army Cyber Institute, which offers guides for defense communities to develop their own cybersecurity exercises.
ADC: What role does a community play in a base’s cybersecurity?
Guttieri: The cyber resilience of defense communities—our ability to withstand cyberattacks and online disinformation—is critical to base cybersecurity and national security. Military installations commonly depend on civilian-owned infrastructure like power, water and rail. Nation-state hackers lurk in U.S. networks, positioning to exploit these dependencies, disrupt systems, erode social cohesion and hinder military operations.
Since many defense personnel live off-base, attacks on local infrastructure directly threaten their families. Russia’s actions in Ukraine highlight these risks, combining cyber and kinetic attacks on civilian infrastructure with propaganda to undermine morale.
Individuals can contribute by practicing good cyber hygiene, such as securing home routers and improving digital literacy to resist foreign influence. Emphasizing community cyber resilience—both technical and social—represents a critical shift in thinking about base security and national defense.
ADC: What do you hope participants take away from a cybersecurity exercise?
Guittieri: Participants in a cybersecurity exercise should leave with a deeper understanding of how to respond to cyberattacks and cyber-enabled disinformation.
The Army Cyber Institute offers guides for defense communities to organize their own Jack Voltaic exercises. One key takeaway is the importance of establishing relationships between military, civilian government, industry and civil society stakeholders for effective cyber incident response. Exercises often reveal gaps in these connections.
Participants should also gain insight into critical infrastructure interdependencies and identify key systems and events within their community, such as ports, dams or nuclear plants. Exercises involving multiple sectors help illustrate how cyber incidents can cascade across interdependent systems.
Ultimately, a small investment in preparedness should yield significant benefits when responding to a real cyber crisis.
ADC: How has the cybersecurity landscape changed over the past 10 years?
Guittieri: The U.S. homeland is increasingly vulnerable through cyberspace, with escalating attacks on technical and social systems. Nation-state competitors view civilian communities, especially those near defense installations, as centers of gravity in cyber strategic competition.
In 2023, reports revealed that China’s Volt Typhoon hacking group infiltrated telecommunications, power grids and water systems near installations in Guam and the continental United States, suggesting plans to disrupt U.S. military operations in a Taiwan conflict. In 2024, the FBI warned that “low blows against [American] civilians are part of China’s plan.”
U.S. reliance on interconnected technologies—from social networks to autonomous systems—amplifies these risks. Advances in data collection and generative AI further enable adversaries to exploit vulnerabilities and erode trust. U.S. military strategy and force structure have become more robust, and industry has become more active in cyber intelligence and defense.