Facing growing threats, Army hosts Defense Critical Infrastructure summit to boost installation crisis response
More than a dozen agencies gathered at Fort Bragg last week to game-out a worst-case scenario for the North Carolina installation.
All at once, drones attacked; a nearby water treatment plant was hacked, launching a wave of E. Coli across post that sickened countless soldiers readying to deploy; and a municipal worker accidentally severed a fiber optic line critical for crisis communication while clearing debris.
Top officials from federal communications, cybersecurity, energy, transportation and law enforcement agencies met with utility companies and regional leaders for the Army’s inaugural Defense Critical Infrastructure Summit to discuss these cataclysmic but hypothetical events.
Together, they wargamed how Fort Bragg would respond and what vulnerabilities would hamper the XVIII Airborne Corps’ ability to rapidly deploy anywhere in the world in the face of such threats.
The summit represented the first volley in a larger effort by the Army to gather other agencies and industry, which share responsibilities over critical infrastructure, to better defend against an ever-changing threat environment across its numerous installations.
“The Army operates about 288 camps, posts and stations, and the overwhelming majority rely on privately owned utilities — so think power, water, natural gas, and telecommunications,” Brandon Pugh, principal cyber advisor to the secretary of the Army, told reporters Thursday. “Destruction of these services can directly interfere with our ability to move forces and equipment at the time of need.”
“This is a no-fail mission and a national security imperative, but the threat is real, persistent and growing,” Pugh added.
These concerns are not new, and Army officials said that previous efforts to bolster installation security were too uncoordinated.
The service “worked on it in our own Army silo, and if you asked around the federal government, or even private sector utilities what their critical assets are, you get different and vastly uncoordinated lists,” said W. Jordan Gillis, the assistant secretary of the Army for installations, energy and environment.
Part of this effort was to gather top leaders who share these responsibilities across agencies and utility companies to identify best practices and then distribute them through a defense critical infrastructure “playbook” for garrison commanders to reference.
“So we wanted to be sure that we were informing each other, and that we really understood what critical vulnerabilities existed across these different lists, so that we could identify them and highlight those as the ones we need to jointly get after,” Gillis added.
Pugh said the Army is implementing a pilot program across 14 installations to bolster critical infrastructure defense. The service chose that number to preserve resources, take lessons from a handful of places and build on them for the rest of its infrastructure.
The XVIII Airborne Corps was an important starting point given its critical mission to deploy units across the globe within 18 hours of notification, which would be significantly disrupted by the scenario that officials discussed.
While they did not name them, officials said adversaries have pre-positioned themselves in critical infrastructure networks with the intent of inflicting chaos in moments of crisis. That said, federal officials have warned for years about Chinese-affiliated cyber actors, such as Volt Typhoon, that have been working their way into U.S. infrastructure.
Pugh also noted that Iran-affiliated actors have focused on American operational technology, a concern that has proliferated amid the Iran War. The scenario did not focus on one specific adversary, he said.
Part of the summit was informed by Operation Spiderweb, a covert Ukrainian mission in 2025 that used commercial trucks to launch drone attacks deep inside Russian territory to attack aircraft.
“We went after the physical threats from drones, cyber impacts, force projection dependencies, and information sharing lag, and we worked with these partners to start conversations that we think will have a deep impact on our nation’s security,” Driscoll said in a press release about the summit.
There, participants answered questions about actions their agencies would take based on current authorities and capabilities, how dependent they are on other organizations, and what barriers they face that would hinder faster responses.
Those barriers, Pugh said, could be policy, regulatory, legal or fiscal red tape, for example.
Gillis said a next step is to build scenarios that not only include attacks or incidents at one installation, “but what would happen if we suffered coordinated attacks against multiple installations at once.”
