What kind of critical infrastructure is simulated in this facility?

The mock town includes a hospital, a power utility company, and a water treatment plant. These three sectors are considered highly vulnerable and critical to public safety, making them primary targets for state-sponsored adversaries.

Who will be trained at this new FBI facility?

The primary users will be FBI cyber agents and technical analysts. However, the design of the facility suggests that the bureau may eventually expand training access to state and local officials, as well as private-sector engineers who manage actual utilities.

Image: courtesy of Thenextweb

techJune 14, 2026By Veridact EditorialUpdated Jun 14

The FBI’s Mock Town: Inside the Federal Push to Stop Kinetic Cyber Catastrophes

The FBI has constructed a highly detailed, simulated town complete with a hospital, power utility, and 200 servers. This tactical sandbox marks a major shift in federal training, focusing on cyberattacks designed to cause physical, real-world destruction.

What to Expect

The FBI’s operational technology division has quietly assembled a miniature, fully functional municipality designed for a singular, grim purpose: to be hacked, broken, and restored. Unveiled on June 13, 2026, this training ground features a mock hospital, a simulated power company, and a miniature water treatment plant, all tied together by a backbone of 200 physical and virtual servers.

This is not a simple software simulation running on a laptop. The facility incorporates actual industrial control systems—the specialized hardware and software that run physical machinery in the real world. Agents training here do not just look at lines of code on a monitor; they watch physical indicators, such as pressure valves, electrical relays, and medical equipment simulators, react to malicious instructions.

When a cyberattack strikes this mock town, the lights actually go out. The water pumps stop spinning. The hospital’s simulated patient monitors flatline.

By forcing agents to operate in an environment where digital commands have immediate physical consequences, the bureau aims to bridge a critical gap in federal law enforcement. Historically, cyber agents have been trained to track stolen data, trace cryptocurrency transactions, and analyze malware samples. Those skills, while crucial, are insufficient when dealing with adversaries whose goal is not theft, but physical destruction. This new facility forces agents to work under the stress of physical failures, coordinating with engineers to isolate infected systems and restore basic services under pressure.

Key Context

The construction of this facility comes at a moment of acute anxiety for domestic security officials. For years, the primary threat to corporate networks was espionage or financial extortion via ransomware. If a bank was hacked, credit card numbers were stolen; if a pipeline operator was hit, billing systems were locked, leading to voluntary shutdowns.

That dynamic has shifted. National security agencies have warned that state-sponsored hacking groups are actively positioning themselves inside the operational networks of Western utilities. These groups are not looking for intellectual property. Instead, they are conducting pre-reconnaissance, establishing footholds that would allow them to disrupt electricity, water, and transport systems in the event of a geopolitical conflict.

This threat is structurally difficult to defend against. Most critical infrastructure in the United States is privately owned and operated by thousands of municipal districts, regional cooperatives, and corporate utilities. Many of these operators run on tight budgets, relying on legacy industrial systems that were designed decades ago, long before security was a consideration. Connecting these physical systems to the internet for remote monitoring has exposed them to global threats. The FBI's new training environment represents an acknowledgment that federal law enforcement must be prepared to respond to active, kinetic emergencies where the weapon is code.

Related Coverage

Talkdesk wants its AI agents to call your customers before they call you→

Historical Patterns

The transition from virtual cyber ranges to physical-digital hybrids follows a pattern established by the U.S. military and national laboratories. In 2007, the Department of Homeland Security conducted the Aurora Generator Test at the Idaho National Laboratory. Researchers demonstrated that a cyberattack could physically destroy a heavy commercial generator by rapidly opening and closing its circuit breakers, causing the machine to shake violently and self-destruct. That test proved that code could tear metal.

Subsequent real-world events confirmed this vulnerability. In 2010, the Stuxnet worm physically damaged centrifuges at an Iranian nuclear facility by altering their rotational speeds. In 2015, Russian state hackers disabled three energy distribution companies in Ukraine, leaving more than 200,000 electricity consumers in the dark for hours. These incidents demonstrated that adversaries were willing and able to cross the line from digital disruption to physical interference.

Historically, training for these scenarios was limited to tabletop exercises—essentially structured discussions around a conference table where participants talked through how they would react to a simulated crisis. While useful for policy coordination, these exercises did not prepare technical responders for the messy, unpredictable reality of a live attack. The FBI’s mock town is designed to replace those theoretical discussions with physical friction.

The real stakes of this initiative lie in the changing nature of national vulnerability. When an office network is compromised, employees lose access to email and files. It is an expensive, frustrating inconvenience. When an operational technology network is compromised, the consequences can be fatal.

Consider the mock hospital built into the FBI's training facility. Modern healthcare facilities rely on complex networks of connected devices, from drug infusion pumps to backup generators and ventilators. If a hacker gains control of these systems, they can alter dosage levels, disable life-support equipment, or lock doctors out of patient records during critical procedures. This is not a hypothetical scenario; ransomware attacks have repeatedly forced hospitals to divert ambulances and delay urgent surgeries, directly impacting patient outcomes.

Similarly, a successful attack on a water treatment facility could result in the manipulation of chemical levels, potentially poisoning a local supply before operators detect the anomaly. By training agents to recognize the early indicators of these physical-digital attacks, the FBI hopes to prevent localized incidents from cascading into regional disasters. The human cost of failure in this domain is measured not in lost revenue, but in lost lives.

Potential Outcomes

Analysis

This development points toward several likely shifts in how national cyber defense is organized and executed over the coming years.

First, this facility suggests that the FBI will increasingly seek to embed its agents directly with local utility operators and municipal governments. Because federal agencies do not have direct authority over private infrastructure, building trust through joint training is the only viable path to rapid incident response. We may see the FBI launch a formal program that brings regional water and power engineers into this mock town to train alongside federal agents, creating a shared language between law enforcement and utility operators.

Second, the complexity of this physical-digital range could lead to the creation of specialized 'cyber-kinetic' rapid response teams within the federal government. Currently, cyber teams are largely analytical. A new breed of federal responder may emerge—one trained in both computer science and industrial engineering, capable of deploying to a physical site, such as a compromised dam or substation, to assist local technicians in manual overrides and system recovery.

Finally, this setup indicates that future federal regulations for critical infrastructure may become significantly more prescriptive. If training at this mock town reveals systemic vulnerabilities in commonly used industrial hardware, the government may use those findings to pressure manufacturers into adopting stricter security standards, or mandate that utilities isolate their operational networks entirely from the public internet.

Timeline

2007-03-01

Aurora Generator Test

The Department of Homeland Security demonstrates that a cyberattack can physically destroy a heavy power generator at Idaho National Laboratory.

2010-06-01

Discovery of Stuxnet

The Stuxnet worm is identified, marking the first known instance of a cyber weapon designed to physically damage industrial control systems.

2015-12-23

Ukraine Power Grid Attack

State-sponsored hackers disable power distribution systems in Ukraine, leaving over 200,000 people without electricity in the first successful cyberattack on a power grid.

2021-05-07

Colonial Pipeline Shutdown

A ransomware attack on the business networks of Colonial Pipeline prompts a voluntary shutdown of major fuel delivery systems, causing widespread panic buying across the East Coast.

2024-02-07

Volt Typhoon Warnings

US intelligence agencies issue formal warnings that state-sponsored hacking groups have compromised critical infrastructure networks to maintain access for potential future disruption.

2026-06-13

FBI Unveils Mock Cyber Town

The FBI reveals its newly constructed physical-digital training range, featuring a mock hospital, power company, and 200 servers to train agents for physical cyber threats.

Frequently Asked Questions

Virtual simulators are excellent for testing software, but they fail to replicate the complex physical feedback loops of industrial machinery. In a physical-digital range, agents can see how digital commands affect physical valves, generators, and medical devices in real time, preparing them for the physical chaos of a real-world infrastructure attack.

Discussion

Be the first to share your thoughts.