[ISN] Military Academies Get Hands-on Experience Defending Cyberspace

From: InfoSec News (isnat_private)
Date: Tue Mar 18 2003 - 23:05:12 PST

  • Next message: InfoSec News: "[ISN] U.S. Army Web Server Attacked"

    Robert Redding
    The Retriever Weekly
    University of Maryland 
    March 18, 2003
    The Cyber Defense Exercises were started over a conversation between
    military officers at a Dairy Queen in Waxahachie, Texas outside of
    Texas A&M in 1997. Initially they joked about how cool it would be to
    have a cyber war competition between the service academies, but
    thought it would never happen.
    Colonel Daniel Ragsdale, director of the Information Technology
    Operations Center at West Point, one of the founders of CDX, said that
    information assurance has lost ground as more functionality is
    required out of the networks and makes them more vulnerable. Ragsdale
    said the SQL slammer worm affected 90% of the 75,000 vulnerable hosts
    in ten minutes after it was released.
    "This attack back in October was especially troubling because they
    were able to do a denial of service attack on top level domain servers
    which effectively for all practical purposes if you could take them
    out would be a denial of service on the internet," said Ragsdale.  
    Ragsdale believes the attack was done by a sophisticated hacker who
    was looking for a proof of concept because there was no destructive
    payload attached.
    CDX was created so that Information Assurance workers can learn to do
    their job better as the situation is deteriorating. "We'll all do well
    if users practice safe computing but that's only going to get us so
    far," said Ragsdale. "We really need sysadmins who understand the
    challenges ahead of them and that's what drove and motivated having
    the Cyberspace Defense Exercises."
    CDX is a competition between the five military academies (navy, army,
    air force, coast guard and merchant marines). It is made very clear to
    the cadets that they are not attacking systems only defending. "The
    day there is a New York Times headline that says 'West Point cadets
    hack into US Air Force academy computer,' they'll shut us all down and
    I'll go to jail and we no longer can continue to do the things we do,"  
    said Ragsdale.
    The program was conceived at West Point and is directed and sponsored
    by the NSA. According to Ragsdale, the program is a success because it
    involves active learning, it's competitive and it's project based. The
    cadets learn the information and take the exercises very seriously
    because they are representing themselves, their classmates, the
    academy and the army.
    The red force, or those representing a potential future adversary, is
    played by the NSA, Air force 92nd Information Warfare Aggressor
    Squadron and the Army 1st Information Operations Command.
    At CDX the red teams have no restrictions and are free to try and
    break the academy networks because they are set up for these
    exercises. Though the red teams that go to Fort Bragg, NC have to be
    very careful that they don't break anything because the deployed
    troops depend on the operational systems.
    The Carnegie Mellon Computer Emergency Response Team (CERT) acts as
    the white team or referees to inspect the academy systems. The schools
    must protect computers running several versions of Windows, Linux,
    Solaris and Mac OS. The academies have to keep certain services
    running on these computers.
    At West Point the cadets are required to take an information assurance
    class in their senior year to participate in CDX. In addition to a
    required course, CDX requires a significant time commitment. Ragsdale
    said he has gone in late on a Saturday night and the lab was packed.
    Ragsdale said that Information Assurance is a fascinating field
    because there are brilliant people on both sides. He also noted that
    the black hats or bad hackers have their own uniform allowing you to
    spot them at conventions. "You can recognize them all. They're all
    pasty faced, wear black t-shirts with white lettering on them and have
    multiple body piercing's and tattoos." They want to show the brilliant
    guys on the other side that they are smarter, said Ragsdale.
    The CDX competition started in 2001. West Point has won the first two
    exercises. The red team gets a week to do reconnaissance. Teams lose
    points if a service is no longer available, if a red team gained user
    or administrative access to a computer or accessed secure data. At the
    end of each day the academies write a situation report about what
    happened to their network where they could regain points for good
    forensics and determining how they were exploited.
    This year social engineering and daily anomaly injections will be
    added to the competition which will take place during an undisclosed
    week in April. The anomalies to be introduced by the white team may
    include worms or viruses that the academies will have to deal with.
    One technique Ragsdale said that red teams and black hat hackers would
    use is to find an exploit that gets them into a certain system and
    then fix the vulnerability so that others cannot get in the same way.  
    "So if you come in on a Monday morning and all your systems are
    patched, don't declare victory," said Ragsdale.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 01:27:38 PST