http://trw.umbc.edu/articles/3967?Newspaper_Session=309426d280e77a7bfcd6c12641ec0833 Robert Redding The Retriever Weekly University of Maryland March 18, 2003 The Cyber Defense Exercises were started over a conversation between military officers at a Dairy Queen in Waxahachie, Texas outside of Texas A&M in 1997. Initially they joked about how cool it would be to have a cyber war competition between the service academies, but thought it would never happen. Colonel Daniel Ragsdale, director of the Information Technology Operations Center at West Point, one of the founders of CDX, said that information assurance has lost ground as more functionality is required out of the networks and makes them more vulnerable. Ragsdale said the SQL slammer worm affected 90% of the 75,000 vulnerable hosts in ten minutes after it was released. "This attack back in October was especially troubling because they were able to do a denial of service attack on top level domain servers which effectively for all practical purposes if you could take them out would be a denial of service on the internet," said Ragsdale. Ragsdale believes the attack was done by a sophisticated hacker who was looking for a proof of concept because there was no destructive payload attached. CDX was created so that Information Assurance workers can learn to do their job better as the situation is deteriorating. "We'll all do well if users practice safe computing but that's only going to get us so far," said Ragsdale. "We really need sysadmins who understand the challenges ahead of them and that's what drove and motivated having the Cyberspace Defense Exercises." CDX is a competition between the five military academies (navy, army, air force, coast guard and merchant marines). It is made very clear to the cadets that they are not attacking systems only defending. "The day there is a New York Times headline that says 'West Point cadets hack into US Air Force academy computer,' they'll shut us all down and I'll go to jail and we no longer can continue to do the things we do," said Ragsdale. The program was conceived at West Point and is directed and sponsored by the NSA. According to Ragsdale, the program is a success because it involves active learning, it's competitive and it's project based. The cadets learn the information and take the exercises very seriously because they are representing themselves, their classmates, the academy and the army. The red force, or those representing a potential future adversary, is played by the NSA, Air force 92nd Information Warfare Aggressor Squadron and the Army 1st Information Operations Command. At CDX the red teams have no restrictions and are free to try and break the academy networks because they are set up for these exercises. Though the red teams that go to Fort Bragg, NC have to be very careful that they don't break anything because the deployed troops depend on the operational systems. The Carnegie Mellon Computer Emergency Response Team (CERT) acts as the white team or referees to inspect the academy systems. The schools must protect computers running several versions of Windows, Linux, Solaris and Mac OS. The academies have to keep certain services running on these computers. At West Point the cadets are required to take an information assurance class in their senior year to participate in CDX. In addition to a required course, CDX requires a significant time commitment. Ragsdale said he has gone in late on a Saturday night and the lab was packed. Ragsdale said that Information Assurance is a fascinating field because there are brilliant people on both sides. He also noted that the black hats or bad hackers have their own uniform allowing you to spot them at conventions. "You can recognize them all. They're all pasty faced, wear black t-shirts with white lettering on them and have multiple body piercing's and tattoos." They want to show the brilliant guys on the other side that they are smarter, said Ragsdale. The CDX competition started in 2001. West Point has won the first two exercises. The red team gets a week to do reconnaissance. Teams lose points if a service is no longer available, if a red team gained user or administrative access to a computer or accessed secure data. At the end of each day the academies write a situation report about what happened to their network where they could regain points for good forensics and determining how they were exploited. This year social engineering and daily anomaly injections will be added to the competition which will take place during an undisclosed week in April. The anomalies to be introduced by the white team may include worms or viruses that the academies will have to deal with. One technique Ragsdale said that red teams and black hat hackers would use is to find an exploit that gets them into a certain system and then fix the vulnerability so that others cannot get in the same way. "So if you come in on a Monday morning and all your systems are patched, don't declare victory," said Ragsdale. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 01:27:38 PST