[ISN] In cyberwar game, US Army confronts enemies within

From: William Knowles (wk@private)
Date: Fri Apr 23 2004 - 02:03:46 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-17"

    http://www.forbes.com/business/businesstech/newswire/2004/04/21/rtr1341011.html
    
    By Eric Auchard 
    Reuters
    04.21.04
    
    WEST POINT, N.Y. (Reuters) - The mission: to secure an entire computer 
    network for the United States and its allies against a vague enemy 
    force. 
    
    Hostile agents aim to wreak havoc on military plans, sabotaging 
    databases, computer terminals and communications. 
    
    But the cyber warriors planning a best defense aren't analysts 
    hunkered down at the Pentagon. They are cadets at West Point competing 
    against military academies and other schools in a four-day Cyber 
    Defense Exercise this week. 
    
    And the "enemy" isn't al Qaeda or Iraqi insurgents. It's a team led by 
    none other than the National Security Agency. 
    
    Cyber warfare, a subset of classic information war that goes back as 
    far as ancient Chinese military strategist Sun Tzu, has pushed its way 
    into U.S. military curricula as the Internet has become pervasive. 
    
    "Anything hooked up to the Internet is vulnerable," said Emmanuel 
    Eleyae, 22, a senior Army cadet from Chino, California, who is taking 
    part in the war game. 
    
    "I'm not really scared. I'm looking forward to the best exploits that 
    the NSA can throw at us," said Eleyae, who, after graduating in May, 
    is shipping out to officer training school, then off to a position 
    with a U.S. armored unit in South Korea. 
    
    Armchair information warfare theorists can check their attitudes at 
    the door, event organizers say. The threats are more pedestrian, 
    virtually speaking, the sort that many corporate network 
    administrators must contend with every day. 
    
    But in war, a cyber attack can leave armies fighting blind. 
    
    Participants huddled around computers in this olive-green, 
    camouflage-shrouded training room aren't too concerned with science 
    fiction apocalypse scenarios. The cadets rely on widely available 
    network defenses based on Linux software, the same automated tools in 
    the arsenal of any company network manager. 
    
    RULES OF THE GAME 
    
    The NSA team, known as the "Red Cell," launches attacks on selected 
    networks at the Air Force, Army, Coast Guard, Merchant Marine and Navy 
    academies from an operations center somewhere in Maryland. The 
    computer scenario plays out virtually inside the cadets' computers. 
    
    Going on the offensive, or using so-called hackback techniques, is 
    against competition rules. Also out-of-bounds are forms of sabotage in 
    which computers can be turned into zombies and used to attack opponent 
    machines with millions of data messages, shutting down communication. 
    
    "This exercise is solely concerned with defending networks, not 
    attacking them," said Maj. Ron Dodge, coach of the Army's 32-member 
    team and a professor at the U.S. Military Academy at West Point. 
    
    Security consultant Michael Erbschloe of Alexandria, Virginia, says 
    the focus on vulnerability detection is the basis of all effective 
    cyber defense. He estimates 99 percent of attacks exploit a few dozen 
    known network weaknesses. 
    
    "If you keep out 99 percent of those attacks, it's easier to guard 
    against the 1 percent that make up the real threats to networks," said 
    Erbschloe, author of "Information Warfare: How to Survive Cyber 
    Attacks." 
    
    The rules this year are designed to make the competition simulate more 
    of a 24-hour operation, despite the reality that "Taps" still sounds 
    at 2330 (11:30 p.m.) and cadets are required to be in bed with lights 
    out by then. Overnight, the enemy can prey upon any network 
    vulnerabilities with impunity. 
    
    Army lost last year not because of a successful outside attack but 
    from a self-inflicted wound in which an authorized network user 
    accidentally knocked out service for several hours, costing precious 
    points that helped Air Force prevail. 
    
    Army cadets won the exercise during its first two years. 
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Fri Apr 23 2004 - 02:51:19 PDT