http://www.dcmilitary.com/navy/trident/11_11/local_news/40893-1.html by Martha Thorn Trident Managing Editor April 21, 2006 The Naval Academy fielded a team that used all defensive plays. Game rules wouldn't let the Naval Academy team attack invaders, only deter them from creating havoc. During the game, the Naval Academy teamed up with the Air Force Academy, the Military Academy, the Coast Guard Academy, the Air Force Institute of Technology, and the Merchant Marine Academy to form a computer network. This network allowed the academies and institute to share a chat room, teleconferencing and video teleconferencing, sending and receiving e-mails, file sharing, Websites and name resolution. Of course, game may be a slight misnomer. The academies and institute were really engaged in the sixth annual Cyber Defense Exercise. Sponsored by the National Security Agency, the exercise required sharing information through a computer network in much the same way that an alliance of nations or perhaps a corporation might share information. This information sharing makes computer networks vulnerable to outside attacks by hacking. In this case, the hackers consisted of Maryland-based National Security Agency specialists and servicemembers from the Army, Army Reserve, Navy, Marine Corps and Air Force. These hackers were testing the security of the computer network, observing how long it would take the students to become aware of the attacks and then how the students would respond to the attacks. What would they do to protect the integrity of their networks? What safeguards had they installed and how well did the safeguards work? What would they do to regain control of their network and get their information services operational again? Of course, just to keep the exercise challenging, a few natural disasters were thrown in that brought everyone's computer servers down and tested the team's ability to get the servers up and running again. During one afternoon, it was one disaster after another as the hackers threw "everything they had" into breaking into and destroying the network. The exercise is intended to prepare the midshipmen for the "real world." "In the real world, we're always forming and breaking up coalitions and alliances," said Tom Hendricks, National Security Agency visiting professor in the computer science department. "We're always sharing information and protecting against break-ins to the system." Hendricks said that during the exercise, the midshipmen see how easy it is for someone to get into a system and how much damage they can cause. Hendricks contends that every system will get broken into at one time or another. "What counts is how quickly you can detect the infiltration and how well you respond to it," he says. "You want to test your system for weaknesses and minimize them as much as possible." Midn. 2/C Sean Sullivan is interested in troubleshooting computers. The technical leader in charge of the network, he grew up breaking and fixing computers. This summer he will be one of five Naval Academy midshipmen to intern at the National Security Agency. He was concerned about hackers trying to overload the system with information. To prevent this, he helped create an alternate computer system that would mimic the real one, hoping that the hackers would break into this "honey pot" instead of the real system. "We're trying to distract them from the real thing," said Midn. 2/C Micah Akin. "We've made the real computer look like the honey pot and the honey pot look like the real computer." While other midshipmen were working to safeguard the servers, Midn. 2/C Alison Teoh was handling the administrative aspect of the exercise. During the exercise, the teams had to keep track of e-mails and send reports at regular intervals, noting any abnormalities in the system and actions being taken to correct these abnormalities. "I give the SITREPs ... situational reports," Teoh said. "I tell how everything went wrong and how we responded to it, resolved it and fixed it." "I've never done anything like this before," admitted Midn. 1/C Jonathan Kindel, who was glad to get the experience. "The same skills that we learn here can be transcribed to keep our computers secure in the fleet," he said. Kindel says that gathering small packets of information is like putting pieces of a jigsaw puzzle together. "You can get an amazingly accurate picture of defense capabilities by gathering small bits of information here and there," he said. "That's why it's so important that we learn to safeguard them." That was another eye opening part of the exercise, learning that threats from within can be just as debilitating to computer operations as outside threats. Luckily, the team had people like Midn. 1/C Kendra Deptula to help with system recovery. Even so, the sight of systems going down, if only for a short time, is one that the midshipmen will not soon forget. Copyright © 1996-2006 Comprint Military Publications _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Tue Apr 25 2006 - 00:33:36 PDT