http://www.marinecorpstimes.com/news/2007/05/military_academies_cyberdefense_070504w/ By Kelly Kennedy Staff writer May 4, 2007 WEST POINT, N.Y. Last year, huddled in a camouflaged classroom, senior cadets at the U.S. Military Academy here carefully checked each computer for bugs. They secured possible entries to make sure hackers couldnt bust into their online network. They tested and retested to make sure all the parts and pieces worked well together. And then they forgot to change the default password on one of the routers. It only took two minutes before their exchange server was owned, said Army Capt. Joseph Salazar, who was sent from the National Security Agency to monitor West Points team for the annual Cyber Defense Exercise. As a result, the Air Force Academy kicked West Points virtual tail. This year, the Black Knights swore, theyd strike back. Seven years ago, cadets at West Point began working with the NSA to create an exercise that would simulate conditions if the military were required to set up an Internet system in a foreign country just as cyber-soldiers have done in Iraq. The NSA acts as the opposing force, known as the red cell, and spends a week trying to take down virtual networks set up by each of the military academies for the event. Each academy team starts with 50,000 points, then loses points any time its system is down, any unencrypted e-mails are sent out or any missteps are made in following directions about setting up the network. They can also earn points by completing tasks the NSA sends out during the week. The academy with the most points at the end of a week of attacks wins. The cadets dont do any hacking themselves its all defense. And they dont attack or work with the other academies. Instead, NSA gives them a scenario this year, it was to dig into a war-torn developing nation called Meridia. To set up the network which must include e-mail accounts, chat rooms and a database they must use some of their own equipment, as well as some sketchy Meridian equipment. They try to make it relevant something well see in our Army career if we choose this path, said Robert Singley, a cadet serving as deputy commander for West Points team. As much as this is a competition, its a learning experience. This year, things seemed quieter as cadets hovered around computers looking for warning signs of problems. Its a marked difference from last year, Salazar said. The tone and tempo is a lot calmer. But that calm forced an electric hyperawareness. This hurts my head, said Phil Supple, cradling his temples as he gazed at a computer screen. Whats that? asked Tyler Hallmark, who hadnt left the room since noon the day before. Oh wait. Its not an attack its just a recon. In the early stages of the exercise, the NSA sent out hit after hit to find out what system each computer used, whether the cadets had found the glitches hidden in the Meridian gear and whether there were any holes big enough to welcome worms, viruses or bugs. Salazar chuckled in a corner as he looked out over the scene. Its early, so [the NSA] is looking for holes to exploit, he said. Whenever they find vulnerability, they get to ring a bell. Last year, more than bells rang when the Air Force Academys Web site suddenly announced, We love Red Cell! And then the West Point cadets became traitors to their team when Go Navy, Beat Army, appeared on their site. The Red Cell happens to include a crew of Navy guys. The red cell is very, very good, Salazar said. There will be vulnerabilities its near impossible to get them all. In a sign of how seriously this exercise is taken these days, 25 West Point cadets missed classes for the week to spend every second defending their network. I really take pride in this, Singley said. I really want to win. I really love doing this. They sat blurry-eyed and stiff-necked and it was only Monday. But for the previous two weeks, the cadets were busy Googling for systems information, cracking textbooks they hadnt seen since they were plebes, and writing days and days of code. Jeffrey Cox spent the night prior to the games trying to fix a computer that had suddenly stopped working at 9:30 p.m. I created three virtual systems to try to rebuild it, Cox said. I finally had it up 10 minutes before the game began and then the first computer started working again. This is fun? This is a blast, Cox said. We pretty much spend all our time learning something new. Back in Meridia, a cluster of cadets watched as a screen showing the Air Force Academys system went red. If its a lot of red, theyre in a hurt box, Cox said. Were all green right now. Navy was down for a few minutes. All the way down. Air Force just came back up. For two hours, the cadets watched. Nothing. Nothing. More nothing. Weve been kind of on edge, Cox said. I think wed like a little excitement just to know whats going on. We would like a few hits. And then: Hey! Somebody in forensics come look at this! But it was just another unnerving false alarm. Salazar said the games provide the students with training and the NSA with potential future employees. Several students will perform internships on the red team. The game prepares them for what theyll be doing in the real world, Salazar said. In the end, West Point retained their cool and even got a little cocky. They taunted the Red Team with a false document describing a Web server as Linux, then watched as the Red Team tried to attack a Linux system. Much to their surprise, it was actually a Windows server, said Maj. Damon Becknel, a West Point computer science professor. We went the entire exercise this year without a compromise from the Red Team. Each of the other academies had break-ins, including yet another announcement on the Air Force Academy Web site: Red Team owns U. West Point won the event with 53,615 points, while the Coast Guard Academy came in second with 52,105. Air Force placed third with 50,350 points; Navy was fourth with 49,750 points, and the Marines placed fifth with 49,315 points. The Air Force Institute, which participates in the exercise but does not officially compete, had 52,549 points. Its different every year, Salazar said. This year, West Points using their chain of command and staying calm. Ill probably come back next year and things will be different again. __________________________ Subscribe to InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Sun May 06 2007 - 23:23:22 PDT