http://www.afspc.af.mil/news/story.asp?id=123228183 By Master Sgt. J. LaVoie 460th Space Wing Public Affairs 10/27/2010 Working under a carefully planned and escalating contested cyber environment on Oct. 15 members of the 460th Space Wing successfully completed its first ever exclusively cyber-focused exercise at Buckley Air Force Base, Colo. "Exercise Cyber Lightning" was designed to test the wing' s capability to operate in a contested cyber environment," stated Mr. Kevin Stocking, 460th SW Plans and Programs Chief . Eight subject matter experts (SMEs) from outside the wing, ranging from the 688th Information Operations Wing and the Kansas Air National Guard (both components to 24th Air Force) to the Network Operations and Security Center and former "cyber aggressors" from Nellis AFB, helped plan and execute the exercise. They also helped the wing' s exercise and evaluation team assess the wing' s performance and identify lessons learned. "According to the SMEs we brought in, who are responsible for executing and evaluating cyber operations across the Air Force," said Mr. Stocking, "Cyber Lightning was certainly a first-of-its-kind wing exercise in AFSPC, and as far as we know, across the entire Air Force too." "This is not just an exercise or a game," said Col. Trent Pickering, 460th Space Wing vice commander during a wing briefing kicking off the day's events. "It's real! It gives us a peek under the tent on how we will command and control this base, and maintain our mission operations, in an environment where an adversary is attempting to deny us some of our key communications capabilities." The exercise was centered around network degradation, outages, and hacking activities; phishing and social engineering attempts to gain access to the base network and solicit information on the wing' s Critical Information List; and intermittent land mobile radio, email "pop-ups" and chat room capabilities while responding to an active shooter scenario and anti-terrorism injects. It also entailed some "dumpster diving" looking for personal or unit information that wasn't shredded properly, and office-by-office searches for CAC cards left unattended in computers which could grant an adversary immediate access to the wing network "The cyber aggressors came into my office attempting to log onto our computers," said Airman 1st Class Jessica Lopez, 460 Mission Support Group. "I noticed the limited information and the situation seemed suspicious. I had remembered the briefings we had in the past on how not to let anyone on our computers due to cyber threats so I used my cyber awareness and stopped them from getting anywhere near our computers." Other members of the wing were recipients of social engineering phone calls from an aggressor proclaiming to be part of the wing deployment team. "They were trying to get me to give away information about an exercise deployment activity, and other information on our wing critical information list" said one recipient. "They were pretty slick, but due to all of our recent training I figured it out and reported them to our OPSEC team." The wing policy is that any member who violates sound network practices (e.g., falls prey to a phishing attempt or clicks on a link in an email without a digital signature) is automatically locked out of their network account for a minimum of 24 hours and must be retrained on network security procedures before having their network access restored. "Overall the exercise went very well," said Mr. Stocking. "It met the intention of what the commander (Col. Clint Crosier, 460th SW Commander) provided us as objectives. His basic direction was that we have to ensure we can continue to command and control the wing in an environment where all of our normal communications tools and processes were denied. So at various points in the exercise, we took them all away--from email, to chat rooms, to base radios--and forced the wing to develop and implement back-up communications and operational procedures--while under fire no less. It identified areas where we need to refine our processes and procedures, but that was exactly the point." According to Mr. Stocking, we will continue to execute Cyber Lightning exercises in the future, and incorporate cyber type events in all of the wing' s standard exercise programs. "These will become more a norm than an exception," he said. As an operational wing we have become so dependent on e-mail, computers, and the network to execute key missions and processes, this exercise was a reminder that we can't always depend upon them in today's environment," said Colonel Crosier. "Just as we have had to plan to operate through a contested space domain over the past decade, events you can read about in the newspaper every day have demonstrated we now have to learn how to operate through a contested cyber domain as well. During a loss or degradation of communication capabilities we have to continue to perform our critical missile warning mission, provide support to the national command leaders, and protect the men and women of Buckley Air Force Base--and failure isn't an option." In an American Forces Press Service story posted on Oct.18, Deputy Defense Secretary William J. Lynn III said Oct. 14, "With the creation of the U.S. Cyber Command in May and last week's cyber security agreement between the departments of Defense and Homeland Security, DoD officials are ready to add cyberspace to sea, land, air and space as the latest domain of warfare. "Information technology provides us with critical advantages in all of our war fighting domains, so we need to protect cyberspace to enable those advantages," Secretary Lynn said. "Adversaries may be able to undermine the military's advantages in conventional areas by attacking the nation's military and commercial information technology, or IT, infrastructure A lot of the planning, management and execution for this exercise was the direct result of Capt. Sarah Ford and Mr. Mike Hanke from Wing Plans and our EET team explained Mr. Stocking. "They deserve the credit for making this exercise successful," he said. "And we're going to do a lot more of them." ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Wed Oct 27 2010 - 22:24:38 PDT
This archive was generated by hypermail 2.2.0 : Wed Oct 27 2010 - 22:30:59 PDT