[ISN] 460th Space Wing wraps up first ever Cyber Lightning exercise

From: InfoSec News <alerts_at_private>
Date: Thu, 28 Oct 2010 00:24:38 -0500 (CDT)
http://www.afspc.af.mil/news/story.asp?id=123228183

By Master Sgt. J. LaVoie
460th Space Wing Public Affairs
10/27/2010 

Working under a carefully planned and escalating contested cyber 
environment on Oct. 15 members of the 460th Space Wing successfully 
completed its first ever exclusively cyber-focused exercise at Buckley 
Air Force Base, Colo.

"Exercise Cyber Lightning" was designed to test the wing' s capability 
to operate in a contested cyber environment," stated Mr. Kevin Stocking, 
460th SW Plans and Programs Chief .

Eight subject matter experts (SMEs) from outside the wing, ranging from 
the 688th Information Operations Wing and the Kansas Air National Guard 
(both components to 24th Air Force) to the Network Operations and 
Security Center and former "cyber aggressors" from Nellis AFB, helped 
plan and execute the exercise. They also helped the wing' s exercise and 
evaluation team assess the wing' s performance and identify lessons 
learned.

"According to the SMEs we brought in, who are responsible for executing 
and evaluating cyber operations across the Air Force," said Mr. 
Stocking, "Cyber Lightning was certainly a first-of-its-kind wing 
exercise in AFSPC, and as far as we know, across the entire Air Force 
too."

"This is not just an exercise or a game," said Col. Trent Pickering, 
460th Space Wing vice commander during a wing briefing kicking off the 
day's events. "It's real! It gives us a peek under the tent on how we 
will command and control this base, and maintain our mission operations, 
in an environment where an adversary is attempting to deny us some of 
our key communications capabilities."

The exercise was centered around network degradation, outages, and 
hacking activities; phishing and social engineering attempts to gain 
access to the base network and solicit information on the wing' s 
Critical Information List; and intermittent land mobile radio, email 
"pop-ups" and chat room capabilities while responding to an active 
shooter scenario and anti-terrorism injects. It also entailed some 
"dumpster diving" looking for personal or unit information that wasn't 
shredded properly, and office-by-office searches for CAC cards left 
unattended in computers which could grant an adversary immediate access 
to the wing network

"The cyber aggressors came into my office attempting to log onto our 
computers," said Airman 1st Class Jessica Lopez, 460 Mission Support 
Group. "I noticed the limited information and the situation seemed 
suspicious. I had remembered the briefings we had in the past on how not 
to let anyone on our computers due to cyber threats so I used my cyber 
awareness and stopped them from getting anywhere near our computers."

Other members of the wing were recipients of social engineering phone 
calls from an aggressor proclaiming to be part of the wing deployment 
team. "They were trying to get me to give away information about an 
exercise deployment activity, and other information on our wing critical 
information list" said one recipient. "They were pretty slick, but due 
to all of our recent training I figured it out and reported them to our 
OPSEC team."

The wing policy is that any member who violates sound network practices 
(e.g., falls prey to a phishing attempt or clicks on a link in an email 
without a digital signature) is automatically locked out of their 
network account for a minimum of 24 hours and must be retrained on 
network security procedures before having their network access restored.

"Overall the exercise went very well," said Mr. Stocking. "It met the 
intention of what the commander (Col. Clint Crosier, 460th SW Commander) 
provided us as objectives. His basic direction was that we have to 
ensure we can continue to command and control the wing in an environment 
where all of our normal communications tools and processes were denied. 
So at various points in the exercise, we took them all away--from email, 
to chat rooms, to base radios--and forced the wing to develop and 
implement back-up communications and operational procedures--while under 
fire no less. It identified areas where we need to refine our processes 
and procedures, but that was exactly the point."

According to Mr. Stocking, we will continue to execute Cyber Lightning 
exercises in the future, and incorporate cyber type events in all of the 
wing' s standard exercise programs. "These will become more a norm than 
an exception," he said.

As an operational wing we have become so dependent on e-mail, computers, 
and the network to execute key missions and processes, this exercise was 
a reminder that we can't always depend upon them in today's 
environment," said Colonel Crosier. "Just as we have had to plan to 
operate through a contested space domain over the past decade, events 
you can read about in the newspaper every day have demonstrated we now 
have to learn how to operate through a contested cyber domain as well. 
During a loss or degradation of communication capabilities we have to 
continue to perform our critical missile warning mission, provide 
support to the national command leaders, and protect the men and women 
of Buckley Air Force Base--and failure isn't an option."

In an American Forces Press Service story posted on Oct.18, Deputy 
Defense Secretary William J. Lynn III said Oct. 14, "With the creation 
of the U.S. Cyber Command in May and last week's cyber security 
agreement between the departments of Defense and Homeland Security, DoD 
officials are ready to add cyberspace to sea, land, air and space as the 
latest domain of warfare.

"Information technology provides us with critical advantages in all of 
our war fighting domains, so we need to protect cyberspace to enable 
those advantages," Secretary Lynn said. "Adversaries may be able to 
undermine the military's advantages in conventional areas by attacking 
the nation's military and commercial information technology, or IT, 
infrastructure

A lot of the planning, management and execution for this exercise was 
the direct result of Capt. Sarah Ford and Mr. Mike Hanke from Wing Plans 
and our EET team explained Mr. Stocking. "They deserve the credit for 
making this exercise successful," he said. "And we're going to do a lot 
more of them."


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Wed Oct 27 2010 - 22:24:38 PDT

This archive was generated by hypermail 2.2.0 : Wed Oct 27 2010 - 22:30:59 PDT