[ISN] "Live-fire" cyberwar-in-a-box tests mettle of military, IT pros

From: InfoSec News <alerts_at_private>
Date: Mon, 22 Oct 2012 01:51:59 -0500 (CDT)
http://arstechnica.com/information-technology/2012/10/live-fire-cyberwar-in-a-box-tests-mettle-of-military-it-pros/

By Sean Gallagher
Ars Technica
Oct 20 2012

In August, a collection of military, government, and nongovernmental 
humanitarian organizations from 22 countries in the Pacific gathered in 
Singapore for Pacific Endeavor 2012, a joint exercise to test how 
quickly and how well they could communicate in the face of a disaster. 
While the simulated mission was peaceful, some of the participants were 
put through a separate, more hostile test -- Cyber Endeavor, a full-on 
"live fire" cyberwarfare exercise focused on "protecting information in 
a collaborative environment, "with both innocent bystanders and hostile 
attackers."

The battle was fought on a closed "cyber range," a network designed to 
put network security teams through their paces and expose them to the 
most up-to-date exploits and attack methods available to hackers in the 
real world. Using BreakingPoint FireStorm network security testing 
appliances from Ixia, two teams created test traffic against the "Blue 
Team" defenders in the exercise. A "Green" team created normal, benign 
application traffic against the network's infrastructure, and a "Red" 
team that staged attacks drawn from a library of up-to-date 
vulnerabilities and exploits, using simulated botnets, real malware, and 
malformed packets designed to stress network infrastructure.

The Defense Department has invested heavily in cyber-ranges, including 
DARPA's multimillion dollar effort to build a National Cyber Range, a 
project now in the process of being transferred to U.S. Cyber Command. 
The NCR's goal was to create a secure, self-contained network facility 
that could be set up to emulate both internal Defense Department 
networks and commercial networks for evaluating and certifying 
cyberdefense tools. And the NCR isn't alone -- there are several other 
cyber-range facilities operated by other parts of the DOD.

The problem, of course, is that those facilities are isolated and 
physically locked down -- and expensive to operate. They usually require 
building a load of virtual machines to generate attacks and application 
traffic, and it takes significant work to create automated traffic that 
both takes advantage of emerging threats and doesn't give itself away by 
being too "canned." And if an organization wants to train on the NCR, 
they'll need to send their cyber-security team to it -- and get proper 
clearances.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Sun Oct 21 2012 - 23:51:59 PDT

This archive was generated by hypermail 2.2.0 : Sun Oct 21 2012 - 23:46:05 PDT