[Infowarrior] - Cadets Trade the Trenches for Firewalls

[Richard Forno]

May 11, 2009
Cadets Trade the Trenches for Firewalls
By COREY KILGANNON and NOAM COHEN

http://www.nytimes.com/2009/05/11/technology/11cybergames.html?_r=1&ref=global-home&pagewanted=print

WEST POINT, N.Y. — The Army forces were under attack. Communications  
were down, and the chain of command was broken.

Pacing a makeshift bunker whose entrance was camouflaged with netting,  
the young man in battle fatigues barked at his comrades: “They are  
flooding the e-mail server. Block it. I’ll take the heat for it.”

These are the war games at West Point, at least last month, when a  
team of cadets spent four days struggling around the clock to  
establish a computer network and keep it operating while hackers from  
the National Security Agency in Maryland tried to infiltrate it with  
methods that an enemy might use. The N.S.A. made the cadets’ task more  
difficult by planting viruses on some of the equipment, just as real- 
world hackers have done on millions of computers around the world.

The competition was a final exam of sorts for a senior elective class.  
The cadets, who were computer science and information technology  
majors, competed against teams from the Navy, Air Force, Coast Guard  
and Merchant Marine as well as the Naval Postgraduate Academy and the  
Air Force Institute of Technology. Each team was judged on how well it  
subdued the threats from the N.S.A.

The cyberwar games at West Point are just one example of a heightened  
awareness across the military that it must treat the threat of a  
computer attack as seriously as it does an attack carried out by a  
bomber or combat brigade. There is hardly an American military unit or  
headquarters that has not been ordered to analyze the risk of  
cyberattacks to its mission — and to train to counter them. If the  
hackers were to succeed, they could change information on the network  
and cripple Internet communications.

In the desert outside Las Vegas, in a series of inconspicuous  
trailers, some of the most highly motivated hackers in the United  
States spend their days and nights probing the military’s vast  
computer networks for weaknesses to exploit.

These hackers — many of whom got their start as teenagers devoted to  
computer screens in their basements — have access to the latest in  
attack software. Some of it was developed by cryptologists at the  
N.S.A., the nation’s largest intelligence agency, where most of the  
government’s talent for breaking and making computer codes resides.

The hackers have an official name — the 57th Information Aggressor  
Squadron — and a real home, Nellis Air Force Base.

The Army last year created its own destination for computer experts,  
the Network Warfare Battalion, where many of the cadets in the  
cyberwar games hope to be assigned. But even so, the ranks are still  
small.

The Defense Department today graduates only 80 students a year from  
its cyberwar schools, causing Defense Secretary Robert M. Gates to  
complain that the Pentagon is “desperately short of people who have  
capabilities in this area in all the services, and we have to address  
it.” Under current Pentagon budget proposals, the number of students  
cycled through the schools will be quadrupled in the next two years.

Part of the Pentagon’s effort to increase the military’s capabilities  
are the annual cyberwar games played at the nation’s military  
academies, including West Point, where young cadets in combat boots  
and buzz cuts talk megabytes instead of megatons on a campus dotted  
with statues of generals, historic armaments and old stone buildings.

While the Pentagon has embraced the need for offensive cyberwarfare,  
there were no offensive maneuvers in the games last month, said Col.  
Joe Adams, who teaches Information Assurance and stood at the head of  
the classroom during the April exercise.

Cadet Joshua Ewing said he and his fellow Blue Team members “learn all  
the techniques that a hacker would do, and we try to beat a hacker.”

These strategies are not just theoretical. Most of these cadets will  
soon be sent to Afghanistan to carry out such work, Cadet Ewing said.

When the military deploys in a combat zone or during a domestic  
emergency, establishing a secure Internet connection is an early  
priority. To keep things humming, the military’s experts must fend off  
the ordinary chaos of the Internet as well as attacks devised to  
disable the communications system, like flooding e-mail servers with  
so many junk messages that they collapse.

Underscoring how seriously the cadets were taking the April games, the  
sign above the darkened entranceway in Thayer Hall read “Information  
Warfare Live Fire Range” and the area was draped with camouflage  
netting.

One group had to retrieve crucial information from a partly erased  
hard drive. One common method of hiding text, said Cadet Sean Storey,  
is to embed it in digital photographs; he had managed to find secret  
documents hidden this way. He was seeking a password needed to read  
encrypted e-mail he had located on the hard drive.

Other cadets worked in tandem, as if plugging a leaky dam, to keep the  
entire system working as the N.S.A. hackers attacked the engine that  
runs a crucial database as well as the e-mail server.

They shouted out various Internet addresses to inspect — and usually  
block — after getting clearance from referees. And there was that  
awkward moment when the cadet in charge, Salvatore Messina, had to act  
without clearance because the attack was so severe he couldn’t even  
send an e-mail message.

The cadets in this room do get their share of ribbing. But one cadet,  
Derek Taylor, said today’s soldiers recognize that technological  
expertise can be as vital as brute force in saving lives. West Point  
takes the competition seriously. The cadets who helped install and  
secure the operating system spent a week setting it up. The dean gives  
a pep talk; professors bring food.

Brian McCord, part of the team that installed the operating system,  
said he was chosen because his senior project was deeply reliant on  
Linux. The West Point team used this open-source operating system,  
freely available on the Internet, instead of relying on proprietary  
products from big-name companies like Microsoft or Sun Microsystems.

“It seems weird for the Army with its large contracts to be using  
Linux, but it’s very cheap and very customizable,” Cadet McCord said.  
It is also much easier to secure because “you can tweak it for  
everything you need” and there are not as many known ways to attack  
it, he said.

West Point emerged victorious in the games last month. That means the  
academy, which has won five of the last nine competitions, can keep  
the Director’s Cup trophy, which is displayed near a German Enigma  
encoding machine from World War II. Cracking the Enigma code helped  
the Allies win the war, and the machine is a stark reminder of the  
pivotal role of technology in warfare.

Thom Shanker contributed reporting from Washington.