[Infowarrior] - Classified Memo Toughens Cyber-Threat Portrayals In DOD Exercises

Richard Forno rforno at infowarrior.org
Fri Jan 21 14:26:20 CST 2011


(h/t Anonymous)

Inside the Pentagon - 01/20/2011

https://defensenewsstand.com/component/option,com_ppv/Itemid,287/id,2351617/

Classified Memo Toughens Cyber-Threat Portrayals In DOD Exercises

The military's top officer has issued a classified memo directing the
Defense Department to use tougher, more realistic portrayals of cyber
threats in its exercises.

A reference to the September 28, 2010, memo, stamped "secret" and signed by
Chairman of the Joint Chiefs of Staff Adm. Michael Mullen, is buried in the
latest annual report from Michael Gilmore, the Pentagon's operational
testing chief.

Cyber threats portrayed during military exercises have been "consistently
below that expected from a nation-state," but "red teams" playing the enemy
role have generally beaten U.S. defenses, according to the report released
last week by the director of operational test and evaluation (DOT&E).

The report announces that "the level of cyber-threat portrayal in future
exercises is expected to increase significantly" in response to Mullen's
classified memo.

A spokesman for Mullen declined to release the memo, but told Inside the
Pentagon that the excerpts included in the report "seem to summarize an
important point -- that our combatant commands must integrate aggressive
cyber threats into their training events in order for us to maintain our
competitive advantage in the field."

Mullen's directive makes sense because cyber threats are becoming
increasingly sophisticated, said Stewart Baker, who served as the Department
of Homeland Security's first assistant secretary for policy.

"In general, it's fair to say that you have to change your exercises on a
regular basis because the threat gets more consistent on a regular basis,"
Baker told ITP. "If you're still doing the same thing you were doing three
years ago, you're out of date."

Baker acknowledged a "competing consideration" when looking to bolster the
level of cyber-threat portrayal in exercises.

"You don't want to run an exercise between people doing a good job and
people doing a bad job," he said. "If it's so one-sided the attackers win
all the time . . . then the exercise is not actually teaching people
anything." However, "we're going to have to dramatically up our game given
the sophistication of the attacks," he added.

Gilmore's report states that "assessing organizations" within DOD performed
information assurance and interoperability assessments during 21 combatant
command and services exercises, eight of which involved units deployed or
preparing to deploy to Iraq or Afghanistan.

The information assurance posture observed during FY-10 exercise assessments
is insufficient to prevent an advanced adversary from "adversely affecting
the missions that were being exercised," the report states. "Improvements in
certain areas of network defense were observed," but red teams "generally
overcame defense during exercises by increasing their level of effort," the
report adds.

All red teams "reported increasing difficulty in penetrating network
defense," but with sufficient time, they "typically managed to penetrate
networks and systems," the report states. Although in some cases red teams
were "successfully blocked from employing certain attacks due to specific
preparations or precautions on the part of network defenders," the overall
assessment is that information assurance "remains a significant operational
concern" across the Defense Department, according to the report.

DOD's operational testers also conducted interoperability assessments on
cyber exercises and found that issues encountered "typically hindered,
rather than prevented, mission accomplishment" due to "operators who
developed and executed effective workarounds." But the workarounds "often
resulted in degraded efficiency of completing tasks," the report adds.

-- Amanda Palleschi


More information about the Infowarrior mailing list