[ISN] In cyberwar game, US Army confronts enemies within

William Knowles wk at c4i.org
Fri Apr 23 05:03:46 EDT 2004 

http://www.forbes.com/business/businesstech/newswire/2004/04/21/rtr1341011.html

By Eric Auchard 
Reuters
04.21.04

WEST POINT, N.Y. (Reuters) - The mission: to secure an entire computer 
network for the United States and its allies against a vague enemy 
force. 

Hostile agents aim to wreak havoc on military plans, sabotaging 
databases, computer terminals and communications. 

But the cyber warriors planning a best defense aren't analysts 
hunkered down at the Pentagon. They are cadets at West Point competing 
against military academies and other schools in a four-day Cyber 
Defense Exercise this week. 

And the "enemy" isn't al Qaeda or Iraqi insurgents. It's a team led by 
none other than the National Security Agency. 

Cyber warfare, a subset of classic information war that goes back as 
far as ancient Chinese military strategist Sun Tzu, has pushed its way 
into U.S. military curricula as the Internet has become pervasive. 

"Anything hooked up to the Internet is vulnerable," said Emmanuel 
Eleyae, 22, a senior Army cadet from Chino, California, who is taking 
part in the war game. 

"I'm not really scared. I'm looking forward to the best exploits that 
the NSA can throw at us," said Eleyae, who, after graduating in May, 
is shipping out to officer training school, then off to a position 
with a U.S. armored unit in South Korea. 

Armchair information warfare theorists can check their attitudes at 
the door, event organizers say. The threats are more pedestrian, 
virtually speaking, the sort that many corporate network 
administrators must contend with every day. 

But in war, a cyber attack can leave armies fighting blind. 

Participants huddled around computers in this olive-green, 
camouflage-shrouded training room aren't too concerned with science 
fiction apocalypse scenarios. The cadets rely on widely available 
network defenses based on Linux software, the same automated tools in 
the arsenal of any company network manager. 

RULES OF THE GAME 

The NSA team, known as the "Red Cell," launches attacks on selected 
networks at the Air Force, Army, Coast Guard, Merchant Marine and Navy 
academies from an operations center somewhere in Maryland. The 
computer scenario plays out virtually inside the cadets' computers. 

Going on the offensive, or using so-called hackback techniques, is 
against competition rules. Also out-of-bounds are forms of sabotage in 
which computers can be turned into zombies and used to attack opponent 
machines with millions of data messages, shutting down communication. 

"This exercise is solely concerned with defending networks, not 
attacking them," said Maj. Ron Dodge, coach of the Army's 32-member 
team and a professor at the U.S. Military Academy at West Point. 

Security consultant Michael Erbschloe of Alexandria, Virginia, says 
the focus on vulnerability detection is the basis of all effective 
cyber defense. He estimates 99 percent of attacks exploit a few dozen 
known network weaknesses. 

"If you keep out 99 percent of those attacks, it's easier to guard 
against the 1 percent that make up the real threats to networks," said 
Erbschloe, author of "Information Warfare: How to Survive Cyber 
Attacks." 

The rules this year are designed to make the competition simulate more 
of a 24-hour operation, despite the reality that "Taps" still sounds 
at 2330 (11:30 p.m.) and cadets are required to be in bed with lights 
out by then. Overnight, the enemy can prey upon any network 
vulnerabilities with impunity. 

Army lost last year not because of a successful outside attack but 
from a self-inflicted wound in which an authorized network user 
accidentally knocked out service for several hours, costing precious 
points that helped Air Force prevail. 

Army cadets won the exercise during its first two years. 



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*

More information about the ISN mailing list