Air Force wins cyberexercise

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.fcw.com/fcw/articles/2003/0428/web-cdx-04-30-03.asp

By Dan Caterinicchia 
April 30, 2003

The Air Force Academy recently beat out the four other service
academies in the Cyber Defense Exercise, a cyber training tool
designed to prepare students to protect and defend the nation's
critical information systems. Each student team was challenged to
configure a network of computers securely to serve both local and
remote users. The exercise environment was created to represent
coalition information sharing; the students entered into direct
cybercombat with so-called "red forces," which challenged them to keep
their systems online and running.

Each team was evaluated on how well they maintained services, as well
as their efforts to recover from and prevent future security breaches,
according to the National Security Agency, which sponsors the event
along with the U.S. Military Academy.

In addition to requiring each school to host a "rogue" computer that
was controlled by the red forces, this year's exercise differed from
the previous two years in many ways. The networks at each academy
represented a collection of coalition partners deployed as regional
commands, said Army Lt. Col. Daniel Ragsdale, director of the
information technology and operations center in the electrical
engineering and computer science department at the U.S. Military
Academy.

"These commands are required to provide services to one another and
receive direction from a centrally located command forces
headquarters," Ragsdale said. "Sharing services adds a realistic
element to the exercise and introduces the threat of 'insiders.' The
focus is on keeping services available while maintaining the integrity
of information. These partners are not allowed to have full,
unfettered access to all of the systems or services."

Other changes to make the exercise more realistic included: leaving
the design of the network topology up to the students; making the
students select the operating systems that would run on the more than
20 servers available to them; and requiring students to identify
software and applications to address 10 major system requirements
including local and remotely accessible e-mail, Web service, database
services, video conferencing services, and secure communications
capability.

For the first time this year, organizers used traffic generators to
create a certain amount of artificial ambient network traffic.  
Participants were also required to frequently communicate with remote
coalition partners and headquarters.

"These changes increase the difficulty of detection intrusions because
malicious traffic will be, at least, partially masked by this
activity," Ragsdale said. He added that social engineering, which was
disallowed in previous years, was introduced this year in order for
Trojan horses to be sent through e-mail and/or other communications
within the Cyber Defense Network.

This year's competition was extremely close. A single-system
compromise was the difference between the Air Force team and the other
participants during the four-day exercise, which concluded last week.  
The level of competition has grown exponentially over the last three
years, proving that "this exercise is making a direct impact to the
preparedness of future military leaders," according to the NSA.

The Air Force Academy team, which beat out the Naval Academy, Coast
Guard Academy, and Merchant Marine Academy and the two-time defending
champions, the U.S. Military Academy, will be presented the NSA
Information Assurance Director's Trophy during graduation week.
 
 

*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.