Cyberdrill carries over to real war
- By William Jackson
- May 15, 2003
Specialist Robert Martel, left'an observer from the Army's North East Operations Command'watches along with Cadets Rain Ottis and Arthur Miceli as Cadet Justin Edgars responds to a cyberattack.
Courtesy of U.S. Military Academy
Little did the cadets and midshipmen realize how soon they would put to use the skills they learned in the Cyber Defense Exercises hosted each April jointly by the military academies.
A number of warfighters now posted in Iraq and at military bases around the world recounted in recent e-mail exchanges with GCN how the annual network face-off drill is helping them manage communications services on the battlefield.
'I've been putting what I learned into practice in a real environment for several months now,' 1st Lt. Todd Arnold wrote.
'I am writing this from the V Corps main HQ at one of Saddam Hussein's presidential palace compounds in Baghdad,' Arnold, a 2001 graduate of the Army's Military Academy at West Point, N.Y., and member of its first cyberdefense team, added. 'The lessons learned in the exercise have come into play here. I can't go into too much detail about the network, but it has 300-plus routers and is still growing. It is the largest tactical network ever.'
Since the original contest between the Army and Air Force academies in 2001, the exercise has grown. Last year, the Naval and Coast Guard academies joined in the drill; this year the Merchant Marine school came on board.
The competition itself also has become more realistic. This year, each team pretended it was the headquarters of a military coalition partner. Each designed its own network and had to guard Web, e-mail, Domain Name System and public-key infrastructure registration services against red-team attacks while communicating and cooperating with the other contestants.
Another new wrinkle this year was a so-called rogue box in each network that the red team could use to simulate insider attacks against another coalition member.
'We could see the traffic go out and see the attack against another network,' said Lt. Col. Daniel Ragsdale, assistant professor of computer science at West Point.
That created an ethical dilemma. Should the team notify its 'coalition partner,' thus helping a competing team, or keep quiet and improve its own chances?Pulling all-nighters
Last year's attacks took place during the day while cadets were in classes, and they patched and repaired their networks in the evening.
'It was a true force-on-force this time around,' Ragsdale said, with attacks and defense going on around the clock. 'It was not supposed to be a 24-hour operation, but I don't believe there was a minute during the four days when there wasn't someone in the operations center.'
The Army, Navy, Air Force, Coast Guard and Merchant Marine competitors sought to keep production networks up and communicating under attacks by the National Security Agency red teams.
When the dust cleared, the Air Force Academy at Colorado Springs, Colo., won the NSA Information Assurance Director's Trophy, which had been claimed for the past two years by West Point.
'We came in fourth last year,' said Capt. Todd Stratton, a computer science instructor who taught the Air Force Academy's network security course. 'We're elated.'
Wayne Schepen, NSA visiting fellow at West Point, said, the exercise 'is really making a difference in the academies. We couldn't be happier.'
Cadets monitored and responded to attacks in real time. 'At one point it came down to who could type fastest,' Ragsdale said. 'This made for a significant increase not only in the learning but in the excitement.'
'I had never had a hands-on experience before,' said Cadet Matt Kotowski, a West Point team member from Capel, Calif. 'I was using software and technology that had only been out for a month. It was awesome.'
'It was really a time to sit down and apply what you have learned over the year,' said Cadet Chris Wren, a West Point team member from Dallas.
This year's West Point team was the first to have participated in an information assurance program for all four years of their schooling.
'That made a big difference,' Ragsdale said. 'They did work I would expect from professionals. I was astounded that they didn't win.'
But the Air Force Academy team was 'relatively flawless,' Stratton said. 'They made no major mistakes, and they worked great as a team.'
In the end, a single flaw in West Point's File Transfer Protocol server was decisive.
'We gave it a few more privileges than we needed to, and that ended up being counted as an exploit against us,' said Cadet Erik Sarson of Latrobe, Pa.
All 14 members of the Air Force team were students in Stratton's course in analysis and design of secure networks.
'This is the first year we taught this course,' Stratton said. 'After last year's exercise, it became apparent we needed to expand.'
Stratton, who came to the academy from an Air Force base where he had been in charge of a network, said the exercise was realistic.
'It's amazing how useful this is going to be to them,' he said. 'I wish I'd had something like this.'
The 10 seniors on Stratton's team will go on to become base-level communications and information officers after graduation.
Former West Point team members already are serving in Europe, Asia and the Middle East.
Lt. Arnold, data officer for V Corps' 22nd Signal Brigade, has been in the Mideast since early February.At the front
'A few days into the war, I jumped up to al-Najaf to control the network from the front,' he wrote by e-mail. 'My brigade commander wanted a presence closer to the subscribers who were doing the fighting. I had a few adventures over the next month before moving into Baghdad on April 12, three days after the fall. I have been here since, trying to keep the network stable while it moves north from Kuwait.'
Ian MacLeod, a platoon leader with a strategic signal battalion in Stuttgart, Germany, wrote by e-mail that the systems his soldiers operate 'are extremely critical and heavily guarded.' His West Point training in information assurance has been important, he said, because 'as the Army becomes more digitized, the amount of information being passed will increase exponentially.'
But the Army might not be as ready to put the training to use as the young soldiers would like.
'Unfortunately, the Army seems to want to hire more civilian contractors to do information assurance and network management,' Arnold said. 'I really lucked out in getting this job, because there aren't very many like it in the Army for a first lieutenant.'
Another team member, 1st Lt. Matthew Vea, a 2001 West Point graduate, also was frustrated by the lack of opportunities to use his training. In his job as executive officer for the 275th Signal Co. in Yongsan, South Korea, he does paperwork and fixes printers.
'The only reason I touch computers is because I volunteered to be the information management officer after I saw the state of our network,' he wrote by e-mail.