A DOD cyberplan aims to attract hackers like bees
- By Dawn S. Onley
- Jun 30, 2005
Two of the Army's lead technologists propose to defend the Global Information Grid by using decoy networks and 'honey pots' to fool hackers.
The goal is to lure intruders into these areas and away from operational networks.
'No other enterprise in the world has responsibility for a communications network quite like the GIG,' Army Col. Carl Hunt, director of technology for the Joint Task Force for Global Network Operations, said at the recent Army Small Computer Program conference in Las Vegas.
He said the service is looking for ways to apply niche types of technologies to accomplish its mission. One of the technologies is Net Force Maneuvers, a system of shadow DOD networks that would keep hackers away from mission-critical systems while giving Defense IT managers time to learn about the intruder's techniques, location and capabilities.
Hunt said the concept is part of the Army's notion of NetOps, a component of network-centric warfare that focuses on using commercial best practices to operate, manage and defend the GIG.
Hunt and Doug Gardner, director of the Applied Technology unit of JTF-GNO, co-authored a recent paper, Net Force Maneuver: A NetOps Construct, that outlines ways to keep malicious intruders from penetrating the GIG, DOD's IT architecture. The paper was presented at the 2005 Institute of Electrical and Electronics Engineers Workshop on Information Assurance last month at the U.S. Military Academy in West Point, N.Y.
The Net Force Maneuver is a diversion strategy that leads hackers 'to systems where we are prepared to receive them,' Hunt and Gardner wrote.Providing a 'playground'
'These systems will collect information on methodologies, techniques and tools while providing a realistic 'playground' for the intruder. This playground will be devoid of real system information but will keep the intruder occupied. The goal here then is to ensure the intruder does not know which systems are real and which ones aren't.'
The paper examines ways to reduce the profile of critical military systems, how to create viable diversion networks that draw intruders away from operation networks and ways to keep would-be hackers occupied while the Army collects as much information on them as possible, officials said.
Ross Stapleton-Gray, senior research analyst at Skaion Corp., a computer security company in North Chelmsford, Mass., said the idea has merit, but wouldn't necessarily be easy to pull off.
'Rendering phantom DOD networks would be an interesting challenge: They'd need to behave sufficiently realistically as to convince prospective attackers that they were authentic, yet not reveal too much about the real networks,' Stapleton-Gray said.
'I could imagine DOD essentially running a continuous simulation of portions of DOD networks, in parallel with the real ones. When outsiders show up and start probing around the fake networks, you can track all their activities, even feed them information on fictional vulnerabilities, and see what they do,' he said.
Hunt and Gardner warned Defense officials that Net Force Maneuver is no silver bullet. It needs to be combined with other protective measures that are now being developed.
'Proposals such as advanced, high-speed border devices that combine protection against viruses, worms and spyware are also of potentially tremendous advantage in defending the GIG,' the authors said in the paper. 'Because of the inspiration of NFM, however, even the discussions for implementing these types of devices are already compounding their probable value.'