Cyber war game tests future troops
In a basement lab littered with computers, monitors and chalkboard diagrams, 14 Naval Academy midshipmen are buzzing about the latest hacker assault on the computer network they created.
Hackers have penetrated their network and erased a database. But lead technician James Shey, stifling a yawn, says this attack is no big deal -- his team saved a backup copy.
Shey has slept a total of five hours out of the last 36. He and the other future Navy officers have been standing cybersecurity watch as part of the third annual Cyber Defense Exercise. The midshipmen, along with teams from the nation's four other service academies, are defending home-grown computer networks from attack by specialists from the National Security Agency, the United States's ultra-secretive surveillance and spy agency.
The war in Iraq drove home the fact that the U.S. military is heavily dependent on sophisticated electronic communications and information technology. As the Pentagon deploys even more advanced systems, planners are acutely aware that a hacker could kill more U.S. soldiers with bits and bytes than with bombs or bullets.
A porous military network deployed on the battlefield, for example, could allow the enemy to inject misleading information about the location of allied and enemy forces, leading to friendly fire casualties or an enemy ambush, said U.S. Army Lt. Col. Daniel Ragsdale, assistant professor of computer science at the U.S. Military Academy at West Point, and co-founder of the exercise.
"We are so highly dependent on information technology that if we don't do the hard work we're doing here, that could soon become a real Achilles heel for us," Ragsdale said. "A network compromise in the battlefield means we could be fed bad information, which could easily cost lives."
Thus the cyber defense program was born to challenge the notion that cyberattacks are an annoying but non-lethal threat to U.S. forces. Begun at West Point in the late 1990s, the training program took off in 2000 when the NSA sent computer scientist Wayne Schepens to the academy. Schepens offered the services of the NSA's own computer security experts, who regularly probe the Defense Department's networks for security holes.
The program is specifically a product of the service academies and the NSA, and is not part of any Pentagon computer security of cyber-warfare effort.
The excercises are, however, "a microcosm of what's going on in our military overall today," said John Arquilla, associate professor at the Naval Postgraduate School.
"Our military relies on advanced communications and technology to know where the enemy is, and the destruction or disruption of that flow of information can cripple them," he said. "The information technologies that make us so strong are also our biggest weaknesses."
This year's exercise took place on closed "virtual private networks," rather than on the Internet. Teams of eight to several dozen students -- mostly computer science majors -- defended their systems against the NSA hackers from Monday morning to Thursday afternoon. The teams were based at their respective military academies, while the "hackers" operated from NSA headquarters at Fort Meade, Md. West Point and the Air Force Academy competed in the first exercise in 2001. The Naval and Coast Guard academies joined last year, and the Merchant Marine Academy joined this year.
As with golf, the winner is the team with the least number of points. Earning points is bad, because it means the enemy was able to bring down part of the network or corrupt its contents.
"What you have here is an exercise in battlefield conditions, where teams were assessed points for any sustained damage to their systems, with each point considered equal to a loss of life," said Bradford Willke of the government-funded CERT Coordinating Center at Pittsburgh's Carnegie Mellon University, which provided the referees for this year's exercise.
Cybercrime News Archive
^macro[showdigestcomments;^uri;Cyber war game tests future troops]