Wars were once fought only on the land, in the air and at sea. Now they’re fought in cyberspace, as well. When Russia and Georgia squared off over the breakaway province of South Ossetia last year, both sides’ hackers attacked the other’s electronic infrastructure. In 2007, Israeli cyber-warriors disabled Syrian air defenses to clear the way for an air strike on a suspected nuclear site.
China represents one of the biggest electronic threats to U.S. interests, according to experts. The Wall Street Journal recently reported that Chinese hackers gained access to sensitive on-line data on the U.S.-designed F-35 fighter jet.
Despite the threat, the U.S. military has been slow to organize cyber-defenses. Last year the Pentagon canceled plans to stand up a Cyber Command, run by the Air Force.
The U.S. military still needs hundreds of military-minded cyber experts, however. To help train up this new generation of on-line warriors, the U.S. military academies and military graduate schools participate in an annual Cyber Defense Exercise, or CDX.
The CDX pits expert hackers employed by the National Security Agency against cadets at the Army’s West Point in New York, the Naval Academy in Maryland, the Coast Guard Academy in Connecticut, the Air Force Academy in Colorado and other institutions. The players must build and defend a network, including an email server, from NSA infiltration over a four-day period.
In April last year, the Army cadets soundly defeated all rivals, for the second year in a row, by building a robust Linux-based network with a wide range of “manual” — as opposed to automatic — software tools that, while time- and labor-intensive, allowed for a nimble response to incoming worms.
The Army came out on top in this year’s CDX, too — an “unprecedented success,” according to Colonel Joe Adams, an instructor who helped oversee the cadets’ preparations. “It is tribute to the cadets’ hard work,” Adams said.
This year was “tighter than last year’s blow-out win,” Adams said. “[O]ur cadets made it through the week without suffering a compromise or losing points for service outage … A single compromise or blown service would have changed the outcome.”
“This year’s exercise included new technologies, such as IPv6 and Windows Vista, so the time spent learning and hardening those systems helped make the difference,” Adams added. “This year’s [West Point] team chose to use a combination of Access Control Lists (ACLs) and IPsec to protect the network. At the infrastructure level, we used Windows 2008 server. This worked well with the Vista clients that we were given by the NSA to represent notional users.”
“The biggest change, in terms of operations, was in our email service. All emails in the exercise need to be signed and encrypted. In years past, we had used MS Exchange, but it proved to be difficult to harden and manage for the cadets. This year, we used Postfix and Dovecot on FreeBSD. This shift not only allowed us to use FreeBSD, which we’re comfortable with, but Postfix and Dovecot are well documented and proved easier to implement.”
The “enemy” attacks were more sophisticated than in previous years, Adams reported. “We saw more embedded malware on the notional workstations we received from NSA. Additionally, the NSA used a lot of automated attacks from tools like Nikto and Metasploit.”
Adams chalks up his team’s success to “preparation and teamwork.”
If only the entire U.S. cyber-defense community were so effective.