U.S. Army Cadets Victorious in Cyber-Defense War Game

Army CDX team

Wars were once fought only on the land, in the air and at sea. Now they’re fought in cyberspace, as well. When Russia and Georgia squared off over the breakaway province of South Ossetia last year, both sides’ hackers attacked the other’s electronic infrastructure. In 2007, Israeli cyber-warriors disabled Syrian air defenses to clear the way for an air strike on a suspected nuclear site.

China represents one of the biggest electronic threats to U.S. interests, according to experts. The Wall Street Journal recently reported that Chinese hackers gained access to sensitive on-line data on the U.S.-designed F-35 fighter jet.

Despite the threat, the U.S. military has been slow to organize cyber-defenses. Last year the Pentagon canceled plans to stand up a Cyber Command, run by the Air Force.

The U.S. military still needs hundreds of military-minded cyber experts, however. To help train up this new generation of on-line warriors, the U.S. military academies and military graduate schools participate in an annual Cyber Defense Exercise, or CDX.

The CDX pits expert hackers employed by the National Security Agency against cadets at the Army’s West Point in New York, the Naval Academy in Maryland, the Coast Guard Academy in Connecticut, the Air Force Academy in Colorado and other institutions. The players must build and defend a network, including an email server, from NSA infiltration over a four-day period.

In April last year, the Army cadets soundly defeated all rivals, for the second year in a row, by building a robust Linux-based network with a wide range of “manual” — as opposed to automatic — software tools that, while time- and labor-intensive, allowed for a nimble response to incoming worms.

The Army came out on top in this year’s CDX, too — an “unprecedented success,” according to Colonel Joe Adams, an instructor who helped oversee the cadets’ preparations. “It is tribute to the cadets’ hard work,” Adams said.

This year was “tighter than last year’s blow-out win,” Adams said. “[O]ur cadets made it through the week without suffering a compromise or losing points for service outage … A single compromise or blown service would have changed the outcome.”

“This year’s exercise included new technologies, such as IPv6 and Windows Vista, so the time spent learning and hardening those systems helped make the difference,” Adams added. “This year’s [West Point] team chose to use a combination of Access Control Lists (ACLs) and IPsec to protect the network. At the infrastructure level, we used Windows 2008 server. This worked well with the Vista clients that we were given by the NSA to represent notional users.”

“The biggest change, in terms of operations, was in our email service. All emails in the exercise need to be signed and encrypted. In years past, we had used MS Exchange, but it proved to be difficult to harden and manage for the cadets. This year, we used Postfix and Dovecot on FreeBSD. This shift not only allowed us to use FreeBSD, which we’re comfortable with, but Postfix and Dovecot are well documented and proved easier to implement.”

The “enemy” attacks were more sophisticated than in previous years, Adams reported. “We saw more embedded malware on the notional workstations we received from NSA. Additionally, the NSA used a lot of automated attacks from tools like Nikto and Metasploit.”

Adams chalks up his team’s success to “preparation and teamwork.”

If only the entire U.S. cyber-defense community were so effective.

(Photo: Army)

This entry was posted in Cyberwarfare, David Axe, English.

8 Responses to U.S. Army Cadets Victorious in Cyber-Defense War Game

  1. Pingback: War Is Boring

  2. Pingback: Offiziere ch U S Army Cadets Victorious in Cyber Defense War Game | Uniform Stores

  3. MMA Shirts says:

    Cyber Defense war game? i think its just like we saw in the movie: War Games: Dead Code isn’t it? in the movie they were just playing game but that was for real.

  4. China represents one of the biggest electronic threats to U.S. interests,…

    I couldnt agree more here since my hosting account was hacked buy some chinese ass…who injected some kind of virus! Securing networks will be one of the biggest challenges not only for sysops but for all of us!

  5. The focus will certainly shift on such cyber “warfare” even more in the future. Our whole economy is based on this, so it makes a lot of sense.
    G.

  6. polo says:

    Thank for your post.

  7. phil says:

    I’m looking to get a multivitamin. I am desiring to have a liquid vitamin. Is there a very good item or much better location to purchase them from. Any support will be greatly appreciated.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment Spam Protection by WP-SpamFree