Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOD Kicks Up Cybersecurity Efforts

Posted by michael on from the wargames dept.

codingOgre writes "The US Army will try to secure an entire computer network against a team led by the NSA. They are cadets at West Point competing against military academies and other schools in a four-day Cyber Defense Exercise this week. I would have to think that this would be a lot of fun! I would like to see what the NSA and friends could throw at my network, although one would think they wouldn't reveal all their cards...like the backdoor into any Windows box :)" In a related story, jkinney3 writes: "The feds are wising up to the needs for a verifiable, secure code base for all of the DOD stuff, according to Government Computing News. A proposed solution 'would create a single executive organization responsible for software integrity and information assurance.' Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate, said 'DOD possesses so many millions of lines of code in countless thousands of packages, that it would take years of effort and millions of dollars just to identify what was developed where.' I'm envisioning a lot of Bugzilla installations."

9 of 178 comments (clear)

  1. Re:Also, it doesn't say which OS by dknight · · Score: 5, Informative

    For the most part, the army uses Windows boxes... Mostly Win2k and Windows XP. At least, they do in the command I work at.

    I am aware that there ARE various UNIX boxes scattered around, but Windows makes up the vast majority, for reasons that continue to elude me.

    -Damen

  2. Re:Also, it doesn't say which OS by OECD · · Score: 4, Informative

    Will the network have UNIX or Windows based OS's?

    Read the fine article--the Army team, at least, uses Linux

    Pretty amazing the /. story didn't trumpet that fact.

    --
    One man's -1 Flamebait is another man's +5 Funny.
  3. Re:hacker wargames by agentZ · · Score: 4, Informative

    Not quite. The Army cadets are not allowed to attack the NSA or the other military academies. It's strictly a defensive exercise.

  4. Re:Shocking by ssuppe · · Score: 5, Informative
    Army lost last year not because of a successful outside attack but from a self-inflicted wound in which an authorized network user accidentally knocked out service for several hours, costing precious points that helped Air Force prevail.

    Well, that's not exactly what happened. I was a member of the Air Force Academy's team. I don't want to give too much away because you never know who will be reading this, but the Air Force's Team didn't have a SINGLE break-in during the entire excercise. Even when we were ordered to take down our firewalls on the last day, all of our machines were locked down (even the requisite Windows Boxen) that there were no compromises. The Red Team wasn't even able to perform a 100% successful DOS attack

    The exercise was basically run like this. Every team was given more or less the same hardware/# of machines to use to defend their network. You were allowed to use any operating system you felt was necessary, although a certain number of Windows machines had to be on the network. Each team had to provide a variety of services, including local account, local mail for members of the red team, web servers, database services, mail, DNS and FTP. SFTP was not allowed, so you had to be creative in your security.

    Services were measured by downtime - a service could go down for a specific amount of time before points were taken away. The points were on a subjective scale based on amount of downtime, how you remedied it, etc.

    It should ALSO be noted that this is an exercise that resides purely in Academia - it's an exercise between a bunch of different service academies, which is NOT the same thing as the operational United States military

    All in all, it was an EXTREMELY exciting exercise, lots of attacks were thwarted, many cans of Mountain Dew were imbibed. We laughed a little, cried a little, heck we even learned a little.

  5. Revealing cards? by IWannaBeAnAC · · Score: 3, Informative
    I would have to think that this would be a lot of fun! I would like to see what the NSA and friends could throw at my network, although one would think they wouldn't reveal all their cards...

    Actually, I don't think it will be much fun at all, simply because I don't think there is any chance either side will reveal any cards. No doubt there will be some already published exploits and/or configuration gaffes that will be used. But I doubt anything new will come out of this.

  6. Re:Sounds good to me by Anonymous Coward · · Score: 1, Informative

    This "path" was set upon in 1993 when the NSA officially stood up the IW teams, in at least making them accessible to the DoD as an exercise and assessment tool. DoD networks have been regular vicitms for the last decade.

    Ultimately, the Red Teams are worth about 30 days of organizational leadership attention (depending on the visibility of the exercise), resulting in near-term actionable items that get little if any funding to help secure success. Its the ADHD nature of the entire DoD-- leadership changes more often than you change your underwear.

    This exercise is a great step to push burgeoning communications officers into a mindset that electronic security should be among the first considerations of any project they undertake after accepting their commission. All else aside, its a PR flap.

  7. Re:A single gov't entity responsible for infosec? by Anonymous Coward · · Score: 1, Informative

    I wonder how far modded up this troll will go.

    First, there's paranoid rambling, including government mandated software backdoors, +1.

    Second, there's the one-two buzzword combo (DMCA, Palladium), +1.

    Third, a pitiful lament about how it's all falling apart for us, +1.

    Fourth, there's a misquoted Jefferson. +1

    Fifth, more paranoid ramblings about the **AAs. +1

    Finally, we have a 'teh' and some poor grammar.

    This one deserves a +5, Informative by my estimates. Slashdot moderation being the fool-show it is.

  8. Re:Hackers vs. Crackers by saderax · · Score: 2, Informative

    I think the title hackers is appropriate unless the NSA is reverse engineering to determine the super secret l33t registration code to unlock the full features of the cadets system.

    AFAIK, hackers analyze systems for holes and find innovative ways to exploit them.
    (and then theres the skr1pt k1dd13s in a class of their own)

    Moral of the story: if your gonna freak out about naming conventions, make sure you're right first.

  9. This isn't really that new... by bingbong · · Score: 4, Informative


    This really isn't all that new. The U.S. Naval Postgraduate School has been
    sending their Infosec students to play Capture the Flag at Defcon for the last couple years as well as
    this year's Interz0ne conference. In
    fact, there was only one team (Anomaly - and they won ironically) that didn't
    have government personnel or contractors on their team.





    Also, Immunix, a DARPA funded hardened Linux version has also
    been put under fire during CTF for the last couple year. (Their team placed a
    solid second both times).





    The Feds have learned over the last couple years that they
    are behind the ball in terms of normal unclassified security training for their
    personnel. These conferences have been really good at given them some real
    world training that they normally don't get.





    It's nice to see my tax dollars being put to a good use for
    a change. Plus it makes the "Spot
    the Fed" game MUCH easier.



    --
    "Omnis tuus capsa sunt inesse nos"