Slashdot Mirror

← Back to Stories (view on slashdot.org)

DOD Kicks Up Cybersecurity Efforts

Posted by michael on from the wargames dept.

codingOgre writes "The US Army will try to secure an entire computer network against a team led by the NSA. They are cadets at West Point competing against military academies and other schools in a four-day Cyber Defense Exercise this week. I would have to think that this would be a lot of fun! I would like to see what the NSA and friends could throw at my network, although one would think they wouldn't reveal all their cards...like the backdoor into any Windows box :)" In a related story, jkinney3 writes: "The feds are wising up to the needs for a verifiable, secure code base for all of the DOD stuff, according to Government Computing News. A proposed solution 'would create a single executive organization responsible for software integrity and information assurance.' Joe Jarzombek, deputy director for software assurance in DOD's Information Assurance Directorate, said 'DOD possesses so many millions of lines of code in countless thousands of packages, that it would take years of effort and millions of dollars just to identify what was developed where.' I'm envisioning a lot of Bugzilla installations."

14 of 178 comments (clear)

  1. Sounds good to me by shadowkoder · · Score: 3, Insightful

    I hope this is a path the military will continue to follow. Security is vital when you come to rely heavily on intelligence. Lets just hope the dont stop here and take this as a serious effort.

  2. duh by Anonymous Coward · · Score: 1, Insightful

    Firewall it with OpenBSD, use pf's packet cleansing option. Ta-Da!

  3. Re:So this is what our tax dollars go to... by be951 · · Score: 2, Insightful

    Compromised information systems are a real danger. Especially in the military where good vs. bad information can mean the difference between bombing an enemy position, or the Chinese embassy.

  4. Kudos by DoubleD · · Score: 3, Insightful

    It is good to see the issue of computer security intelligently approached.

    It is much better to harness the natural competitiveness and curiosity of your geeks than to suppress it by any means possible and depend on security by obscurity.

    --
    "He is no fool who gives what he cannot keep in order to gain what he cannot lose."
  5. You may consider that funny... by Kjella · · Score: 2, Insightful

    ...but I'm sure the NSA will try to hijack the EM transmissions at the endpoints. Of course, the military is quite aware of that, but your average computer installation probably wouldn't be safe simply by disconnecting the network...

    Kjella

    --
    Live today, because you never know what tomorrow brings
    1. Re:You may consider that funny... by Anonymous Coward · · Score: 1, Insightful

      What if the NSA really isnt that great at hacking?

      I mean I'm sure they are competent. But I bet they use mostly public tools and methods.

      Security research is a pretty accessible field and there are many security researchers both public and underground. The chance that a small group of NSA people have discovered some super elite technique of hacking while the rest of the entire world is in the dark seems slim to me.

    2. Re:You may consider that funny... by Mr+Guy · · Score: 2, Insightful

      Maybe, but I hope they scan the rooms for bugs very very carefully and check their cords for keystroke loggers and other forms of EM taps.

      Why hack it when you can walk in the front door using the password you picked up from a video above the keyboard?

      --
      Never confuse volume with power.
  6. Useless exercises by eyeball · · Score: 5, Insightful

    Unfortunately exercises like this show how our conventional approach to warfare (cyber- or human-) is doomed in the world of increasing unconventional war tactics.

    With a network or a piece of land, actively defending against a known enemy in a known timeframe is fairly easy. You know the rules for engagement, you can easily account for all the possible outcomes.

    Putting processes in place to defend against undeterminable attackers in an indefinite timeframe approaches the impossible. In a network, all it takes for hostile code to infiltrate is one human error (i.e.: a race condition when a firewall ACL changes). Same with terrorism: all it takes is a few people with flight training and box-cutters to do some serious damage. There are no rules of engagement.

    Put another way, conventional warfare (again, cyber- or human-) is like a chess tournament. Predictable rules. For the unconventional, imagine someone winning a chess tournament by pulling out a gun and shooting the opposing player.

    --

    _______
    2B1ASK1
    1. Re:Useless exercises by nomadicGeek · · Score: 3, Insightful

      So what do you do? Give up because it is too hard?

      You act like conventional warfare is always straightforward. Everyone just lines up and fights a certain way between certain hours. Deception, misdirection, and the element of surprise have always been major factors in warfare. Nothing has changed. Warriors have always had to adjust to new techniques and technologies.

      I agree with you that it is impossible to account for all possibilities. I'm sure that the first guy to be shot with a firearm was pretty surprised as his suit of armor was pierced by the bullet. The test of a warrior is how quickly you can adapt. Once you see your people fall with holes in the armor, you better be able to come up with a new strategy for protecting yourself. These types of games can help to tune those skills.

      These types of war games are a good way to assess preparedness, test your defenses, and learn from mistakes. You have to practice and constantly test yourself to become and stay good.

      Besides, whos says that you just have to sit around on the defensive. The rules didn't change, we just didn't realize that there was a war on before 9/11. You can also go after the attackers and make sure that they have little time to plan because they are doing everything they can just to stay alive.

  7. Re:Hackers vs. Crackers by /dev/trash · · Score: 2, Insightful

    That fight needed to to be fought 7 years ago. It's too late now.

  8. Social or just technical? by Johnny+Mnemonic · · Score: 3, Insightful

    Does anyone happen to know if social engineering is allowed, or is this just a technical attack?

    I would wager than any social engineering would a) be more likely to succeed, and b) be also more likely to occur in the real world. But it's less quantifiable too.

    --

    --
    $tar -xvf .sig.tar
  9. Re:So this is what our tax dollars go to... by rjune · · Score: 5, Insightful

    If I had moderator points, you would be at -1 right now instead of 0.

    This is the best way to learn security, by applying the "book learned" concepts to the real world. In fact, this is exactly what we did for the final project in the Computer Security course that I took as part of my MS in Computing program at Marquette.

    It also reinforced a very important concept -- people are the weakest link. We got the other group to send us passwords by faking an email in the instructor's name!

  10. Re:My prediction: A Chocolate Bar by amstrad · · Score: 2, Insightful
    so we'll see what they come up with.


    No... we won't. The NSA never hands out results of their findings (well maybe they will to Congress in a Special Hearing considering recent events).
  11. Re:Just remember... by Col.+Panic · · Score: 2, Insightful

    no, no. joshua is the password