Slashdot Mirror

← Back to Stories (view on slashdot.org)

Details of Cyber Storm War Games Released

Posted by Soulskill on from the defending-against-gravitic-mines dept.

I Don't Believe in Imaginary Property writes "Apparently, the participants in the U.S. 'Cyber Storm' war games are familiar with the Kobayashi Maru, because some of them tried to cheat by hacking the games themselves. They also prepare for some very interesting scenarios. Among other things, the organizers are worried about having too many people on the 'No Fly' list show up at an airport, finding 'mystery liquids' in the subway, and having bloggers reveal the classified location of railcars with hazardous materials. The Department of Homeland Security has already analyzed the results of the games, and plans to hold 'Cyber Storm 2' in March."

14 of 96 comments (clear)

  1. Does anyone by kcbanner · · Score: 3, Interesting

    Have any details on how these "games" are actually run? I'm interested in how they simulate everything...is it just a mock control room with a game server hooked up to everything instead of the real world, or do they actually use real world utilities and networks to do this? I read the article but it was more newspaper-speak than technical details.

    --
    Obligatory blog plug: http://www.caseybanner.ca/
    1. Re:Does anyone by FleaPlus · · Score: 4, Informative

      Here's a link to the actual report:

      http://www.dhs.gov/xnews/releases/pr_1158340980371.shtm
      http://www.dhs.gov/xlibrary/assets/prep_cyberstormreport_sep06.pdf

      From the report, it looks like everything was simulated.

    2. Re:Does anyone by bleh-of-the-huns · · Score: 3, Informative

      I was involved in the last CyberStorm exercise. It is almost all simulated. Essentially the members from all the critical goverment entities meet (last time it was at a DHS facility, not sure where this one was held) at a designated location (google NCRCG).... A control center (the non player control center) throws scenarios out, they start innocent, and the members respond, sometimes reaching back to their respective security personnel or organizations (those in the meeting room are usually federal employees in the decision making process, high level feds). Sometimes they intercommunicate with the other gov orgs as well. From there the scenarios, which are all interlinked, get progressively more serious. The last few days of the exercise are table tops that show what went wrong, and how things turned out.

      Beyond that, I cannot explain anymore.

      --
      I came, I conquered, I coredumped
  2. Good Gravy by AbsoluteXyro · · Score: 4, Funny

    Does anyone else feel like a huge nerd for knowing what the Kobayashi Maru is?

    1. Re:Good Gravy by Chandon+Seldon · · Score: 4, Insightful

      No. Recognizing fictional references is an example of "cultural literacy". When the reference is a popular TV show, it's more like "basic cultural literacy".

      --
      -- The act of censorship is always worse than whatever is being censored. Always.
  3. Mystery liquids by Dachannien · · Score: 4, Funny

    People find mystery liquids on the subway all the time. It's called "urine".

  4. Hacking the game is cheating? by Shadow+Labs · · Score: 5, Interesting

    I find it interesting that they call hacking the game itself "cheating."

    Reminds me of when I was in college and us CS people used to get together and play a computerized version of capture the flag. The premise of the game was simple enough -- players were divided into 4 teams of 2-3 people each, and each team got a machine that came pre-loaded with an older unpatched version of Linux that had well known and published security vulnerabilities (something like Red Hat 7.3). Each machine had 4 services running on it -- typically SSH, Bind, Apache, and telnet (yeah...*sigh*). Each of those services came configured to return a certain string (the so-called flag) when queried by a master scoring server that ran a fairly simple Python script. The script ran once every minute and then displayed up to date team scores on a video projector. The rules of the game stated that we could not patch the machine or use IPtables to lock down the machine. Anything else was fair game. The machines and the scoring server were all networked together on small private network, and each team was given one additional network drop to do with as they pleased.

    Anyway, one night we got together to play CTF and there were only enough people for 3 teams of two. Since that doesn't make for such an interesting game, one of our professors who was just supposed to be observing decided to join in and be on his own team. As soon as the game started, everyone went to work furiously trying to defend their boxen and then the real fun -- the attacking -- began.

    We were all quite surprised when the first round of results came in and our professor hadn't had anyone hijack his machine. He also evidently hadn't attacked anyone else. The night went on and each of the student teams went back and forth, attacking and defending, but our professor stayed the same -- he neither had anyone successfully compromise his box, nor successfully compromised anyone elses.

    The last few minutes of the game saw my team dead last, our professor in third place, and two other teams above us. 5 seconds from the end, our professor's score suddenly increased to an ungodly high (and according to the rules unattainable) score, with the rest of our scores getting set to zero. As the clock ticked down and the game came to an end, we were befuddled as to what happened.

    Suddenly it dawned on us -- our professor had spent the entire time hacking the scoring server (which was supposed to have been an up to date, secure Linux install) and replacing the Python scoring script with one of his own, all to his advantage. At some point during the game, he had actually replaced the running script with his own, without any of us ever noticing. We were all in awe and amazement at his creativity -- the idea to do such a thing had not even occurred to any of us. We learned several valuable lessons that night, one of which was that the mind of a creative attacker may not be confined solely within the nice little security box that you place it in. That, and never mess with your professors!

    --

    echo $SIG
    1. Re:Hacking the game is cheating? by Tomy · · Score: 3, Insightful

      I've always believed the biggest obstacle to any creative endeavor in general is Functional Fixedness, the bias that limits us to sort of only playing by the rules. I was at a party once and my psychology professor demonstrated it for me with a challenge to everyone at the party that he could drink wine from one of the unopened bottles of wine on the table without damaging the glass or cork in any way. Once everyone had given up guessing how he would do it, he turned the unopened bottle upside down, and poured wine from an opened bottle into the depression in the bottom of the unopened bottle and drank it. Our cognitive bias kept us from thinking outside the box, or bottle as it may be.

    2. Re:Hacking the game is cheating? by glwtta · · Score: 3, Insightful

      Well, the point of war games is to simulate real-life scenarios, so cheating is not constructive, no matter how clever it is.

      --
      sic transit gloria mundi
    3. Re:Hacking the game is cheating? by darkmeridian · · Score: 4, Interesting

      That's a very naive view of the world. The real world is unexpectedly complicated and there's lot of room for thinking outside the box. For example, in a U.S. war game, the American forces supposedly had the benefit of a jamming operation that prevented the enemy from communicating at all. The OpFor leader in charge of attacking the American forces used clarion calls from mosques and civilian motorcycle messengers to communicate despite the hypothetical jamming operation. The observers disallowed his communication saying it was outside the rules.

      Well, in the real-world in Iraq, the insurgents are hiding behind civilians and mosques. An exercise that makes you reconsider the rules of the game is very important in the real world, where you have to expect the unexpected.

      --
      A NYC lawyer blogs. http://www.chuangblog.com/
  5. Frightning... by Lumpy · · Score: 4, Insightful

    I love how the Feds find uncensored and uncontrolled free press a "threat".

    Reading that article really opens eyes as to the real inside of our government. The founding fathesr have got to be spinning at 30-40 thousand RPM in their graves by now.

    --
    Do not look at laser with remaining good eye.
    1. Re:Frightning... by plover · · Score: 4, Insightful
      It looks like you're making a basic mistake. Don't confuse recognizing a "threat" with the outlawing of it.

      In the real world, almost anything could be a threat. Your child could knock a salad fork off the table, and it could land tines-up wedged into a crack in the floor, and you could then slip from your chair trying to pick it up, and put your eye out. By means of an implausible scenario, the fork has become a threat. But you don't address such a threat by outlawing salad forks, or all dining implements, or feeding your children only spoon food. Instead you analyze the risk of having salad forks on your dining room table, and realize it's silly to worry about such ridiculous scenarios.

      For a variant, consider placing steak knives on the table. Now, if your child were to knock one off it becomes somewhat more serious. Perhaps you mitigate the risk by sensibly not placing sharp knives within reach of your child; but you don't outlaw knives from the kitchen nor do you stop eating steak. You simply keep them out of your child's reach.

      Now move to a slightly more sinister threat or risk, that of a free press or possibly an extremist group publishing the location of every chlorine tanker in America. Could that be a threat to our security? Of course, it might even herald the initial coordination of a nationwide attack. But just like the above stories, you don't outlaw bloggers or their right to publish (nor can you.) Instead you look at potentially dangerous objects or information, you analyze the potential risks, and you find a way to mitigate them. Step 0 might sensibly be "don't publicly publish lists of hazardous tankers" except to those persons with a need to know. Step 1 might be to keep any such lists as small as possible -- the Seattle fire department doesn't need to have the schedule for the Atlanta chlorine train. Step 2 might be to publish a generic set of instructions, "How to safeguard chemical tankers". Step 3 might be a communications plan to the rail lines informing them of a security breach. And so on.

      Almost anything can be a threat. What defines an appropriate reaction is recognition of the risks, planning and mitigation strategies. Over the top reactions like saying "OMG they're trying to silence the press and Jefferson is rolling in his grave" are completely missing the point. Nowhere in TFA are they even suggesting they suppress the blogs; they're just recognizing a potential threat, and figuring out what plans (if any) they need to make.

      --
      John
  6. Re:This crap always amazes me by mwlewis · · Score: 4, Insightful

    So, to summarize your post:

    A successful exercise must consider every possible threat. They didn't think about every possible threat. It's not possible to think of every possible threat. An exercise that doesn't consider every possible threat doesn't help anything at all

    WTF?

    You obviously missed the whole point, which was really to work on the cooperation and communication. They weren't testing specific countermeasures, but stressing the people and the organizations involved to see what happens. Even if it weren't, being more prepared or knowledgeable about some threats is better than being knowledgeable than no threats.

    --
    JOIN US FOR PONG!
  7. Third option by TapeCutter · · Score: 4, Interesting

    What about China's reaction to unforseen disaster? Currently they are suffering a huge week long bizzard that has stranded millions of people who were travelling home for Chinese new year. At one station alone there were several hundered thousand people waiting several days for the trains to restart.

    People stuck in a blizzard is nothing new in China, what I found interesting was the government has made a rare official appology to the people for being unprepared for the magnitude of this particular storm. Politicians are turning up at train stations and adressing the massive crowds with bullhorns, appologising profusely while explaining that the trains can't run until the power lines are back up and the tracks are cleared.

    Some people were complaining, but the majority were spontaneously applauding and cheering the guy with the bullhorn.

    BTW: I realise that the news from China is tainted with propoganda and a poloitician with a blowhorn won't get the trains back any faster. However, since they have a million troops working on the clean up, have hailed 6 electrical workers who died trying to restore power as national heros, plus the afforementioned apology for something they could not realistically prevent, I think the applause is not entirely hollow.

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.