Cadets learn art of cyberwarfare

[Bombardier]

The mission: to secure an entire computer network for the United States and its allies against a vague enemy force.

Hostile agents aim to wreak havoc on military plans, sabotaging databases, computer terminals and communications.

But the cyberwarriors planning a best defense aren't analysts hunkered down at the Pentagon. They are cadets at West Point competing against military academies and other schools in a four-day cyberdefense exercise this week.

And the "enemy" isn't al-Qaida or Iraqi insurgents. It's a team led by none other than the National Security Agency.

Cyberwarfare, a subset of classic information war that goes back as far as ancient Chinese military strategist Sun Tzu, has pushed its way into U.S. military curricula as the Internet has become pervasive.

"Anything hooked up to the Internet is vulnerable," said Emmanuel Eleyae, 22, a senior Army cadet from Chino, Calif., who is taking part in the war game.

"I'm not really scared. I'm looking forward to the best exploits that the NSA can throw at us,'' said Eleyae, who, after graduating in May, is shipping out to officer training school, then off to a position with a U.S. armored unit in South Korea.

Armchair information warfare theorists can check their attitudes at the door, event organizers say. The threats are more pedestrian, virtually speaking, the sort that many corporate network administrators must contend with every day.

But in war, a cyberattack can leave armies fighting blind.

Participants huddled around computers in this olive-green, camouflage-shrouded training room aren't too concerned with science fiction apocalypse scenarios. The cadets rely on widely available network defenses based on Linux software, the same automated tools in the arsenal of any company network manager.

The NSA team, known as the "Red Cell," launches attacks on selected networks at the Air Force, Army, Coast Guard, Merchant Marine and Navy academies from an operations center somewhere in Maryland. The computer scenario plays out virtually inside the cadets' computers.

Going on the offensive, or using so-called hackback techniques, is against competition rules. Also out-of-bounds are forms of sabotage in which computers can be turned into zombies and used to attack opponent machines with millions of data messages, shutting down communication.

"This exercise is solely concerned with defending networks, not attacking them,'' said Maj. Ron Dodge, coach of the Army's 32-member team and a professor at the U.S. Military Academy at West Point.

Security consultant Michael Erbschloe of Alexandria, Va., says the focus on vulnerability detection is the basis of all effective cyberdefense. He estimates 99 percent of attacks exploit a few dozen known network weaknesses.

"If you keep out 99 percent of those attacks, it's easier to guard against the 1 percent that make up the real threats to networks,'' said Erbschloe, author of "Information Warfare: How to Survive Cyber Attacks."

The rules this year are designed to make the competition simulate more of a 24-hour operation, despite the reality that "Taps" still sounds at 2330 hours (11:30 p.m.), and cadets are required to be in bed with lights out by then. Overnight, the enemy can prey upon any network vulnerabilities with impunity.

Army lost last year not because of a successful outside attack but from a self-inflicted wound in which an authorized network user accidentally knocked out service for several hours, costing precious points that helped Air Force prevail.

Army cadets won the exercise during its first two years.

http://news.com.com/2100-7355-5197492.html?tag=cd.top

[DudeAsInCool]

For a moment I was worried. Thank god I have a Mac