Risk
11/30/2011
04:11 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S. Cyber Command Practices Defense In Mock Attack

300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.

>Slideshow: Next Generation Defense Technologies
Slideshow: Next Generation Defense Technologies
(click for larger image and for full slideshow)
The military command in charge of U.S. cyber-warfare activities has successfully completed its first major exercise in its mission to protect the Department of Defense (DOD) from cyber attacks.

The U.S. Cyber Command performed the exercise, called Cyber Flag, over a week's time at the Air Force Red Flag Facility at Nellis Air Force Base in Nevada, and through a virtual environment pulled in participants from other locations, according to a press statement.

The Cyber Command, part of the U.S. Strategic Command, went into action last September specifically to protect DOD networks and oversee federal cyber warfare activities. It's based in Ft. Meade, Md., and led by National Security Agency Director Gen. Keith Alexander.

Establishing the Cyber Command was one of the Obama administration's many efforts to shore up cyber security and protect U.S. military networks from cyber attacks as well as mitigate the effects of any.

[The commander of the nation's cyber-defense efforts makes Information Week's list of top government CIOs. See 50 Most Influential Government CIOs.]

Three hundred participated in the exercise to practice their cyber defense skills on a private virtual network in which participants were split into two sides that engaged in offensive and defensive cyber tactics, said Col. Rivers J. Johnson of the command's public affairs office.

He said there were two cyber teams--the "good guys" and the "bad guys"--and those on the opposing forces tried to infiltrate the Cyber Command's networks with malware and other forms of network intrusion.

"There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson said. "It was a great exercise."

Event participants held daily briefings on the day's events and assessed the performance of Cyber Command to defend against attacks.

Johnson said that although the Cyber Command was not always 100% successful in mitigating attacks, the majority of threats were quickly identified and deflected "in a timely manner."

Cyber Command chief Gen. Alexander agreed that the exercise showed that his command has developed effective cyber-security defense capabilities. In a press statement, he deemed the exercise a success, saying it "exceeded" his expectations and showed a team effort, with respective cyber commands from the Army, Navy, Air Force and Marines also participating.

"There was tremendous participation from the service components that included active, guard, reserve, civilian and contractors as well as from the combatant commands and DoD agencies," he said.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lbell284
50%
50%
lbell284,
User Rank: Apprentice
12/1/2011 | 11:46:52 PM
re: U.S. Cyber Command Practices Defense In Mock Attack
I want to know how many teenagers were on the "bad" side...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0560
Published: 2014-09-17
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

CVE-2014-0561
Published: 2014-09-17
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567.

CVE-2014-0562
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

CVE-2014-0563
Published: 2014-09-17
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.

CVE-2014-0565
Published: 2014-09-17
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant