Risk
11/30/2011
04:11 PM
Connect Directly
RSS
E-Mail
50%
50%

U.S. Cyber Command Practices Defense In Mock Attack

300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.

>Slideshow: Next Generation Defense Technologies
Slideshow: Next Generation Defense Technologies
(click for larger image and for full slideshow)
The military command in charge of U.S. cyber-warfare activities has successfully completed its first major exercise in its mission to protect the Department of Defense (DOD) from cyber attacks.

The U.S. Cyber Command performed the exercise, called Cyber Flag, over a week's time at the Air Force Red Flag Facility at Nellis Air Force Base in Nevada, and through a virtual environment pulled in participants from other locations, according to a press statement.

The Cyber Command, part of the U.S. Strategic Command, went into action last September specifically to protect DOD networks and oversee federal cyber warfare activities. It's based in Ft. Meade, Md., and led by National Security Agency Director Gen. Keith Alexander.

Establishing the Cyber Command was one of the Obama administration's many efforts to shore up cyber security and protect U.S. military networks from cyber attacks as well as mitigate the effects of any.

[The commander of the nation's cyber-defense efforts makes Information Week's list of top government CIOs. See 50 Most Influential Government CIOs.]

Three hundred participated in the exercise to practice their cyber defense skills on a private virtual network in which participants were split into two sides that engaged in offensive and defensive cyber tactics, said Col. Rivers J. Johnson of the command's public affairs office.

He said there were two cyber teams--the "good guys" and the "bad guys"--and those on the opposing forces tried to infiltrate the Cyber Command's networks with malware and other forms of network intrusion.

"There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson said. "It was a great exercise."

Event participants held daily briefings on the day's events and assessed the performance of Cyber Command to defend against attacks.

Johnson said that although the Cyber Command was not always 100% successful in mitigating attacks, the majority of threats were quickly identified and deflected "in a timely manner."

Cyber Command chief Gen. Alexander agreed that the exercise showed that his command has developed effective cyber-security defense capabilities. In a press statement, he deemed the exercise a success, saying it "exceeded" his expectations and showed a team effort, with respective cyber commands from the Army, Navy, Air Force and Marines also participating.

"There was tremendous participation from the service components that included active, guard, reserve, civilian and contractors as well as from the combatant commands and DoD agencies," he said.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lbell284
50%
50%
lbell284,
User Rank: Apprentice
12/1/2011 | 11:46:52 PM
re: U.S. Cyber Command Practices Defense In Mock Attack
I want to know how many teenagers were on the "bad" side...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3621
Published: 2014-10-02
The catalog url replacement in Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

CVE-2014-6242
Published: 2014-10-02
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged usi...

CVE-2014-6414
Published: 2014-10-02
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors.

CVE-2014-6856
Published: 2014-10-02
The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6857
Published: 2014-10-02
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.