04:11 PM

U.S. Cyber Command Practices Defense In Mock Attack

300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.

>Slideshow: Next Generation Defense Technologies
Slideshow: Next Generation Defense Technologies
(click for larger image and for full slideshow)
The military command in charge of U.S. cyber-warfare activities has successfully completed its first major exercise in its mission to protect the Department of Defense (DOD) from cyber attacks.

The U.S. Cyber Command performed the exercise, called Cyber Flag, over a week's time at the Air Force Red Flag Facility at Nellis Air Force Base in Nevada, and through a virtual environment pulled in participants from other locations, according to a press statement.

The Cyber Command, part of the U.S. Strategic Command, went into action last September specifically to protect DOD networks and oversee federal cyber warfare activities. It's based in Ft. Meade, Md., and led by National Security Agency Director Gen. Keith Alexander.

Establishing the Cyber Command was one of the Obama administration's many efforts to shore up cyber security and protect U.S. military networks from cyber attacks as well as mitigate the effects of any.

[The commander of the nation's cyber-defense efforts makes Information Week's list of top government CIOs. See 50 Most Influential Government CIOs.]

Three hundred participated in the exercise to practice their cyber defense skills on a private virtual network in which participants were split into two sides that engaged in offensive and defensive cyber tactics, said Col. Rivers J. Johnson of the command's public affairs office.

He said there were two cyber teams--the "good guys" and the "bad guys"--and those on the opposing forces tried to infiltrate the Cyber Command's networks with malware and other forms of network intrusion.

"There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson said. "It was a great exercise."

Event participants held daily briefings on the day's events and assessed the performance of Cyber Command to defend against attacks.

Johnson said that although the Cyber Command was not always 100% successful in mitigating attacks, the majority of threats were quickly identified and deflected "in a timely manner."

Cyber Command chief Gen. Alexander agreed that the exercise showed that his command has developed effective cyber-security defense capabilities. In a press statement, he deemed the exercise a success, saying it "exceeded" his expectations and showed a team effort, with respective cyber commands from the Army, Navy, Air Force and Marines also participating.

"There was tremendous participation from the service components that included active, guard, reserve, civilian and contractors as well as from the combatant commands and DoD agencies," he said.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/1/2011 | 11:46:52 PM
re: U.S. Cyber Command Practices Defense In Mock Attack
I want to know how many teenagers were on the "bad" side...
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.