Risk
11/30/2011
04:11 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

U.S. Cyber Command Practices Defense In Mock Attack

300 participants squared off in a good guys versus bad guys exercise, to test protecting DOD networks from cyber attack.

>Slideshow: Next Generation Defense Technologies
Slideshow: Next Generation Defense Technologies
(click for larger image and for full slideshow)
The military command in charge of U.S. cyber-warfare activities has successfully completed its first major exercise in its mission to protect the Department of Defense (DOD) from cyber attacks.

The U.S. Cyber Command performed the exercise, called Cyber Flag, over a week's time at the Air Force Red Flag Facility at Nellis Air Force Base in Nevada, and through a virtual environment pulled in participants from other locations, according to a press statement.

The Cyber Command, part of the U.S. Strategic Command, went into action last September specifically to protect DOD networks and oversee federal cyber warfare activities. It's based in Ft. Meade, Md., and led by National Security Agency Director Gen. Keith Alexander.

Establishing the Cyber Command was one of the Obama administration's many efforts to shore up cyber security and protect U.S. military networks from cyber attacks as well as mitigate the effects of any.

[The commander of the nation's cyber-defense efforts makes Information Week's list of top government CIOs. See 50 Most Influential Government CIOs.]

Three hundred participated in the exercise to practice their cyber defense skills on a private virtual network in which participants were split into two sides that engaged in offensive and defensive cyber tactics, said Col. Rivers J. Johnson of the command's public affairs office.

He said there were two cyber teams--the "good guys" and the "bad guys"--and those on the opposing forces tried to infiltrate the Cyber Command's networks with malware and other forms of network intrusion.

"There were a variety of scenarios based on what we think an adversary would do in real world events and real world time," Johnson said. "It was a great exercise."

Event participants held daily briefings on the day's events and assessed the performance of Cyber Command to defend against attacks.

Johnson said that although the Cyber Command was not always 100% successful in mitigating attacks, the majority of threats were quickly identified and deflected "in a timely manner."

Cyber Command chief Gen. Alexander agreed that the exercise showed that his command has developed effective cyber-security defense capabilities. In a press statement, he deemed the exercise a success, saying it "exceeded" his expectations and showed a team effort, with respective cyber commands from the Army, Navy, Air Force and Marines also participating.

"There was tremendous participation from the service components that included active, guard, reserve, civilian and contractors as well as from the combatant commands and DoD agencies," he said.

Our annual Federal Government IT Priorities Survey shows how agencies are managing the many mandates competing for their limited resources. Also in the new issue of InformationWeek Government: NASA veterans launch cloud startups, and U.S. Marshals Service completes tech revamp. Download the issue now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lbell284
50%
50%
lbell284,
User Rank: Apprentice
12/1/2011 | 11:46:52 PM
re: U.S. Cyber Command Practices Defense In Mock Attack
I want to know how many teenagers were on the "bad" side...
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6212
Published: 2014-04-19
Unspecified vulnerability in HP Database and Middleware Automation 10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote authenticated users to obtain sensitive information via unknown vectors.

CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2013-6215
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.

CVE-2013-6218
Published: 2014-04-19
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors.

Best of the Web