Less "boot camp", more "boot-up camp"
Systems administrator David Riebrandt"s first hint that intruders had hacked the military network came from telltale electronic footprints. From the logs--electronic records of the information passed on the network--it quickly became evident that a server with gate-keeping control over different parts of the system was getting downright chatty with a foreign computer via the Internet. "I didn"t know what the information meant," Riebrandt said. "I just knew that someone was talking to (the server). And it was talking back." Luckily he"ll get a chance to learn from his mistakes--without grave consequences. The attackers weren"t foreign-sponsored spies or hackers creeping through the Pentagon"s computer systems, but a Department of Defense "red team" attempting to poke holes in a mock military network run by students of the Naval Postgraduate School here.
Hardening the nation"s Internet defenses against cyberattack has been a goal long discussed in policy circles, but results have been slow in coming. The Clinton administration drafted the National Plan for Critical Infrastructure in 1999 and released it for public comment in 2000. Included in the plan were 10 steps that the government should take to defend important national infrastructure, including communications and the Internet, against attack.
Yet only in the past year have concrete steps been taken, including discussions of separate networks for intra-agency data, computer security scholarships in return for service, and budget increases. While not part of the National Plan, the Cyber-Defense Exercise does address one of the plan"s 10 steps: training more security professionals.
The four-day exercise, which ended Thursday, pitted so-called blue teams of students from six different military academies against professional military red teams. The red teams are made up of government employees from the National Security Agency and soldiers from the U.S. Air Force"s 92nd Information Warfare Aggressor Squadron and the Army"s Land Information Warfare Activity.