Cadets, NSA engage in cyber wargames
By John Van Winkle, U.S. Air Force Academy Public Affairs
/ Published April 29, 2010
U.S. AIR FORCE ACADEMY, Colo. -- The National Security Agency tested service academy cadets in the realm of cyberwarfare during the 10th Annual NSA Cyber Defense Exercise here April 20-23.
The CDX is an annual cyber security exercise in which cadets from various military institutions design, build and defend computer networks against simulated intrusions by the NSA's Red Cell aggressor team.
This year's participants included teams from the five service academies, the Air Force Institute of Technology, the Naval Postgraduate School and the Royal Military College of Canada.
This computer security competition fosters education and awareness among future military leaders about the role of Information Assurance in protecting the nation's critical information systems, said NSA spokeswoman Lavena Watty. Service Academies are assessed on their ability to maintain network services while detecting and responding to network intrusions and compromises, most of which are initiated by NSA's Red Cell team. Cadets are graded on their ability to maintain an exchange server, chat server, web server and domain controller. They also must submit timely and accurate incident reports as they detect Red Cell activity.
The entire exercise was conducted on virtual private networks, providing a safe path for the exercise while preventing interference with real-world networks.
The U.S. Naval Academy won the service academy competition this year, breaking West Point's three-year championship streak. NSA judges would not disclose this year's scores except to say that they were very close. NSA does not disclose actual scores and rankings to the public, but they do provide a great deal of post-exercise feedback to the individual academies.
There were several changes to this year's cyberdefense exercise, including having each school design and build its own network to maintain and defend, instead of having the cadets start with a pre-made network. Those pre-made networks came loaded with requisite trojans and other malicious software. This year, cadets built their networks from the ground up.
The Department of Computer Science's cadet cyberwarfare team excelled at this part of the exercise, getting their network up and running faster than any of their competitors. Along with AFIT and the Naval Postgraduate School, USAFA's exercise network was online four days before the start of the exercise.
"Cyberwarfare is one of the most emergent and most rapidly changing of battlefields today," said Cadet 1st Class Parks Masters, commander of the Academy's CDX cadet team. "A lot of these cadets are going into cyber career fields, and they will actually be doing this for their job."
That challenge started early April 20 as NSA's Red Cell initiated numerous probes of the cadets' system. At the same time, several NSA staffers were at the Academy to play the role of the 'typical user' as the exercise's Grey Cell team. But the NSA's idea of a 'typical user' was one who uses a government computer in a reckless and haphazard manner. The Grey Cell instituted their own bit of controlled chaos by downloading files and programs blindly, and ventured into all the deep, dark recesses the Internet has to offer -- or at least, all of the deep, dark recesses the cadets' network would allow.
This led to the Academy's cadet team to identifying and eliminating malware that NSA's users had downloaded into the cadets' network. Malware is a broad term for a variety of software designed to infiltrate a computer system without the system owners' consent. While it was artificially and intentionally introduced into the cadets' networks, it offered another test of the real-world situations that network managers face around the world. For today's cyberwarfare cadets, it's also what they may face after graduation.
"We need to be practicing now and learn everything so we can to put up a good fight," Cadet Masters said.
The Academy's cyberdefense cadets kept their network up and running during the exercise, although some workstations were compromised by Grey Cell's users. Instructors, meanwhile, kept a hands-off approach during the exercise and served only as mentors.
"During the competition, no instructor is allowed to put their hands on the keyboard," said Capt. Mike Henson, a computer science instructor and lead instructor for the CDX. "Even leading up to that, we kept our hands off the keyboards."
"By letting them struggle, that's when you really let them learn something," he emphasized. "If you fix something for someone immediately, then they don't retain that knowledge as well as when you let them fight and struggle through that a little. It's only at the point after they've banged their heads against the wall for a few hours that we then we say, 'Maybe you need to look here.'"
Another change to the exercise's rules of engagement allowed NSA's Red Team to go 24/7 on their attacks. While the cyberdefense cadets had four full days to maintain and defend their networks, they still had to be back in their dorm rooms by 10 p.m. and stay there until released from night call to quarters while NSA continued to wreak havoc on their network. Each morning, the cadet cyberwarriors would start the day by assessing what activities and intrusions had happened overnight.
But the senior computer science cadets had help this year. After viewing the 2009 CDX, Captain Henson started USAFA's Cyber Warfare Club. This gave all cadets who were interested in all things cyber the opportunity to get hands-on experience with network security, setting up a network and working with attack and defense tools for the purposes of education, on virtual private networks. The Cyber Warfare Club augmented the cyberdefense cadets during the exercise. For the first time at the Academy, it wasn't just seniors enrolled in Computer Science 468 who were taking part in the exercise -- cadets from all four classes were busy maintaining and defending the Academy's exercise network.
The last day of the exercise put the cadets on the offensive against an NSA-built network. NSA has developed guidelines on how to secure and lock down a system, intended for use by other government users. To test their guidelines, NSA set up a separate virtual private network and let each of the academies try to map out that network and exploit it. This was an ungraded portion of the exercise.