Retour aux nouvelles

25 février 2020 | International, Aérospatial, C4ISR, Sécurité

The largest cyber exercise you’ve never heard of

For years, the first time the Department of Defense's cyber forces faced high-end digital attacks was not in practice or in a classroom, but in actual operations.

For the cyber teams that focused on offense, a playbook developed from years of National Security Agency operations guided their work. But on the defensive side, standards and processes needed to be created from scratch meaning, in part, there was a lack of uniformity and little tradecraft to follow.

Because cyber leaders had focused on staffing, training opportunities for defensive cyber operators had been sparse.

To help solve that problem, the Department of Defense is expected to award a contract worth roughly $1 billion later this year for a global cyber training environment. But in the meantime, some units across the joint force have gone so far as to create their own small-scale training events and exercises to keep their forces' skill sets sharp.

Perhaps the best example of these efforts are the 567th Cyberspace Operations Group's “Hunt Event,” which has quickly grown to become one of the largest cyber exercises across the department. The bi-monthly exercise pits teams against each other in a competition for the coveted Goblet of Cyber trophy and bragging rights.

The group aims to better train defensive hunters, improve defensive tactics, techniques and procedures and develop defensive tradecraft.

“The point of this was that we didn't really have a good range space to play on that had an active and live adversary so we could, in theory, replay traffic and we could go in and generate some easy kill, low hanging fruit signatures for detection,” Capt. Reid Hottel, training flight commander at the 837th Cyber Operations Squadron, told Fifth Domain.

“If we are supposed to be the primary counter to advanced persistent threats, the way that we were training was not like how we were fighting.”

The exercises started roughly a year ago to teach operators how to hunt on networks. It's now evolved to where participants also work on leadership skills and build custom exploits on a large range with multiple stakeholders.

In addition to the Air Force CPTs — the defensive cyber teams each service provides to U.S. Cyber Command — members from the Air Force Office of Special Investigations and Mission Defense Teams, specialized defensive cyber teams that will protect critical Air Force missions and local installations, also take part. At the most recent exercise in January, a representative from NASA participated. Now, the exercises have become so popular Hottel said other services are interested in participating in the future. This includes a Marine Corps CPT at Scott Air Force Base.

Building better leaders and hunters

To be the best, cyber leaders recognized their teams would have to beat the best and that meant training against the world's most advanced cyber threats.

Some other forms of training — such as the popular capture the flag game, which involve teams trying to find “flags” such as files or scripts inside a network — are not always the most realistic form of training.

“When we were fighting, we're up against advanced adversaries. We're up against adversaries that are using tactics, techniques and procedures that are just above and beyond what simple little [scripts] ... we were using in the past,” Hottel said. “This hunt exercise allows us to do that, whereas in the past, particularly in other flag exercises, we are not training at the APT level. We [were] training at the script kiddie kind of level and here we're training at a much higher difficulty, which stretches and grows our operators into being true hunters.”

He added that the exercises are also helping develop tradecraft.

“That's one thing that nobody really teaches, there's no commercial course that you can go buy that teaches tradecraft, that teaches the military away, that teaches the way that we use to find the APT, which in theory, should be ever evolving because our adversary is as well,” Hottel said. “These exercises have been really eye-opening to provide tradecraft development, to become hunters, to understand what it means to be a cyber protection team.”

The exercise has evolved to include custom exploits, custom root kits, custom attacks and zero-day exploits within a real-world mission where in some cases hunters don't have any indictors of compromise that exist in the public domain. This means that there is no public reporting available on the exploits or tactics the adversary is using.

Participants can hone their skills, by actively hunting on a network in order to find anomalies that could lead to trouble.

“As hunters,” he said, “we don't necessarily have singular methodology, we don't necessarily have a unique way that we can go about finding advanced threats mostly because we haven't really been training like that.”

The training is also helpful for new mission defense teams, which are just being officially resourced within the Air Force around local installations. By having those teams sit next to CPTs, who are using generally the same tools, they can learn about tradecraft and what to look for at the local level.

During the most recent exercise, officials said it was the first time they intentionally tried to trip up participants. Organizers created fake attack chains to see how the players scoped an investigation into a network and deducted points for the amount of time they wasted following that lead. This technique helps teach teams how to scope investigations without going down “rabbit holes,” and not adequately planning, Lt. Christopher Trusnik, chief of training at the 835th Cyberspace Operations Squadron, told Fifth Domain.

Beyond the technical hunting, this approach helped team leader to flex leadership muscles.

“It was more of teaching that leadership technique of you plan for this, how do you investigate quickly and how do you triage your investigation,” Trusnik, whose unit ran the January exercise, said.

Hottel explained that following this most recent event, teams focused on leadership and organization.

At one point, someone on his team previously had been coached on what they needed to include such as specific indictors that might be valuable to their mission partners to understand. At this exercise, they included those indicators.

In another instance, one team member who had never run a hunt mission struggled at first. Hottel stepped in and with just a little guidance, the leader became more disciplined and was able to find things much better in the last three days.

Benefits of cyberspace in training

Training in cyberspace has benefits that other domains don't offer.

For one, forces don't need a dedicated battlespace such as the Army's National Training Center or the range used at Nellis Air Force Base for the Air Force's Red Flag. With cyber, a custom range can be built and forces from all across the world can come in and participate.

The range used for the hunt exercises stays up weeks after the formal event so individuals or teams can try their hand, though they obviously won't be eligible for the Goblet of Cyber trophy.

All of this could change with the Persistent Cyber Training Environment (PCTE). PCTE is a major program being run by the Army on behalf of Cyber Command and the joint force to provide a web-based cyber training environment where cyber warriors can remotely plug in around the world and conduct individual training, collective team training or even mission rehearsal — all of which does not exist on a large scale currently.

Hottel said that his forces haven't been limited thus far without PCTE. Though, once the platform is online, they can upload the range they used for a competition and it can be accessed by anyone across the joint cyber mission force.

Testing new concepts

But in the meantime, smaller, unit level exercises like those run by the 567th allow forces to test concepts and learn from others. Unlike larger exercises that have requirements and stated objectives, smaller exercises can serve as a proving ground for staying sharp and pushing the envelope. This allows local units more control over what their personnel do but can also allow teams to test new concepts in a relatively risk-free environment.

“Let's say that a national [cyber protection] team wants to test out ... whatever they're currently using because they feel like it would provide them an advantage so they want to test out something,” Hottel said. “We can throw that on the range as well and they can utilize an entirely defensive tool set. We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters.”

Hottel also said that personnel playing on the archived range can bring new ideas, which can then be tested during the next exercise. In some cases, they may come up with an idea on their own and bring it to the next exercise to see if it actually works.

Ultimately, the event is designed to create better cyber warriors.

“We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters,” Hottel said.

https://www.fifthdomain.com/dod/air-force/2020/02/21/the-largest-cyber-exercise-youve-never-heard-of/

Sur le même sujet

  • Drones on Military Bases: Easy Aerial Competes to Create the Air Force “Base of the Future”

    8 septembre 2020 | International, Aérospatial

    Drones on Military Bases: Easy Aerial Competes to Create the Air Force “Base of the Future”

    Automated drone solutions have significant value in applications from surveillance to inspections of aircraft, buildings, and infrastructure. Drones on military bases have the same value – and drone startup Easy Aerial is competing to bring their tethered drone technology to the Air Force Base of the Future. AFWERX, the catalyst for fostering innovation within the U.S. Air Force, announced Easy Aerial as one of the top 92 participating teams selected from across the globe competing to build the Base of the Future Challenge. “The AFWERX Challenge is centered around six topics – Base Security, Installation Resilience, Leveraging Technology for Operational Effectiveness, Reverse Engineering, Culture of Innovation, and Airman and Family Wellbeing,” says an Easy Aerial press release. Easy Aerial is competing in the Leveraging Technology for Operational Effectiveness Challenge – a challenge to leverage artificial intelligence, additive manufacturing and machine learning to build an Air Force base “that becomes a leader in innovation.” The Base of the Future theme was inspired by Tyndall Air Force Base in Florida, which was destroyed in 2018 by Hurricane Michael. Congress has approved a $ 3 billion military construction rebuild program: the Base of the Future Challenge is based on the hope that Tyndall will be rebuilt as a model of innovation for military services around the world. Easy Aerial provides drone-based monitoring and inspection solutions designed and built in the U.S. Easy Aerial solutions “are fully autonomous, all-weather capable, portable, rugged, and specifically designed for military applications,” says the announcement. Among Easy Aerial's applications is an autonomous solution for rapid maintenance inspection of large aircraft. “The system features a tethered drone attached to a self-directing base station that moves around an aircraft capturing and securely storing high-resolution images and video from multiple angles. The system dramatically reduces the time needed for current routine and emergency maintenance inspections in large hangars with scaffolding erected around the aircraft.” “We are honored to be the only participant selected to compete in three of the six Air Force base of the future challenges,” said Ido Gur, Co-Founder, and CEO of Easy Aerial. “As we move into the next phase of the challenge, we look forward to further demonstrating the capabilities and advantages of our autonomous rapid maintenance inspection system of large aircraft.” “The AFWERX Base of the Future Challenge is critical to our mission of increasing collaboration between large businesses and entrepreneurs to accelerate solutions for the Air Force,” stated Mark Rowland of AFWERX. “On behalf of AFWERX and the Department of Defense, we congratulate the teams advancing to the next phase. Their contributions are invaluable and have the potential to create game-changing results across the Air Force enterprise.” Miriam McNabb is the Editor-in-Chief of DRONELIFE and CEO of JobForDrones, a professional drone services marketplace, and a fascinated observer of the emerging drone industry and the regulatory environment for drones. Miriam has penned over 3,000 articles focused on the commercial drone space and is an international speaker and recognized figure in the industry. Miriam has a degree from the University of Chicago and over 20 years of experience in high tech sales and marketing for new technologies. For drone industry consulting or writing, Email Miriam. https://dronescrunch.com/drones-on-military-bases-easy-aerial-competes-to-create-the-air-force-base-of-the-future/

  • White House sets ‘new direction’ in biodefense strategy

    19 septembre 2018 | International, Sécurité

    White House sets ‘new direction’ in biodefense strategy

    By: Robert Burns, The Associated Press WASHINGTON — The Trump administration on Tuesday released a new biodefense strategy that it said takes a more comprehensive approach to preparing the nation for deliberate biological attacks and natural outbreaks of infectious disease. The goal of the strategy, which was required by Congress, is to more effectively prevent, prepare for and respond to biological threats, which the document said are "among the most serious threats" facing the U.S. and the world. "Biological threats emanate from many sources, and they know no borders," Trump said in a written statement. "They have great potential to disrupt the economy, exact a toll on human life, and tear at the very fabric of society." Trump said his administration's plan takes a "new direction" with a more coordinated, centralized approach based on lessons learned from past incidents such as the West Africa Ebola epidemic of 2014. The Department of Health and Human Services is designated as the lead agency in coordinating federal biodefense actions and assessing whether the plan is working. A privately sponsored group that has studied biodefense issues since 2014 applauded the White House's strategy. The Blue Ribbon Study Panel on Biodefense has warned that the U.S. is dangerously vulnerable to a large-scale biological attack and has urged Washington to develop a more comprehensive strategy. "The White House made a great start with the implementation plan they included with the strategy," said Tom Ridge, the former Pennsylvania governor who is co-chairman of the Blue Ribbon Study Panel. "We look forward to the White House assigning responsibilities for each element of this plan to specific federal departments and agencies, and establishing timelines for their completion." At a White House briefing, John Bolton, the president's national security adviser, told reporters there is "no particular immediate threat" of biological attack. Alex Azar, the secretary of Health and Human Services, told reporters the threats are "very real and they're growing." He said the strategy is the first to include naturally occurring threats like the Ebola virus. Previous approaches focused on the threat of terrorists unleashing deadly germs or a nation such as North Korea launching a biological attack. https://www.federaltimes.com/management/2018/09/18/white-house-sets-new-direction-in-biodefense-strategy

  • Could a commercial drone replace the MQ-9 Reaper? The Air Force is considering it.

    9 avril 2020 | International, Aérospatial

    Could a commercial drone replace the MQ-9 Reaper? The Air Force is considering it.

    By: Valerie Insinna WASHINGTON — The Air Force is looking for a replacement to the stalwart MQ-9 Reaper and intends to explore options ranging from commercial drones built by emerging tech firms to high-end unmanned aircraft, the service's top acquisition official said Tuesday. Will Roper, the Air Force's assistant secretary for acquisition, technology and logistics, said the service is working on a study that will inform the fiscal 2022 budget and lay out a path for replacing the MQ-9 Reaper made by General Atomics. "The Reaper has been a great platform for us. Four million flight hours, just undeniable overmatch in a low-end uncontested fight, and it is certainly saving lives,” Roper told lawmakers at a House Armed Services Committee hearing. “But as we look to the high end fight, we just can't take them into the battlefield. They are easily shot down.” The MQ-9 Reaper and its precursor, the MQ-1 Predator, have been the Air Force's workhorse drones in the Middle East over the past two decades, providing both real-time video surveillance and the ability to strike targets. But looking forward, the Reaper is ill-suited to a war with Russia and China while at the same time seen by the Air Force as requiring too much money and manpower to sustain for continued operations in low-threat environments. There likely won't be a single, one-size fits all solution for replacing the MQ-9, Roper said. The Air Force may need drones that “are more high-end, military-unique” systems, and “they'll likely be expensive,” he acknowledged. There may also be room for unmanned attritable aircraft, which are reusable but are cheap enough that they can be shot down in battle without incurring massive financial losses. For lower-end missions, the Air Force sees promise in the emerging unmanned systems market, where new entrants have begun creating long-loiter drones for applications in agriculture, communications and the oil and gas sector. “A lot of companies are targeting that market, not thinking about defense because we've been buying Reapers forever,” Roper said, who added that by buying from promising commercial drone makers, Air Force may be able to influence those companies to keep their supply chains out of China and to incorporate military-specific features — potentially even weapons. “I think if we do the program right on the commercial side, we might be able to bring a new entrant into defense without making them a defense prime,” he said, adding that funding from the Air Force could help a commercial company move from making prototypes to building up a stable production line that could further be grown to manufacture drones on a more massive scale. “Working with the Defense Department, you don't need the kind of production capacity that the globe does. So, we're a pretty good first stop,” he said. However, the Air Force may face an uphill battle in getting Congress to support a plan to replace the Reaper. The service in its FY21 budget request has asked for 24 more MQ-9s before ending the programs of record — a move that would curtail the program from 363 to 337 Reapers. The early shutdown of the line would have major financial implications for General Atomics, said Chris Pehrson, the company's vice president of strategic development, in a February interview with Air Force Magazine. “We're actually going out about 22 months ahead of delivery and procuring the long-lead item parts, ... whether it's [satellite communication] equipment or engines ... to negotiate the best prices and get the best deals for the government,” Pehrson said. “Having the rug pulled out from under your feet at the last minute kind of disrupts all your supply chain investments that you're making.” Top generals in the Middle East and Africa have also raised concerns about the demands for intelligence, surveillance and reconnaissance and privately helped stave off retirements of the MQ-9 by the Air Force in FY21. In its unfunded wish list, U.S. Central Command included additional contractor-flown MQ-9 hours as its number one priority, at a cost of $238 million. https://www.defensenews.com/air/2020/03/12/could-a-commercial-drone-replace-the-mq-9-reaper-the-air-force-is-considering-it

Toutes les nouvelles