Retour aux nouvelles

25 février 2020 | International, Aérospatial, C4ISR, Sécurité

The largest cyber exercise you’ve never heard of

For years, the first time the Department of Defense's cyber forces faced high-end digital attacks was not in practice or in a classroom, but in actual operations.

For the cyber teams that focused on offense, a playbook developed from years of National Security Agency operations guided their work. But on the defensive side, standards and processes needed to be created from scratch meaning, in part, there was a lack of uniformity and little tradecraft to follow.

Because cyber leaders had focused on staffing, training opportunities for defensive cyber operators had been sparse.

To help solve that problem, the Department of Defense is expected to award a contract worth roughly $1 billion later this year for a global cyber training environment. But in the meantime, some units across the joint force have gone so far as to create their own small-scale training events and exercises to keep their forces' skill sets sharp.

Perhaps the best example of these efforts are the 567th Cyberspace Operations Group's “Hunt Event,” which has quickly grown to become one of the largest cyber exercises across the department. The bi-monthly exercise pits teams against each other in a competition for the coveted Goblet of Cyber trophy and bragging rights.

The group aims to better train defensive hunters, improve defensive tactics, techniques and procedures and develop defensive tradecraft.

“The point of this was that we didn't really have a good range space to play on that had an active and live adversary so we could, in theory, replay traffic and we could go in and generate some easy kill, low hanging fruit signatures for detection,” Capt. Reid Hottel, training flight commander at the 837th Cyber Operations Squadron, told Fifth Domain.

“If we are supposed to be the primary counter to advanced persistent threats, the way that we were training was not like how we were fighting.”

The exercises started roughly a year ago to teach operators how to hunt on networks. It's now evolved to where participants also work on leadership skills and build custom exploits on a large range with multiple stakeholders.

In addition to the Air Force CPTs — the defensive cyber teams each service provides to U.S. Cyber Command — members from the Air Force Office of Special Investigations and Mission Defense Teams, specialized defensive cyber teams that will protect critical Air Force missions and local installations, also take part. At the most recent exercise in January, a representative from NASA participated. Now, the exercises have become so popular Hottel said other services are interested in participating in the future. This includes a Marine Corps CPT at Scott Air Force Base.

Building better leaders and hunters

To be the best, cyber leaders recognized their teams would have to beat the best and that meant training against the world's most advanced cyber threats.

Some other forms of training — such as the popular capture the flag game, which involve teams trying to find “flags” such as files or scripts inside a network — are not always the most realistic form of training.

“When we were fighting, we're up against advanced adversaries. We're up against adversaries that are using tactics, techniques and procedures that are just above and beyond what simple little [scripts] ... we were using in the past,” Hottel said. “This hunt exercise allows us to do that, whereas in the past, particularly in other flag exercises, we are not training at the APT level. We [were] training at the script kiddie kind of level and here we're training at a much higher difficulty, which stretches and grows our operators into being true hunters.”

He added that the exercises are also helping develop tradecraft.

“That's one thing that nobody really teaches, there's no commercial course that you can go buy that teaches tradecraft, that teaches the military away, that teaches the way that we use to find the APT, which in theory, should be ever evolving because our adversary is as well,” Hottel said. “These exercises have been really eye-opening to provide tradecraft development, to become hunters, to understand what it means to be a cyber protection team.”

The exercise has evolved to include custom exploits, custom root kits, custom attacks and zero-day exploits within a real-world mission where in some cases hunters don't have any indictors of compromise that exist in the public domain. This means that there is no public reporting available on the exploits or tactics the adversary is using.

Participants can hone their skills, by actively hunting on a network in order to find anomalies that could lead to trouble.

“As hunters,” he said, “we don't necessarily have singular methodology, we don't necessarily have a unique way that we can go about finding advanced threats mostly because we haven't really been training like that.”

The training is also helpful for new mission defense teams, which are just being officially resourced within the Air Force around local installations. By having those teams sit next to CPTs, who are using generally the same tools, they can learn about tradecraft and what to look for at the local level.

During the most recent exercise, officials said it was the first time they intentionally tried to trip up participants. Organizers created fake attack chains to see how the players scoped an investigation into a network and deducted points for the amount of time they wasted following that lead. This technique helps teach teams how to scope investigations without going down “rabbit holes,” and not adequately planning, Lt. Christopher Trusnik, chief of training at the 835th Cyberspace Operations Squadron, told Fifth Domain.

Beyond the technical hunting, this approach helped team leader to flex leadership muscles.

“It was more of teaching that leadership technique of you plan for this, how do you investigate quickly and how do you triage your investigation,” Trusnik, whose unit ran the January exercise, said.

Hottel explained that following this most recent event, teams focused on leadership and organization.

At one point, someone on his team previously had been coached on what they needed to include such as specific indictors that might be valuable to their mission partners to understand. At this exercise, they included those indicators.

In another instance, one team member who had never run a hunt mission struggled at first. Hottel stepped in and with just a little guidance, the leader became more disciplined and was able to find things much better in the last three days.

Benefits of cyberspace in training

Training in cyberspace has benefits that other domains don't offer.

For one, forces don't need a dedicated battlespace such as the Army's National Training Center or the range used at Nellis Air Force Base for the Air Force's Red Flag. With cyber, a custom range can be built and forces from all across the world can come in and participate.

The range used for the hunt exercises stays up weeks after the formal event so individuals or teams can try their hand, though they obviously won't be eligible for the Goblet of Cyber trophy.

All of this could change with the Persistent Cyber Training Environment (PCTE). PCTE is a major program being run by the Army on behalf of Cyber Command and the joint force to provide a web-based cyber training environment where cyber warriors can remotely plug in around the world and conduct individual training, collective team training or even mission rehearsal — all of which does not exist on a large scale currently.

Hottel said that his forces haven't been limited thus far without PCTE. Though, once the platform is online, they can upload the range they used for a competition and it can be accessed by anyone across the joint cyber mission force.

Testing new concepts

But in the meantime, smaller, unit level exercises like those run by the 567th allow forces to test concepts and learn from others. Unlike larger exercises that have requirements and stated objectives, smaller exercises can serve as a proving ground for staying sharp and pushing the envelope. This allows local units more control over what their personnel do but can also allow teams to test new concepts in a relatively risk-free environment.

“Let's say that a national [cyber protection] team wants to test out ... whatever they're currently using because they feel like it would provide them an advantage so they want to test out something,” Hottel said. “We can throw that on the range as well and they can utilize an entirely defensive tool set. We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters.”

Hottel also said that personnel playing on the archived range can bring new ideas, which can then be tested during the next exercise. In some cases, they may come up with an idea on their own and bring it to the next exercise to see if it actually works.

Ultimately, the event is designed to create better cyber warriors.

“We're not trying to make people tool experts, we're trying to make them tradecraft, defensive hunters,” Hottel said.

https://www.fifthdomain.com/dod/air-force/2020/02/21/the-largest-cyber-exercise-youve-never-heard-of/

Sur le même sujet

  • With its new space centre, NATO seeks the ultimate high ground

    27 octobre 2020 | International, C4ISR

    With its new space centre, NATO seeks the ultimate high ground

    Murray Brewster It's not the Space Force you may have heard about. Still, NATO's newly announced space centre boldly takes the seven-decade-old institution where no international military alliance has gone before. Most of its leading members and adversaries have sought individual advantage in the final frontier over the decades. And while the European Space Agency is a collective body, its civilian mission and its politics are inarguably different from those of NATO. That difference was on display this week as NATO defence ministers, meeting online, put the final pieces in place for the new centre, which has been in the works for a couple of years. "The space environment has fundamentally changed in the last decade," said NATO Secretary-General Jens Stoltenberg. "Some nations, including Russia and China, are developing anti-satellite systems that could blind, disable or shoot down satellites and create dangerous debris in orbit." NATO "must increase our understanding of the challenges in space," he said. Unlike U.S. President Donald Trump's much-hyped plan to make the Space Force a separate branch of the U.S. military, the North Atlantic alliance has been careful to present its space centre not as a "war fighting" arm but as something purely defensive. A 1967 international treaty commits 110 countries, including the United States and Canada, to limiting their use of space to "peaceful purposes" alone and prohibits the basing of weapons of mass destruction (nuclear bombs, for instance) in orbit. It further prohibits the militarization of the moon and other celestial bodies. Stoltenberg has insisted that alliance activities will be in line with international law. The rising threat of war in space That's an important point for Paul Meyer, adjunct professor of international studies in international security at Simon Fraser University in B.C. He warned in a recent policy paper for the Canadian Global Affairs Institute that the "prospects for armed conflict in space appear more likely than they have been since the days of the Cold War." Meyer said world leaders should think hard about what role — if any — arms control could play in avoiding a war in space. "Diplomatic solutions are not being pursued, despite the fact that irresponsible state conduct in space can ruin it for everyone," he said Friday. NATO has no satellites or space infrastructure of its own — but many member nations do and Stoltenberg said the alliance will draw on their expertise in setting up the new centre. Almost all modern militaries rely on satellites. In any major conflict between NATO and either Russia or China, the orbital communication and navigation grid would be the first piece of infrastructure to be hit. Not only does NATO need satellites for surveillance, reconnaissance and communications, an increasing number of military operations are being targeted from space. A good example is the 2003 U.S. invasion of Iraq, during which 68 per cent of airstrikes employed smart bombs guided by lasers and satellites. Those "eyes in the sky" are also important for defence against ballistic missiles and (naturally) weather forecasting. Diplomacy and deterrence Dan Coats, the former U.S. director of national intelligence, warned Congress almost two years ago that China and Russia have trained and equipped their military space forces with new anti-satellite weapons. Those warnings have not been limited to the Trump administration. In the spring of 2019, Norway accused Russia of "harassing" communications systems and jamming Norwegian Armed Forces GPS signals. Last spring, the NATO space centre reported that Moscow had test-fired a satellite-killing missile. Frank Rose, a senior fellow at the Brookings Institution, said in a recent online policy analysis that outer space will need to be "mainstreamed" within NATO when it comes to planning and operations. He also argued that the alliance will need to find a way to "incorporate diplomacy into any eventual strategy." Meyer agreed and noted in his October 2020 policy paper that Canada is largely absent from any meaningful debate on the militarization of space. The Global Affairs website, he said, contains outdated material, is full of banal, non-specific references and is largely devoid of Canadian content. "Pity the Canadian citizen who wishes to understand where our country stands on this troubling issue of outer space security," Meyer wrote. It's not clear what sort of contribution Canada might make to the new NATO space centre. In a statement, Defence Minister Harjit Sajjan said it's important for Canada's allies to develop a strategy that "ensures a peaceful use of space while protecting ourselves. "Canada has been a leading voice in NATO about the importance of space for the Alliance and we remain committed to working with our Allies and partners to prevent space from becoming an arena of conflict." https://www.cbc.ca/news/politics/nato-space-command-space-militarization-stoltenberg-1.5775269

  • Brunei orders six H145M helicopters from Airbus

    7 mai 2024 | International, Aérospatial

    Brunei orders six H145M helicopters from Airbus

    The order follows a 2011 acquisition for 12 Sikorsky-made S-70i Black Hawk helicopters.

  • Senop to supply night vision devices to the Finnish Defence Forces

    14 octobre 2020 | International, Aérospatial, Naval, Terrestre, C4ISR

    Senop to supply night vision devices to the Finnish Defence Forces

    Patria Group October 13, 2020 - The Finnish Defence Forces will improve its night fighting capability by procuring new image intensifiers for soldiers and hand-held multipurpose observation and surveillance systems for mortar units. Antti Kaikkonen, the Minister of Defence of Finland, has authorized the Finnish Defence Forces Logistics Command to sign a contract with Senop Oy for the procurement of night vision devices. The procurement is based on a Letter of Intent signed on 22 May 2019 and Senop will deliver the systems by the end of 2021. The contract, with a total value of more than 13 million euros, includes a 209 million euro option for the next five years. The option includes image intensifiers, observation and surveillance systems and laser aiming devices. Senop´s new NVG is a small and lightweight night vision device (FDF: Night vision device M20), designed as a soldier's personal night vision device to be used in demanding military environments. NVG utilizes latest aspheric and composite technologies, which enable high performance and low over all system weight. Senop´s laser aiming devices (FDF: Tactical laser aiming device M20 and Soldier´s laser aiming device) are developed to be used as a soldier´s weapon sight and as a target designator for troop leaders. Laser aiming devices are designed for seamless integration with FDF´s existing weapons and are also usable in other weapons / systems. Senop LILLY target acquisition device (FDF: Target acquisition device MPL21) is an extremely light weight device with versatile functions for target acquisition, observation and different types of measuring applications. LILLY is based on high performance thermal imaging, combined with direct view optical channel. This combination enables high performance at all times of day. New image intensifier, laser aiming devices and Senop LILLY sensor have been developed in close cooperation with the Finnish army. “The development work has also required intensive field tests and environmental tests to ensure that the devices are easy to use and stand the strain of hard military operations. I can proudly say that Image intensifier, laser aiming devices and LILLY-sensor have been developed for infantry soldiers with the guidance of real end users”, says Aki Korhonen, Managing Director of Senop. Effective night fighting capability requires overarching capabilities. Senop is developing holistic solutions for networked military environments. Senop has for example delivered Senop VV3X night sights, VVLite night vision devices, and LISA target acquisition systems (FDF: MPL15) for the Finnish Army. All these devices support the capability to fight during the night and in difficult weather conditions. In addition, these systems are networked to modern C2I -systems to support situational awareness. “Our mission is to help customers to build new capabilities by tailoring solutions according to their specific needs and requirements. Our priority customers are armies and soldiers. Our development work with the Finnish Army has shown the agility of our company to support the customers”, Aki Korhonen points out. The development of the Image Intensifier and laser aiming devices was finalised from concept to qualified product within one year. Senop´s Defence&Security portfolio consists of high-performance image intensifiers, night sights, intelligent thermal weapon sights, handheld target acquisition and observation systems, vehicle camera systems, hyperspectral cameras, and multipurpose container-based system platform solutions. https://www.epicos.com/article/635461/senop-supply-night-vision-devices-finnish-defence-forces

Toutes les nouvelles