Cybersecurity: Beyond "Hack and Defend"
Written by Maria Dial
.jpg)
In recent months, concern about the vulnerability of U.S. defense programs and infrastructure to cyberattacks has reached new heights. National media have reported information security breaches concerning the Joint Strike Fighter program and the apparent mapping of the U.S. electrical grid by foreign entities gathering intelligence for a potential future attack.
These breaches into critical defense and infrastructure programs came to light as White House staff members were preparing recommendations to strengthen national cybersecurity policies.
For America’s warfighters, costs can be measured in terms of lives as well as dollars. The recent infiltrations suggest that commonly used “defense in depth” security models are not always sufficient to withstand rapidly evolving cyberthreats.
“The real and potential security gaps are the soft underbelly of government and military operations,” said Johnnie Hernandez, chief executive officer of EADS North America Defense Security and Systems Solutions. Known as DS3, the company is a subsidiary of EADS North America, a division of the world’s second-largest defense contractor.
Factors contributing to the dilemma, Hernandez said, include the federal government’s history of underfunding information assurance initiatives—a trend that industry watchers expect to change under President Obama, who has made cybersecurity a priority for his administration in the technology arena. Another is the rapidity of duty rotations for military personnel, which makes it hard for the services to keep experienced network administrators in key technology positions.
A third challenge comes from the often rapid evolution of cyberthreats. Breaches, once experienced as relatively obvious anomalies, are becoming more sophisticated. Some can linger in systems for days or weeks before being detected—if ever.
DS3 works on cybersecurity products, training and services that are designed to tackle that problem, however.
GETTING AHEAD OF THREATS
For the past 11 years, the company has led training programs to help federal and military experts get ahead of cyberthreats—work that eventually prompted the company to develop a suite of sophisticated network simulators, known as Cyberoperations Enhanced Network and Training Simulators, or CENTS.
The product line borrows the concept of flight simulators used to train pilots. Network and security administrators, training in a riskfree environment, are exposed to the crippling realities they could face in day-to-day operations.
The modules in the training courses using CENTS don’t feel like practice sessions, however. The courses are designed for administrators with at least five years of experience, and the simulators mimic actual communication networks, complete with servers, security appliances, switches, routers, applications and network traffic generation.
DS3’s proprietary software application, Sentinel Legion Autobuild Myrmidon-Reconstitution (SLAM-R), manages each scenario and even launches actual attacks—along with diversionary side activities— that mimic the toughest new threats emerging in cyberspace. The attacks must be detected, analyzed and blocked. The operational tempo is intense: more like computerized war games than typical training seminars.
“We are training people to do more than just knowing how to protect a network,” said Chet Ratcliffe, executive vice president and chief technology officer for DS3. “It’s all about knowing your network, thinking outside the box and using critical indicators to sense when something is wrong, so you can react quickly.
“Most companies throw a technical solution at the problem and then act surprised when their data is stolen,” Ratcliffe said. “Technology alone does not work. You must have a comprehensive program that includes well-defined policy and processes with persistent training, and exercise in a live-fire environment.”
The joint community knows that well. For the past six years, DS3 simulators and their engineers have been playing a key role in cyberexercises such as Bulwark Defender, Cyberstorm II, Global Lightning and Black Demon. During these exercises, which typically run for one to two weeks each year, military and federal personnel experience the newest, cutting-edge evolutions of cyber-attacks.
The CENTS system, which dovetails with DS3’s advanced cybernetwork defense training course, is designed to go beyond the more familiar “hack and defend” model, Hernandez said. Because the CENTS environment is easily base-lined and reconfigurable, it can be used to test and validate new hardware, software and configuration changes for an enterprise before purchases are made or products are deployed, helping to shave costs and safeguard the network’s integrity.
The CENTS line initially evolved from a contract with the Air Force Communications Agency. More than 2,000 operators from U.S. government agencies and DoD have been trained with DS3-designed simulators since 2003. ♦
