Cyber hawks help keep network safe
August 13, 2008
WIESBADEN, Germany - While Germany-based U.S. Soldiers fight terrorists in Iraq and Afghanistan, a team of cyber professionals from the 1st Information Operations Command, 2nd Battalion, out of Fort Belvoir, Va., is forward deployed to Funari Barracks in Mannheim to battle threats to the U.S. Army Europe network.
"The USAREUR network is under constant attack from people using phishing attempts to extract personal information from users and website redirects so the adversary can launch a malware attack against the network," said Michael Boyer, director of the Regional Computer Emergency Response Team-Europe.
Underscoring the need for all computer users to play a role in cyber security, Boyer said it is vital that users maintain the same situational awareness with their information systems as they do with their surroundings.
Never clicking on unfamiliar links embedded in email, deleting email without opening it from suspicious sources and recognizing the difference between digitally signed and encrypted and unsigned (or unsolicited) email is crucial.
Keeping antivirus software/patches updated, removing your CAC card and logging off when away from one's work station are equally important in helping prevent an adversary from compromising information systems and collecting personal information leading to identity theft or worse.
"By clicking on unknown or unrecognized links in an email, say for example Olympic Games since they will be kicking off soon, this link may lead to an adversary's site and download a keylogger on your computer without you knowing it. Or it could lead you to a site which collects personal information," Boyer said. This could open a door to a host of valuable information and possibly provide the adversary elevated privileges on your system or the network. "In essence he's infiltrated your system and the USAREUR network."
Members of the RCERT-E team work closely with three other organizations - the USAREUR Information Assurance Program Manager, 2nd Signal Brigade Europe's Theater Network Operations Security Center and 5th Signal's G-2 to quickly respond to any potential cyber threats. "We meet on a weekly basis to discuss what needs to be done to enhance the Computer Network Defense."
"It's not just one organization providing CND. We're not the only ones performing network defense; it is a joint effort between these organizations to provide USAREUR/7th Army with a viable Computer Network Defense," said Boyer.
"The RCERT-E consists of four cells," he said, explaining that these include the Current Operations, Systems, Threat, and Computer Network Operations Synchronization cells.
Current Operations monitors the network, providing signatures to capture and track thousands of daily attempts to infiltrate the network, and performs triage on all incidents while coordinating the response actions with external agencies such as law enforcement, the Criminal Investigation Division and the Computer Crime Investigative Unit."
The Systems Cell provides the data storage and querying structure necessary to analyze logs and network data coming in from over a dozen different sources. "The Threat Cell gathers information on the intrusion or malware used by the adversary and coordinates that analysis with the 5th Signal Command's G2 Cyber Threat Intelligence Cell to formulate a clear picture of the adversary's methods.
It then simulates those methods on the network to define mitigation and remediation techniques needed to reduce or eliminate the threat.
"The CNO Synchronization Cell is the operational epicenter of the RCERT; handling external communications, technical exchanges and reporting, providing USAREUR/7th Army leadership with a complete CND picture," Boyer said.
"At one time here in USAREUR RCERT-E only did Information Assurance," said Boyer. "We've evolved from those functions into a multifunctional computer network defense organization in direct support of 2nd Signal Brigade Europe's Theater Network Operations Security Center.
"Part of the new mission is Penetration Testing - simply put, our Threat Cell models, and simulates what the adversary is doing to our networks, and provides a mitigation strategy to negate the intrusion attempts.
"We also provide customer-assistance scans, and full vulnerability pre-scans looking for malicious software such as keyloggers and any other anomalies on personal work stations and servers.
"Once problems have been identified and brought to the attention of the individual information assurance staffs in local commands and garrisons, the RCERT-E team may be called on to do a follow-up remediation scan," he said.
"Every member of our team has the highest credentials for security and network defense," said Boyer, explaining that constant training keeps the cyber warriors up to speed on current threats. "And all of them have been working in the computer network defense environment for seven to 15 years."
While the RCERT-E team provides a wealth of professional know-how and experience, they still rely on every user to do his or her part to help keep the network secure.