By U.S. ArmyMay 1, 2009
The swift clacking of keys was the U.S. Military Academy cadets' response to the feared cyber ninjas.
Every time the cadets were attacked, they fought back with computer skills as they and several other military academies competed against the National Security Agency last week during the weeklong Inter-Service Academy Cyber Defense Exercise.
"They've got some ninjas on the team," Senior Sal Messina, cadet-in-charge of the team, said of their NSA foes before the exercise began. "But, I'm not worried about them breaking in."
The cadets had to build a network from scratch with several working components, such as a Web page and e-mail. Then, they had to defend it from the ninjas of NSA hacking in from their stations in Maryland and taking the network down.
And they did it. The West Point team won the exercise for the third year in a row--West Point's fifth win since the competition began in 2001. That means they successfully fended off the NSA hackers better than the U.S. Naval Academy, U.S. Air Force Academy, U.S. Coast Guard Academy, U.S. Merchant Marine Academy, the Naval Postgraduate School, the Air Force Institute of Technology and Royal Military College of Canada.
"This is an unprecedented success and is a tribute to the cadets' hard work," Col. Joe Adams, Dept. of Electrical Engineering and Computer Science assistant professor and team coach, said. "Our cadets worked long and hard to achieve victory in the (exercise). These cadets will soon apply their hard-won knowledge of information assurance throughout the Army as lieutenants."
The exercise began with a scenario and a fake budget. The cadets were "deployed" to a made-up developing European nation and were tasked with setting up the country's computer networks. They were given a tight budget to simulate a real mission.
"We had to trim the fat to figure out what we really needed," Messina said. "It is very realistic because when you are deployed, you're not always going to have the best equipment."
The team built the network--simply put, a way to move information back and forth--and then had to figure out how to keep it safe. Having a secure network entailed five aspects--confidentiality, meaning information only is seen by those for whom it is intended; integrity, meaning information is not changed when it isn't supposed to be; availability, the information is accessible when it needs to be; authentication, users are who they say they are; and nonrepudiation, a legal aspect that allows the network administrators to trace security breaches.
That's where the NSA attackers come in. Their job was to attack the network and try to change information, install viruses, slow the network or kill it all together.
The attackers are part of the NSA's Red Team, which tests the security of federal government networks, Air Force 1st Lt. Brandon Hensley said. Hensley works for the NSA Blue Team, which travels to different locations within the federal government to test networks on-site. He acted as an umpire at West Point to make sure cadets followed the rules and also to double-check whether Red Cell attacks were successful.
"We had large attacks against our e-mail and Web server from multiple (Internet protocol) addresses (all NSA Red Team), Senior Josh Ewing, cadet public affairs officer for the team, said. "We were able to withstand their attacks and blocked over 200 IPs that they were using to attack the network."
All the while, the cadets were tasked with extra projects such as network forensics. The cadets' scores from these extra tasks contributed to their win, Adams said.
While the competition has given USMA some bragging rights, it tests real-world applications.
"It's very important these cadets understand the threats that are out there and how they affect networks," Hensley said.
Pentagon officials recently confirmed hacking into the Air Force air traffic control system and into electronics and design files about the F-35 Lightning II, also known as the Joint Strike Fighter. Hackers also recently wiggled their way into the nation's electrical grid.
"It's a good chance to find out what you don't know about skills when being attacked," Senior Matthew Devers, who worked on the team's Web and database servers section, said.
Messina said knowing how to properly protect networks can prevent someone from accessing weapons systems or plugging up communications so vital information cannot be received.
A stately trophy will be presented to the team soon. An official presentation has not yet been scheduled. The trophy will remain at West Point until next year's competition--or for as long as West Point's winning streak continues.