WASHINGTON - Soldiers from the Cyber Protection Brigade (CPB), U.S. Army Cyber Command (ARCYBER) teamed up to compete against the top cyber teams in Air Force, Navy, Marines, Coast Guard and National Guard for the 2019 NetWars Services Cup, while other Soldiers, Army and DoD Civilians competed against 178 other champions, individually or in teams of up to 5 players, in the NetWars Tournament of Champions hosted by the SANS Institute, December 15 and 16 in the International Ballroom of the Washington Hilton.
Ed Skoudis, a SANS fellow and creator of NetWars, said the Tournament of Champions is an invite only event. SANS only invites the people who have won their NetWars events over the last two years and that the game teaches real-world cybersecurity skills - offensive, defensive, analysis, and digital forensics skills.
In the past six years Skoudis has seen a marked improvement in the level of expertise of the U.S. military teams.
"Ten years ago is when we started NetWars, and when we first started NetWars, the U.S. military personnel did o.k., and that's not good when you're doing just o.k.," said Skoudis. "Now, whenever we run a NetWars event, whether it's the Tournament of Champions or anything else, the U.S. military is well represented among the winners. I do think that shows the investment in those skills is paying off, and cyberspace is a dangerous place, and we need our military forces to be ready to defend the country."
In this year's Tournament of Champions two Department of Defense teams placed in the top five - third and fourth place.
Matthew O'Rouke, an Army Civilian with the 782nd Military Intelligence (MI) Battalion (Cyber), was the team captain of Nation_State_Alchemy who placed third. The other team members included: Sgt. Andrew Beat, a cyber operations specialist assigned to the 782nd MI Bn.; Carl Peterson, Chris Maloney, and Neil Klissus, who are DoD Civilians within the U.S. Cyber Command community.
O'Rouke said the cybersecurity and information security training facilitated by SANS is some of the "most well-tailored and practical training given by an organization in this field." He added that NetWars is held at approximately 50 SANS training conferences throughout each year and is included free when attending one of their hosted classes.
"It is always encouraging to see Soldiers and Civilians participate in these events because more often than not they perform incredibly well and above expectations, increasing confidence not just in their skills, but also in their peers they work with every day," said O'Rouke.
O'Rouke believes leaders at all levels should recognize competitions like this as another great tool for relevant individual and collective training.
"There are thousands of different ways to improve yourself and others, this is just one example that focuses specifically on the digital battlefield and our cyber work," said O'Rouke. "By doing this, it can either be an opportunity on advanced training for more senior members to share what we know and increase overall team proficiency or it's a great opportunity for junior Soldiers or new Civilians to provide a more hands-on approach to focused and direct individual training. Either way, it's always a good chance to better learn more about the skills of our highly trained team members and strengthen our trust and confidence for future real-world operations."
For Sgt. Andrew Beat, a cyber operations specialist assigned to the 782nd MI Bn., these Capture the Flag (CTF) events give him exposure to a myriad of challenges which will assist him in refining his research and development, and problem solving processes.
"Being able to solve the problem and find the solution is a big part of my job," said Beat. "My leadership will come to me and my colleagues, and say 'we want to be able to do this' and we have to figure out is this technically feasible, is it safe to do so, and can we do it. What requirements, what gaps do we have to be able to do this."
In order to give an idea of what the teams and individuals might face in a SANS NetWars Tournament O'Rouke gave this perspective.
"What we learned were heavy blue (defensive cyber) team tactics deployed in a very dynamic environment. Part of this was out of necessity because one of the teams targeting us had heavily scripted their attack methods so we had to respond manually as we identified and signature the exploit and attack vectors," said O'Rouke. "Within the hour we had signatured and patched/secured the vulnerabilities they were taking advantage of and this resulted in the adversarial team switching to manual targeted attacks; the resulting hours were what could be best described as a 'cyber knife fight'".
The team representing the U.S. Army in the 2019 NetWars Services Cup were Soldiers assigned to the Cyber Protection Brigade, U.S. Army Cyber Command, and included: Capt. Michael Milbank, team captain, Capt. Braxton Musgrove, Chief Warrant Officer 2 (CW2) Michael Edie, CW2 Michael Shue, Warrant Officer Christopher Watson, and Staff Sgt. Buffye Battle.
"Being placed in a contested environment with actual adversaries offers us a chance to test new strategies, enhance our tactics, and rehearse our procedures so that we are more effective and adaptive in real-world scenarios," said Milbank. "Our team is incredibly thankful to SANS for putting together this competition, and thankful to the Army for providing the training and opportunity to allow us to be successful."
While the Army team did not place in the top three - the top three finishers in the Services Cup were the U.S. Air Force, U.S. Navy, and U.S. Coast Guard - Milbank remarked their participation was a great way to improve team cohesion, develop individual technical skills, and also share tactics across the cyber community.
"The main focus over the next year will be building our own environment similar to what we saw in the competition, employing the techniques we saw other teams using, and practicing and refining our processes," said Milbank.
All of the Soldiers, Army and DoD Civilians remarked that they are always looking for opportunities to improve and hone their skills, and everyone benefits from the exposure.
"You have to continuously broaden your horizons, learn more technology, learn more information systems, more tools to use, because as the environment evolves, we have to evolve with it, otherwise we very quickly become outdated," said Beat. "That's why some people call cyber one of the most hardest domains to lock down because the landscape is always changing, requirements change daily, if not hourly based on what we're using, what the adversary is using, what's the newest technology...what may work one day, might not work the next."