Cyber Defense Exercise

Upon graduation, all cadets are commissioned as officers in the U.S. Air Force. Many of them will be responsible for the security of critical military information systems. This course is designed to provide a firm foundation in the fundamentals of information assurance. With this foundation, recently commissioned lieutenants have in their toolbox the intellectual skills needed for continued self-education that is so important in rapidly evolving disciplines like information assurance.

The protection and defense of physical locations is a notion with which all cadets are comfortable. All cadets have had the benefit of no less than three and a half years of military training and education by the time they take the information assurance course. A tenet of military planning and operations from as long ago as Sun Tzu and Julius Caesar is that knowing the tools, tactics, and vulnerabilities of an opponent as well as oneself leads to victory. To establish an effective defense you must have a good understanding of your own vulnerabilities. In addition, you must be aware of the techniques that your adversary might employ to exploit those vulnerabilities. The course goals not only emphasize the technical aspects, but also require the students to understand the context of how these tools are used.

A disconcerting attribute of information technology today is that the more advanced a nation is in the use of information technology, the more vulnerable they are to the loss of that technology. The wide dissemination of hacker tools, lack of designed-in security in virtually all Department of Defense (DoD) information systems, and increasing DoD use of commercial communications infrastructures makes the prospect of asymmetrical threats against our national interests very likely. Each day it becomes increasingly plausible that cyberwarriors working for an adversary that in no other way could hurt the U.S. could cripple U.S. critical information systems.

Designing and Implementing the "Battlefield"

The "battlefield" had to be a network that would resemble or even duplicate the kinds of networks that are part of the current infrastructure. To the greatest extent, the hardware and software should be the kind that officers encounter after graduation. The work of defining parameters for such a battle field was an additional opportunity for student learning. Moreover, it was an opportunity for employing a multidisciplinary approach since the information infrastructure is a multidisciplinary space. The effort was suitable for an Information Systems Design Course capstone project. West Point cadets researched, designed, and constructed the "battlefield" which we called the Cyber Defense Network (CDN). A project team made up of four students majoring in Economics, Geography, and International Relations were assigned this task. USAFA volunteered to participate in the development as well. They assigned a Computer Science major enrolled in an independent study to join the USMA project team. The final Cyber Defense Network design consists of platforms running Sun Solaris, Linux, Windows 2000, Windows 98, and Windows NT operating systems. Internet access is provided to allow for downloading the latest patches and software updates. These systems are configured to provide various services such as: web servers, database servers, file servers, e-mail servers as well as a standard set of network utilities.

The Attackers

The Cyber Defense Exercise concept involves competition in two ways. The most obvious is the competition between the service academies for the best defense. The second is the adversarial competition between the Red Team and the students. The Red Team did double duty, also serving as the student-team evaluators. As early as September 2000, the 92nd Aggressor Squadron, US Air Force Information Warfare Center, Lackland Air Force Base, learned about the Cyber Defense Exercise through a chance meeting with a West Point faculty member at an information assurance conference. They immediately expressed interest in supporting as a Red Team. The 92nd Aggressor Squadron briefed their organization and mission at the Cyber Defense Exercise summit, and were subsequently accepted as a Red Team. They also agreed to provide the evaluation criteria used to objectively determine a student-team winner.

The Competition

The US Military Academy, US Air Force Academy, US Merchant Marine Academy, US Naval Academy, and the Naval Postgraduate School compete in the Cyber Defense Exercise each year. The NSA Information Assurance Director's trophy is a traveling award that resides with the winning academy for the academic year. This award serves to advertise and generate interest among students to learn about information assurance.