How COVID-19 changed Cyber Command’s ‘Cyber Flag’ exercise

Written by Shannon Vavra

This year when U.S. Cyber Command convened with allied countries to test how they would collectively defend against a cyber-operation targeting allied networks, the units came together for what appeared to be a straightforward simulation of an attack against a European airbase.

The worldwide coronavirus pandemic made the simulation less than straightforward.

For the first time ever, participants conducted the exercise from home on a new platform, according to U.S. military cyber commanders involved in the exercise. The annual simulation, which simulated an attack that impacted both information technology (IT) and operational technology (OT), took place on the Persistent Cyber Training Environment (PCTE).

“The impact of COVID-19 is pretty clear and it’s been a challenge for us. But it didn’t pause the action that’s been going on in cyberspace,” U.S. Coast Guard Rear Admiral John Mauger, the director of Cyber Command exercises and training, told reporters Wednesday. “Within Cyber Command we couldn’t stop and that’s really because our adversaries haven’t stopped during this pandemic.”

Although Cyber Command says it was planning to use the platform for the annual exercise, called Cyber Flag, long before the coronavirus started spreading, the pandemic forced the military commanders to reassess how they would work together virtually. It also solidified how important it is for the U.S. military to be able to work with and allies from afar in times of crisis.

“This really is about a new way of training and exercising for this command … the ability to operate over such a distributed format,” Mauger told reporters. “What we found through the rapid development and use of the PCTE is that … it reforms how we are moving forward with training. Our defense is only as strong as our weakest link. So we have to have the capability to train like we fight across the domain and bring in that broader group of allies and partners into the operations.”

The simulation

The exercise took place over the course of two weeks, with fake adversaries targeting virtualized industrial control systems and supervisory control and data acquisition networks (ICS/SCADA), military commanders involved in the exercise said.

The defenders, or blue teams, were made of several different sets of allied and U.S. cyber personnel, including those in the Five Eyes intelligence alliance from the U.K., New Zealand, and Canada, as well as participants from the U.S. Navy’s Fleet Cyber, the U.S. Marine Corps Forces Cyberspace Command, U.S. Army Cyber Command, the U.S. Coast Guard’s cyber branch, the U.S. Department of Energy, and the National Guard. Over 500 people participated in all.

On the simulated airfield, the red team pretending to be the adversaries — a team made up of just Cyber Command and U.S. Army 1st Information Operations Command staff — conducted “standard types of red team actions,” according to a technical director that spoke with CyberScoop. This included gaining initial access to a work station via spearphishing. The attackers then moved laterally to other machines to spread the infection and escalated their privileges.

The red team used all unclassified software to run their intrusions, such as the penetration testing tools Cobalt Strike, Metasploit, and PoshC2. The blue teams then were responsible for detecting the adversaries’ actions and stamping them out of their networks.

While many personnel participated from home, three teams did have to work together in person. To ensure that they could appropriately physical distance to reduce the spread of COVID-19, the operation took place over the course of two weeks, rotating teams in and out of facilities, according to Cyber Command.

The exercise wraps up at the end of this week, so the results are not yet available.

The real-world implications of this exercise are vast. For example, in 2016 when Cyber Command targeted and disrupted ISIS propaganda operations, the command could quickly build out all of its knowledge of ISIS operations in a PCTE simulation to better prepare to target the terrorists’ computer networks at a later date.

Cyber Command could also use the PCTE to train Department of Defense personnel and private sector entities on adversarial malware and tools Cyber Command finds when it hunts for adversarial malware on allies’ networks, such as Russian or Chinese malware.

Source link

Recent articles

Ady Barkan Endorses Joe Biden for President

According to a transcript of the conversation between Mr. Biden and Mr. Barkan, the two disagreed over Medicare for all and Mr. Biden...

Manage containers in namespaces by using nsenter

With containers becoming the de facto application deployment standard, we all must understand how to guarantee security, isolation, and resource restrictions. Linux namespaces...

Over 500,000 businesses got PPP loans but are listed as retaining zero jobs, Treasury Department data show

The Paycheck Protection Program was designed to help small business weather the coronavirus pandemic while keeping their workers employed.But government data suggests that...

El Al to slash workforce as part of rescue package agreements | News

Israeli flag-carrier El Al is set to shed 1,700 positions across three divisions as part of a restructuring programme. The airline says it has...

COVID-19 Cybercrime Capitalizing on Brazil’s Government Assistance Program

IBM X-Force Incident Response and Intelligence Services (IRIS) has been tracking cybercrime capitalizing on the coronavirus pandemic since January, and has observed the...

Colin Jost Knows What He Has: ‘A Very Punchable Face’

Though Colin Jost has worked at “Saturday Night Live” for nearly 15 years, it wasn’t until this past spring that he was able...

Leave a reply

Please enter your comment!
Please enter your name here