The National Security Agency/Central Security Service (NSA/CSS) Information Assurance Directorate is currently holding its 8th Annual Cyber Defense Exercise. It started on April 21st and will be coming to a close this Thursday (04/24/08)--the day officially open for journalist's media coverage.
This annual competition, between numerous service academies, challenges student teams with the task of defending their computer networks from constant attack. However, they're not just protecting their infrastructure from automated penetration platforms. They'll be subjected to a barrage of attacks from a network offensive operations team (Red Team), composed of NSA and Department of Defense experts, during the four day hack-a-thon.
This year's competition includes teams from:
Naval Postgraduate School (NPS)
Air Force Institute of Technology (AFIT)
United States Naval Academy (USNA)
United States Air Force Academy (USAFA)
United States Merchant Marine Academy (USMMA)
United States Coast Guard Academy (USCGA)
United States Military Academy (USMA)-last year's winner.
Remote access is provided to each participating school's Cyber Defense Network (CDN) via VPNs configured to provide authentication and encryption of all traffic. All activity is centrally monitored from the exercise headquarters, located at the Lockheed Martin facility in Elkridge, Maryland.
...OK, so this may sound officially important and cutting edge, but don't be fooled. This is no more than just an educational exercise to teach government's network admins, and the future of our nation's "cyber defense", a thing or two about security. Having consulted for various three-lettered government agencies in the past...take my word.
By no means am I trivializing the network intrusion skills of the NSA/DoD Red Team (maybe a little). However, their textbook knowledge, simulated training, and real world failures, provide preparation for a Security+ certification at best. If they really wanted to demonstrate some serious network penetration, they should open up participation to attendees of BlackHat and DEFCON.
It would be a very humbling experience.
For anyone who cares, my inside sources tell me that the United States Coast Guard Academy is currently the most promising contestant. Pretty scary.
Send your oxymoronic military intelligence to:
With 20+ years of industry experience, Noah Schiffman is a former black-hat hacker turned security consultant. Coding at an early age, he developed one of the early text/graphic editing applications and started his first software company in 1980 when he was 11 years old. With the advent of networking technologies, he soon mastered the art of manipulating telco switching systems, known as "Phone Phreaking". This soon led to his career as a computer hacker, performing penetration testing, reverse engineering, cryptographic attacks, corporate espionage, digital surveillance and other ethically questionable projects.
His clients have consisted of Fortune 500 companies and various government agencies.
He has authored a number of articles for SearchSecurity.com, on topics ranging from kernel mode and metamorphic viruses to corporate data loss prevention.
|
|
