Cadets Trade the Trenches for Firewalls
By COREY KILGANNON and NOAM COHEN
Published: May 10, 2009
WEST POINT, N.Y. – The Army forces were under attack. Communications were down, and the chain of command was broken.
Pacing a makeshift bunker whose entrance was camouflaged with netting, the young man in battle fatigues barked at his comrades: “They are flooding the e-mail server. Block it. I’ll take the heat for it.”
These are the war games at West Point, at least last month, when a team of cadets spent four days struggling around the clock to establish a computer network and keep it operating while hackers from the National Security Agency in Maryland tried to infiltrate it with methods that an enemy might use. The N.S.A. made the cadets’ task more difficult by planting viruses on some of the equipment, just as real-world hackers have done on millions of computers around the world.
The competition was a final exam of sorts for a senior elective class. The cadets, who were computer science and information technology majors, competed against teams from the Navy, Air Force, Coast Guard and Merchant Marine as well as the Naval Postgraduate School and the Air Force Institute of Technology. Each team was judged on how well it subdued the threats from the N.S.A.
The cyberwar games at West Point are just one example of a heightened awareness across the military that it must treat the threat of a computer attack as seriously as it does an attack carried out by a bomber or combat brigade. There is hardly an American military unit or headquarters that has not been ordered to analyze the risk of cyberattacks to its mission – and to train to counter them. If the hackers were to succeed, they could change information on the network and cripple Internet communications.
In the desert outside Las Vegas, in a series of inconspicuous trailers, some of the most highly motivated hackers in the United States spend their days and nights probing the military’s vast computer networks for weaknesses to exploit.
These hackers – many of whom got their start as teenagers devoted to computer screens in their basements – have access to the latest in attack software. Some of it was developed by cryptologists at the N.S.A., the nation’s largest intelligence agency, where most of the government’s talent for breaking and making computer codes resides.
The hackers have an official name – the 57th Information Aggressor Squadron – and a real home, Nellis Air Force Base.
The Army last year created its own destination for computer experts, the Network Warfare Battalion, where many of the cadets in the cyberwar games hope to be assigned. But even so, the ranks are still small.
The Defense Department today graduates only 80 students a year from its cyberwar schools, causing Defense Secretary Robert M. Gates to complain that the Pentagon is “desperately short of people who have capabilities in this area in all the services, and we have to address it.” Under current Pentagon budget proposals, the number of students cycled through the schools will be quadrupled in the next two years.
Part of the Pentagon’s effort to increase the military’s capabilities are the annual cyberwar games played at the nation’s military academies, including West Point, where young cadets in combat boots and buzz cuts talk megabytes instead of megatons on a campus dotted with statues of generals, historic armaments and old stone buildings.
While the Pentagon has embraced the need for offensive cyberwarfare, there were no offensive maneuvers in the games last month, said Col. Joe Adams, who teaches Information Assurance and stood at the head of the classroom during the April exercise.
Cadet Joshua Ewing said he and his fellow Blue Team members “learn all the techniques that a hacker would do, and we try to beat a hacker.”
These strategies are not just theoretical. Most of these cadets will soon be sent to Afghanistan to carry out such work, Cadet Ewing said.
When the military deploys in a combat zone or during a domestic emergency, establishing a secure Internet connection is an early priority. To keep things humming, the military’s experts must fend off the ordinary chaos of the Internet as well as attacks devised to disable the communications system, like flooding e-mail servers with so many junk messages that they collapse.
Underscoring how seriously the cadets were taking the April games, the sign above the darkened entranceway in Thayer Hall read “Information Warfare Live Fire Range” and the area was draped with camouflage netting.
One group had to retrieve crucial information from a partly erased hard drive. One common method of hiding text, said Cadet Sean Storey, is to embed it in digital photographs; he had managed to find secret documents hidden this way. He was seeking a password needed to read encrypted e-mail he had located on the hard drive.
Other cadets worked in tandem, as if plugging a leaky dam, to keep the entire system working as the N.S.A. hackers attacked the engine that runs a crucial database as well as the e-mail server.
They shouted out various Internet addresses to inspect – and usually block – after getting clearance from referees. And there was that awkward moment when the cadet in charge, Salvatore Messina, had to act without clearance because the attack was so severe he couldn’t even send an e-mail message.
The cadets in this room do get their share of ribbing. But one cadet, Derek Taylor, said today’s soldiers recognize that technological expertise can be as vital as brute force in saving lives. West Point takes the competition seriously. The cadets who helped install and secure the operating system spent a week setting it up. The dean gives a pep talk; professors bring food.
Brian McCord, part of the team that installed the operating system, said he was chosen because his senior project was deeply reliant on Linux. The West Point team used this open-source operating system, freely available on the Internet, instead of relying on proprietary products from big-name companies like Microsoft or Sun Microsystems.
“It seems weird for the Army with its large contracts to be using Linux, but it’s very cheap and very customizable,” Cadet McCord said. It is also much easier to secure because “you can tweak it for everything you need” and there are not as many known ways to attack it, he said.
West Point emerged victorious in the games last month. That means the academy, which has won five of the last nine competitions, can keep the Director’s Cup trophy, which is displayed near a German Enigma encoding machine from World War II. Cracking the Enigma code helped the Allies win the war, and the machine is a stark reminder of the pivotal role of technology in warfare.
Thom Shanker contributed reporting from Washington.