Teams Face Off in Cybersecurity Simulation

Cyber attacks tend to target the places you least expect. But cybersecurity professionals across the country are dedicated to preparing for any and all points of vulnerability, as evidenced by the latest version of the annual weeklong test “Cyber Flag.”

As a tactical exercise series for U.S. Cyber Command, Cyber Flag simulates a conflict between offensive and defensive teams of cyber professionals. This past summer, the simulation imitated a cyber attack against a seaport, blocking their ability to move cargo and potentially affecting international trade. The exercise was meant to test and improve military leaders’ response to a real-world incident.

Teams were made up of over 650 cyber professionals, as well as U.S. government staffers from the FBI, the House of Representatives, the Department of Homeland Security, and other federal agencies. They also included participants from utility providers in the private sector and representatives from the U.K., Canada, Australia, and New Zealand.

The goal of the “red team,” or the adversaries in the simulation, was to use publicly available, open-source malware to run malicious operations in target systems and test the ability of the defensive team to respond. They were directed to simulate blocking a port from moving its cargo—a goal which, according to staff, they ultimately achieved.

Taking the Offensive

A decade after its formation, Cyber Command is refocusing to take a more active role in defending against cyber attacks. This year, its Cyber Protection Teams (the “blue team”) was directed to search for and deter adversaries and malicious activity, as opposed to simply bolstering network infrastructure.

With hackers and other ill-intentioned forces bolder and more resourceful than ever, it’s become key for national intelligence to do more than focus on mission protection. Personnel have a host of new responsibilities that come with a more offensive approach to cybersecurity, and as a result, training has become more important than ever.

The adversary featured in Cyber Flag’s simulation was designed to obtain information as well as to cause disruption, not just in the IT infrastructure but in the system’s operational technology. Ideally, the blue team would not only block this attempt, but it would hunt down the malicious invaders to eradicate any lingering threat of a breach.

Above all, the training is an adaptive team-building experience. According to Rear Admiral John Mauger, Cyber Command’s director of exercises and training, “the environment is really intended to challenge the teams both as individuals and their knowledge as analysts and operators—but more importantly as a collective team and their ability to work together.”

The Power of Teamwork

While federal agencies are leading the charge to be more assertive in defending their systems, your organization can just as decisively take action against potential threats.

Start with a comprehensive evaluation that assesses the effectiveness of your with the prowess of a real human attacker: our Red Team Assessment, which determines system vulnerabilities with a proven process:

  • Assessment of real-world threat vectors
  • Circumvent security systems and controls
  • Compromise perimeter/internal systems
  • Establish persistent internal connections
  • Gain network user account access
  • Gain elevated privilege (admin) access
  • Identify key systems and databases
  • Establish backdoor access to key systems
  • Capture sensitive data for validation

Take the first step towards understanding and combating key risk factors, and contact us today.

Posted in BAI Security Blog.