Search:  

 Blog     e-Newsletter       Resource Library      Directories      Webinars     Apps     EBooks
   AFCEA logo
 

Army Reserve Trains for Information Assurance

January 2004
By Travis Good

 

Instructor Richard Nolan prepares U.S. Army Reserve Information Operations Command (ARIOC) soldiers for a hands-on exercise implementing the Network Time Protocol. It is part of a four-day advanced information assurance training course specially developed for the ARIOC at the Software Engineering Institute.

Reservists hone high-technology skill to prepare for cybersecurity threats.

Soldiers assigned to information operations units in the U.S. Army Reserve Information Operations Command are improving their mission readiness for the latest cybersecurity threats with specialized training developed by the Software Engineering Institute at Carnegie Mellon University.

The U.S. Army calls on the Army Reserve to provide technical know-how for emerging challenges, and cybersecurity is no exception. In 2001, the Department of the Army requested the assistance of the Army Reserve to acquire a new range of support in the information operations field, with the broad requirement to take advantage of the high-technology skills of reservists already employed in the information technology industry.

In response to this request, the Reserve created information operations units throughout the country. The units recruit reservists who can take the information technology expertise acquired from a civilian career in private industry and apply it in the context of their military service. By participating in the training developed by the Software Engineering Institute (SEI), Pittsburgh, these soldiers can further hone the technical skills and knowledge they bring to computer network defense operations.

The majority of the Army Reserve Information Operations Command (ARIOC) information operations soldiers are assigned to one of five information operations centers (IOCs). The centers are strategically located in regions with a concentration of crucial information technology resources: Washington, D.C.; Massachusetts; Pennsylvania; Texas; and California. Each IOC manages an operations section, a computer emergency response team (CERT) support group, a technical research team and an information infrastructure defense assistance team. Each center addresses numerous security areas, including information assurance, virus detection and prevention, vulnerability assessment, intrusion detection and cyberincident response.

IOC soldiers maintain an information assurance capability for the Army by protecting, detecting and assessing, restoring and responding to any cyberthreats that may affect the mission of supported agencies ranging from the National Security Agency to the Joint Reserve Intelligence Program.

In early 2003, Sen. Rick Santorum (R-PA) secured $1.5 million in funding to establish a partnership between the SEI and the ARIOC. Sen. Santorum emphasized the importance of such a partnership, acknowledging the need for the Army to excel in this functional area. “We must guard against nontraditional threats and address our cybervulnerabilities,” he said in a news conference at the university in April, adding that “the partnership between the SEI and the U.S. Army Reserve will equip our military to counter these threats.”

The SEI is a research and development organization federally funded by the U.S. Defense Department. Much of the institute’s work relates to the security of information systems. For example, the SEI operates the CERT Coordination Center (CERT/CC) and other programs that help organizations develop the ability to protect their networked systems against current and emerging cyberthreats. The SEI is working closely with the office of the Army’s chief information officer (CIO), which oversees the entire project to ensure that training for the ARIOC satisfies Army goals and requirements.

The institute is assembling a suite of information assurance and security training activities developed especially for the ARIOC, including a highly technical course in advanced information assurance. The course is designed for soldiers with three to five years of experience in system or network administration and preferably one year of experience in security administration. Before enrolling in this advanced course, soldiers acquire a broad technical foundation by completing the Information Security for Technical Staff course, the SEI’s introduction to information security.

The advanced course builds on the concepts and exercises covered in the introductory course and contains 40 hours of substantive technical content, including lecture and laboratory exercises. Eighty percent of that time is devoted to hands-on technical tasks. Instructors teach the four modules of the course over four days. Students spend the first two days in a classroom studying major security strategies in detail. The next two days are spent implementing these strategies in a laboratory environment where they perform a series of network security tasks.

Principal instructor Chris May led other members of the technical staff at the CERT/CC in researching, developing and preparing the advanced course structure and materials with assistance from Carnegie Mellon graduate students. Like the other members of his team, May’s background is heavy in network security. During seven years as a communications and information officer in the U.S. Air Force, he spent much of his active-duty time designing, supporting and defending military computer networks.

The team’s practical experience influenced the realistic, hands-on course design, May says. “Soldiers in this course take away practical knowledge and skills that will immediately improve information operation capabilities in the IOCs,” he says. In course exercises, soldiers work in small teams to completely redesign a network that simulates an unsecured Army garrison production network. “By the end, they have a highly secure network,” May shares.

Course materials provide soldiers with a situational scenario and step-by-step instructions for a specific plan of action to handle security risks. May describes the scenario as one in which an Army network has failed an information assurance audit. The base commander directs the chief information officer to implement an information assurance policy and develop a plan to bring the network into operational compliance. The CIO develops the new policy and a plan that depends on outside contractors to repair the network. The plan is reviewed and accepted, but after considering security concerns, the CIO decides that the network should be repaired by Army personnel instead of outside contractors. The CIO requests the assistance of ARIOC soldiers to implement the network security improvement plan.

The course exposes participants to a wide variety of technical details and strategies that must be considered when redesigning any network. Sean Pennline, a graduate student on the development team, reflects that designing and implementing a secure network architecture can be daunting even for seasoned security administrators. “To make the network more efficient and secure, you’ve got to coordinate the implementation of a number of different technologies. It’s complicated,” he says.

The complexity goes beyond technical issues alone. “The technical aspects of configuring a system are important, but the really tough part is trying to satisfy competing goals that may conflict with each other. Administrators have to know what tradeoffs they can make and how those tradeoffs will affect the network,” Pennline adds.

By the end of the class, ARIOC soldiers will have a sophisticated understanding of network security concepts, experience with the details of secure implementations and a firm grasp of best practices. They will know how to secure Unix and Windows operating systems as well as Microsoft Exchange Servers, Internet Information Servers, file servers, Active Directory, DNS, and MySQL Servers. Additionally, soldiers will be able to use intrusion detection systems and network traffic encryption technologies; deploy network routers and firewalls to secure the network topology; and install and configure proxy servers, centralized software patching services and e-mail filters. Many of the security implementations use software that is freely available as well as commercial off-the-shelf software—an approach that is common in real-world network security.

These skills are all taught with “down-to-earth” exercises, but Richard Nolan, SEI instructor, emphasizes that the concepts of network security are likewise an integral part of the training. “The intent of the course is not to have these soldiers become masters of configuring synchronization or net time protocol.” Concepts covered in the course help administrators develop the critical perspective necessary, he says, “to evaluate any technology that can be implemented within a network setting.” Soldiers who complete the course greatly improve their ability to deploy, administer and support information assurance capabilities during mission-critical situations, Nolan says.

The SEI is developing other training activities for the ARIOC in addition to the advanced information assurance course. One is a virtual network auditing (VNA) activity that will allow IOCs to use virtual private network encryption technology to conduct remote vulnerability assessments and information security audits of simulated Army production networks.

The other is an information assurance exercise (IAX). The exercise is a simulation in which the IOCs build computer networks to support a deployed force. The IOCs must then defend these networks from a Red Team, a group of specially selected ARIOC aggressors who have been assigned the task of attempting to penetrate the networked systems.

The realism of this exercise meets with the approval of Maj. John Santini, USAR, a former active-duty infantry officer and ranger now assigned to the North Central ARIOC located in Pittsburgh. In a time of increased mobilization, Maj. Santini says, it is imperative that soldiers get the training they need to meet the ever-changing security demands of deployed networking environments. “The IAX will allow ARIOC soldiers to practice all of the skills they’ve learned,” he says. “It will give us an opportunity to refine our practices and procedures,”

The North Central IOC is providing feedback on research and development of the advanced course as well as participating in some of the preliminary course tasks. Eventually, the SEI will transition the course to the IOCs via a train-the-trainer approach, and each IOC will be able to incorporate the entire educational product into its information operations.

The program also allows current Army reservists and prior active-duty soldiers who are interested in becoming members of the Army Reserve’s information operations units to contact one of the five regional IOCs.

Travis Good is a graduate student at Carnegie Mellon University currently working on the advanced information assurance course being developed at the CERT Coordination Center for the U.S. Army Reserve.