Search AFCEA Site

Enable breadcrumbs token at /includes/pageheader.html.twig

Cyber Event Draws Global Audience

by Henry S. Kenyon

A recent network defense training exercise brought together personnel from the U.S. Defense Department and teams from 15 nations to run through scenarios focused on cybersecurity and cyberdefense. A key theme of the workshop was building bridges between department personnel and their overseas counterparts while focusing on network defense.

Held in late October at the University of Nebraska at Omaha’s Nebraska University Center for Information Assurance, the 2008 International Cyber Defense Workshop (ICDW) was a three-day event of classroom instruction combined with hands-on experience that featured information sharing between U.S. government and multinational personnel.

The large international contingent marks a distinct change between this year’s workshop and previous events, says Mark Hall, director of information assurance policy and strategy for the deputy assistant secretary of defense for information and identity assurance (DASD-IIA), Washington, D.C. All of the teams had the option to send personnel to Omaha, but because of time and travel constraints, the event also was structured to allow online participation. Although he is not at liberty to name the participating nations, he divulges that they came from Europe, Asia and Latin America.

The workshop featured more than 80 online participants with some 100 personnel on-site involved maintaining the event’s network. Hall explains that these staffers answered participants’ questions and kept individual events flowing smoothly. The virtual collaborative nature of the exercise also allowed the international teams to help each other by posting and answering questions about network or programming issues.

The workshop comprised five different training scenarios that involved briefings about the nature of network-based attacks followed by exercises that focused on identifying and countering various types of attacks. Participants were taught to recognize, prevent and remediate threats ranging from domain name service poisoning, cross-site scripting to structured query language injections and buffer attacks. The teams had to write programs to prevent these attacks from occurring.

The last day involved capture-the-flag type exercises. Each of the international and U.S. groups formed teams that had to build their own network environments from a common tool set. Each team then tried to compromise the other teams’ networks while defending their own. Teams were evaluated for their ability to defend their networks from attack.

During the workshop’s exercise phase, the participants used OpenVPN software to create 128-bit advanced encryption standard virtual private networks. The attendees then used a virtual network-computing client to connect to an assigned computer in the lab.

Using the same software tools and operating in a single environment placed the participants on a level playing field, Hall says. He believes that one goal for future workshops will be to permit nations to configure their networks to meet their own specific national standards. This will allow administrators to see how their networks interoperate with other systems in a shared multinational environment, he notes.

Although a post-event summary document is still being written, Hall shares some of his observations from this year’s workshop. Among the lessons learned was the challenge of dealing with time-zone differences. Because of the international and globally distributed nature of the event, future workshops will have short lunch breaks. Hall notes that while the lunch break matched dinnertime for European participants, for Asian participants the break meant that it was after midnight before courses resumed.

Registration also was a challenge, with some individuals attempting to sign up just hours before the event began. The event also weathered a server crash during the capture-the-flag event, but Hall adds that the event resumed and ran smoothly after the system was back online.

One of the main challenges in running the event proved to be language because the international groups had varying levels of English proficiency. To circumvent language issues during classroom instruction, a pointer appeared on all members’ screens to outline and highlight the immediate topic of discussion. Future workshops may include providing participants with slides before the event begins. Attendees then would have the opportunity to study and become acquainted with the course material prior to participation, he explains.

Information sharing is an important part of events like the ICDW, Hall maintains. He notes that although a great deal of cybersecurity information sharing exists between commercial sector organizations, it is not common in the international government arena. One of the workshop’s goals is to build bridges between international groups to expedite information sharing. Hall discloses that the Defense Department is focusing on cybersecurity, emphasizing that it is an international issue.

The participants were pleased with the event’s outcome, especially in working together and sharing information with each other, Hall says. He adds that besides some minor glitches, the technology drew compliments because it linked all of the groups virtually. The workshop’s educational content and scenarios also drew praise, he says.

In the future, Hall wants to hold two events a year. Based on user feedback, he sees the number of participants growing, and he remarks that he would like to hold more focused sessions on agenda topics and issues.

Enjoying SIGNAL?
SIGNAL Magazine is available through subscription or as part of your membership in AFCEA.
SUBSCRIBE NOW
LEARN MORE
JOIN AFCEA