Super Cyber Warriors Can Be Info Ops Targets
Despite extensive training, U.S. Army cyber experts can still be targeted by foreign adversaries through information operations campaigns, Timothy “Tim” Bishop, deputy program executive fficer-Simulation, Training, and Instrumentation (PEO-STRI), told the audience at the AFCEA TechNet Augusta conference on Augusta 18 in Augusta, Georgia.
The PEO-STRI organization received its first red team certification in 2011 and works with the Defense Department’s director of Operational Test and Evaluation on the Cyber Assessment Program (CAP), which is designed to help the military develop defenses against advanced cyber threats.
Timothy “Tim” Bishop, deputy, PEO-STRI: We are training folks to protect our networks when we really should be training them to protect our mission.#AFCEATechNet
— George Seffers (pronounced See furs) (@gseffers) August 18, 2022
Bishop warned the audience that training cyber forces to protect specific weapon systems or particular networks is not enough. “We are training folks to protect our networks when we really should be training them to protect our mission,” he said. “I know there are subtle differences there, and people are going to have to think about that a little bit, but I want to put that in your mind.”
Even trained cyber fighters can be vulnerable to influence operations, he asserted. “We’re training these folks to be super cyber warriors. We’re training them to defend our networks. But these individuals can be influenced in other ways. We have proven we can do that.”
He added reassurance that not everyone will be an insider threat or will do intentional harm.
PEO-STRIs red teams have used phishing campaigns, social engineering and publicly and commercially available information to aid their cyber efforts achieving a 95-98 percent success rate. “I can find out who’s in the security office. If you’re in the security office, you’re somebody I’m really interested in because you can access the facility to everybody.”
Tim Bishop, deputy, PEO-STRI: Information, information, information is killing us. And it’s giving our adversaries an advantage.#AFCEATechNet
— George Seffers (pronounced See furs) (@gseffers) August 18, 2022
Readily available information also can be used to strategically target 15-20 individuals with a phishing email. For example, red teams can email a list of personnel supposedly behind in their cyber training, and email recipients will forward the message to friends whose names are listed.
“Information, information, information is killing us. And it’s giving our adversaries an advantage,” he declared.
We’re now trying to bring our nation state partners along in this cyber domain, as they say, this information domain.
More recently, PEO-STRI has begun assessing weapon systems for foreign partners when those systems need to connect to U.S networks. “For the very first time this year, we assessed a partner nation’s weapon platform that they integrated onto our network,” Bishop reported.
Through foreign military sales, the organization now also provides training to international partners, including those in the U.S. Central Command and U.S. Africa Command areas of responsibility. “We’re now trying to bring our nation state partners along in this cyber domain, as they say, this information domain,” Bishop stated. “Unfortunately, they can be influenced, and that can impact us. Their influence and connectivity to our networks impacts our ability to protect our networks, or our ability to accomplish the mission space requirements.”
Medical records also pose a cybersecurity risk. An adversary accessing records, for example, might prevent a unit from deploying for a number of days just by changing the records to show a significant number of personnel are in poor health and cannot deploy.
Army red teams are not allowed to access such records, but adversaries can, he noted.