Lab Note: Training the Cyber Defensive Line

Abstract

The number of attacks on computer networks is massive; for example, in 2013, the Pentagon reported getting 10 million attempted cyber intrusions a day. 1 These attacks are also growing in sophistication, primarily because cyber attackers are using combinations of techniques such as inserting malicious code (malware) or email phishing, and are adding complexity to the attack by involving multiple parties. 2 And, cyber intruders are breaching systems in just minutes. 2 Network operators, who are typically tasked with day-to-day maintenance of the computer systems, are hard-pressed, and often not trained, to address this flood of advanced, novel attacks. In response to the proliferation and growing complexity of cyber threats, the U.S. Cyber Command (USCYBERCOM) over the last three years has created squads who will act as cyber strike teams in the field to protect the nations networks. To help the Department of Defense (DOD) build such cyber protection teams, staff from Lincoln Laboratorys Cyber Security and Information Sciences Division, in collaboration with several other federally funded research and development centers (FFRDC) and university-affiliated research centers (UARC), developed and conducted a series of exercises designed to evaluate the capabilities of cyber defenders. Not exactly games, these exercises, collectively called Project C, pit a red team attacking the network against a blue team defending it. The red team plans an attack strategy, and the blue team develops countermeasures to thwart the attack. The blue team needs to learn about the network and how best to defend it, locate any attacks, defeat them, and, finally, redefend the network, says Douglas Stetson, associate leader of the Laboratorys Cyber System Assessments Group.

Document Details

Document Type

Technical Report

Publication Date

May 02, 2016

Accession Number

AD1033659

Entities

Tags