WASHINGTON — Loud music blared throughout the crowded hall of the Washington Hilton as cyber professionals from the military, industry and academia launched into the final day of the NetWars Tournament of Champions, Monday.

NetWars is a suite of interactive learning scenarios designed to provide training and assess the cyber proficiencies of personnel, according to the SANS Institute, the organization responsible for the competition. Individual and team competitors that won other NetWars event over the past two years were invited to the final tournament in Washington, D.C.

“We have organized the NetWars Tournament of Champions for about six years now,” said Ed Skoudis, the creator of NetWars. “The idea was to bring together the ‘best of the best,’ and have them compete in a fun … but competitive [environment.] This year is our biggest Tournament of Champions ever,” he said.

The Army was represented well during this year’s NetWars competition, said Matthew O’Rouke, an intelligence specialist with the 782nd Military Intelligence Battalion (Cyber) at Fort Gordon, Georgia.

As the team captain of “Nation_State_Alchemy,” O’Rouke was joined by Sgt. Andrew Beat, a cyber-operations specialist assigned to the 782nd MI Bn., and Carl Peterson, Chris Maloney, and Neil Klissus, Department of Defense civilians within the U.S. Cyber Command community.

During the competition, O’Rouke and his team huddled over their laptops as they launched a series of attacks or bolstered their defenses during the “castle versus castle,” part of the competition, also known as “level five.” Teams had three hours to increase their scores from the previous day of competition.

The day prior, Nation_State_Alchemy quickly sailed thought the first four levels of the competition to be amongst the first to reach level five. The initial stages included a series of cyber-related exercises that increased in difficulty and corresponded with a fictional-based scenario, O’Rouke said.

At level five, participants set up and managed their “castle” — a virtual server — during a capture-the-flag-type competition, O’Rouke said. In each castle, teams managed four Linux- and four Windows-based services, which included a “digital-text string,” known as their flag.

After they set up their castle, teams could then attack another team’s services and take down an enemy’s flag, put up their flag, or even take down a team’s services altogether.

“Ideally you want to automate as much as possible and get your services set up and automatically defended,” Peterson said. “Then you want to get your attacks set up and get them firing automatically against another team’s systems.”

NetWars scoring servers periodically check the status of each castle. Teams are awarded points based on their uptime or the number of flags the team has across the online play space.

Ultimately, Beat said, NetWars turns into this giant “cyber-knife fight.” Teams try to maintain a 100% uptime by defending their castle, as they branch off to try and take over another team’s services.

“There is certainly a potential upside to aggressive play; however, defense is easier to maintain,” Peterson said.

In this competition, understanding how a team exploited a system can provide an ample opportunity to build a proper defense, O’Rouke added. Further, a team can leverage a known weakness to breach another team’s system.

“Attribution is a challenge, just like in the operational environment,” Peterson said. “Based on the types of attacks we are seeing and the data they leave behind — their flag — we can start to associate each of these attacks with different threat actors.”

Through it all, NetWars provided teams an opportunity to practice their techniques, tactics, and procedures in an open-source competition against a real and thinking adversary, Beat said.

“Ten years ago, we started NetWars — and no offense, the U.S. military personnel just did OK,” Skoudis said. “This is U.S. military, and we face some significant adversaries — OK is just not good enough.

“Now, whenever we run a NetWars event, whether it’s the Tournament of Champions or anything else, the U.S. military is well represented among the winners,” he added. “I do think that shows the investment in those skills is paying off, and cyberspace is a dangerous place, and we need our military forces to be ready to defend the country.”

In total, around 500 people participated in this year’s tournament, in varying levels of competition. Nation_State_Alchemy placed third in the event and is planning to apply the lessons learned in future contests. A second joint-Army team, Whiskey_Business, placed fourth in the tournament.

“One big takeaway: no matter how hard you defend, the attackers will go after the weakest link,” Peterson said. “The teams we were up against didn’t focus on us. They focused on the less prepared teams in the play space.”

SERVICES CUP

As Nation_State_Alchemy and Whiskey_Business competed in the Tournament of Champions division, the team “Crabby_Patties,” led by Capt. Michael Milbank, represented the overall Army in the 2019 NetWars Services Cup competition.

Milbank joined other members of the U.S. Army Cyber Command’s Cyber Protection Brigade out of either Fort Gordon or Fort Meade, Maryland, including Capt. Braxton Musgrove, Chief Warrant Officers 2 Michael Edie and Michael Shue, Warrant Officer Christopher Watson, and Staff Sgt. Buffye Battle.

“Being placed in a contested environment with actual adversaries offers us a chance to test new strategies, enhance our tactics, and rehearse our procedures so that we are more effective and adaptive in real-world scenarios,” Milbank said. “Our team is incredibly thankful to SANS for putting together this competition and thankful to the Army for providing the training and opportunity to allow us to be successful.”

Teams representing the Navy, Air Force, the Marine Corps, Coast Guard and National Guard also participated in this year’s competition. The Air Force was the overall winner, followed by the Navy and Coast Guard, respectively.

“The [services] are always competing with each other for fun, so we decided to have a commander’s cup for cyber,” said Daryl Gilbertson, SANS DOD national account manager “The cup travels with the winning team … and it gives the [cyber team] some notoriety. Their names are actually engraved on it … it’s a big deal.”

WEST POINT

Cadets from the Army Cyber Institute at West Point, New York, also participated in this year’s Tournament of Champions. Joining the cadets was their instructor, Capt. Daniel Hawthore, an assistant professor and deputy at the Cyber Research Center, who placed third overall as a first-time solo player.

West Point qualified for this year’s event by beating the other academies during a SANS training event and tournament last spring, Hawthorne said. The team pressed hard and broke into level four before the close of the competition.

“Anybody who sat in one of my classes will tell you I’m very passionate about the field,” Hawthorne said. “I’m watching these cadets take off. They’re going to go further than I have.”

By Devon L. Suits, Army News Service

WASHINGTON — The National Guard is ready to mobilize its cyberdefenses in case of a potentially devastating domestic attack.

“When I first joined the National Guard, cyber was not part of our vocabulary, but certainly now it is one of our daily battlegrounds,” said Air Force Gen. Joseph L. Lengyel. “Our adversaries and non-state actors use cyber activity to target personnel, commercial and government infrastructure and the effects can be devastating.”

Lengyel, chief of the National Guard Bureau, talked about the Guard’s cybermissions and capabilities during a media roundtable on Nov. 5 at the Pentagon.

Lengyel said cyberattacks have occurred at both the federal and state levels.

Earlier this year, a number of school districts and agencies in Louisiana and Texas suffered ransomware attacks. Ransomware is a type of malicious software designed to block access to a computer system until a ransom is paid.

With the help of the Guard, schools opened on time and agencies were able to get back to work, Lengyel said.

“[Ransomware] is obviously a new and emerging kind of enterprise. We are able to access superb civilians and skill sets, and they can bring capabilities that the military sometimes does not have,” Lengyel noted.

In Texas, 22 counties were attacked with ransomware during June, disrupting local service, said Army Maj. Gen. Tracy R. Norris of the Texas National Guard.

Norris said Texas’ department of emergency management called the Guard, and officials assessed the attacks with a team of Guard soldiers and airmen.

“It was a joint team that went out to assess [the damage],” she said. “From there, they picked different places to go [in] the counties for the recovery process. We thought it was bad in the beginning, and it couldn’t have been much worse.”

“We already had a team in place and sent them out to assess, and we then aligned the team [based on] what the assessment showed,” Norris said.

Lengyel said the Illinois Guard is forming a cyber task force to assist the state of Illinois, as the need arises.

The Illinois task force will involve Guard soldiers and airmen performing cyber, information technology and other military functions.

Indiana recently started a cyber battalion, and personnel will be trained to military standards for use in a domestic response capacity if they need to be, Lengyel said.

“So, this will be part of the cyber mission force that will be part of the Army mission that, if needed, can be federalized and mobilized to do cyber activity for the U.S. Army or the U.S. Cyber Command,” Lengyel said. “And when they’re not mobilized, we can do our homeland mission.”

Lengyel said many of these Guard members have cyber-related civilian jobs. He said it’s an example of how the varied skill sets of Guard members contribute to national defense.

“They can do things working in national defense they can’t do in their civilian careers,” he said of Guard members.

Other attendees included vice director of domestic operations, National Guard Bureau; National Guard adjutant generals from Washington and Illinois; and the National Guard advisor to the commander of U.S. Cyber Command.

Story by Terri Moon Cronk, Defense.gov

Photos by U.S. Air Force Staff Sgt. Jonathon Alderman, Wyoming Air National Guard and U.S. Army National Guard Staff Sgt. Brendan Stephens, North Carolina National Guard

WASHINGTON — The military is doing a great job recruiting cyber talent into military and civilian service, but retention is more difficult, said the deputy assistant secretary of defense for cyber policy said at the Billington Cybersecurity Summit in Washington.

“We have people lined up out the door that are ready to come onboard and do the mission, whether it’s cyber operations or traditional cybersecurity,” Burke E. “Ed” Wilson said at last week’s event.

Wilson said Congress gave the military some unique authorities that have helped in hiring qualified civilians.

“This has allowed us to hire with more agility based on the talent,” he said. “That’s been a big win, and we’ve seen very good results over the last 18 months.”

But the challenge is retention. “Clearly, we don’t do well on salary in the military, but we’ve been able to handle that with bonuses,” Wilson said, adding that the strategy is working well, except in some niche areas.

John “Jack” Wilmer, the Defense Department’s deputy chief information officer for cybersecurity and chief information security officer, said young people are attracted to the military because it has a “cool mission.” To keep them, the military provides them with some really great training opportunities, he said.

Cyber games, for example, allow them to go toe-to-toe with some of the best cyber warriors from other countries, he said. “We try to incentivize people and connect them with opportunities,” he added.

Army Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, said another way to incentivize the workforce while solving difficult cyber problems is to organize the cyber workforce into teams.

Teams can be made up of people who are experts at electronic warfare, information operations, intelligence, developers, malware analysts and other specialties based on the type of operation they’re engaged in, he said.

The teams can extend outside the U.S. military and include foreign military partners, commercial vendors and academia, Fogarty said.

“We very rarely act without a consortium of partners. I can’t think of a single operation that didn’t include multiple partners,” he said. “Young people reach out to their peers and build their own networks. They’re very successful at building these ad hoc relationships, and they get after the mission.”

By David Vergun, Defense.gov