[iwar] [fc:Preparing.to.Protect.The.Digital.Force]

From: Fred Cohen (fc@all.net)
Date: 2001-11-12 19:15:34
Next message: Fred Cohen: "[iwar] [fc:DISA:.One.Plan,.140.Actions,.500.Days.to.Execute]"
Previous message: Fred Cohen: "[iwar] [fc:Chilling.Effects.of.Anti-Terrorism]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200111130315.fAD3FY925297@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Mon, 12 Nov 2001 19:15:34 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Preparing.to.Protect.The.Digital.Force]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 8bit

November 2001

ŠSIGNAL Magazine 2001

Preparing to Protect The Digital Force

Front line of computer network defense begins with extensive training.

By Maryann Lawlor

The U.S. Army is pushing to ensure that the people in charge of the latest
tools in warfare are up to date in defending its information and computer
networks. Personnel who are key to the service's transformation and its move
to digitizing the force are being trained to install, configure, operate and
maintain the latest communications systems and are learning to identify
evolving threats to these systems.

An initiative is underway to revamp the way the Army trains its
communications personnel. The Signal Regiment at Fort Gordon, Georgia,
recently announced plans to change its approach from one that provides an
overview of a multitude of systems to one that is more assignment-oriented
and subsequently facilitates lifelong learning (SIGNAL, October, page 47).
One essential element of this continuous education is a practice that
already is established at Fort Gordon's School of Information Technology
(SIT). It involves drawing on instructor and student expertise as well as
industry paradigms.

Col. Bernard E. Kulifay Jr., USA, director of the school, relates that the
military is a reflection of a society that, as a whole, has become
network-centric. One consequence of this phenomenon, however, is an
increasing need for information assurance and protection. "You can imagine
that people who are very, very savvy can get access to information that
really needs to be protected. This need has grown exponentially over the
last decade. As we've learned how to use information technology, hand in
hand with that comes the requirement to secure that information. The more
computers we add to a network, the more vulnerabilities that are created,"
Col. Kulifay offers.

The school not only keeps students abreast of the latest threats to
information systems and how to defend against them but also provides
students with prompt updates on U.S. Defense Department directives and
policies.

SIT will contribute to the university-learning approach being introduced
this fall, the colonel relates. The concept includes developing a resource
center of information that soldiers can draw on when they need to prepare to
move to another unit, review lessons they may have learned years before or
become familiar with new technologies, procedures and policies.

"SIT will provide distance learning and programs of instruction or curricula
that other institutions would download and then teach on site. Everyone
would contribute, not just SIT. This is a revolution in education that is
happening across the country. Many things that we do are reflections of
business practices," Col. Kulifay observes.

In his leadership at SIT, the colonel takes a serious look at commercial
training facilities and in a positive manner views them as competitors. "We
have to provide the same quality of instruction [as the private firms]. In
order to do that, we have to have instructors who are prepared," he says.

Excellence in teaching, the colonel maintains, involves two elements. First,
teachers themselves must take classes to obtain certification in systems
such as Microsoft NT. Classroom learning, however, is only one part of
providing outstanding trainers. "Certifications are great, but experience is
also key to keeping up with the pace of change," he adds. To this end, the
school encourages its instructors to stay abreast of current trends by
listening to their students and conducting research on the Internet.

Nowhere is the need to keep up with the pace of change more critical than in
the information assurance realm. The importance of information to the future
Army is its role as a crucial combat enabler, the colonel explains. "We have
to train our people on how to protect the information and detect if someone
is trying to manipulate it or deny availability and then have some way to
react," he says. 

Maj. Mark V. Hoyt, USA, chief, information assurance training at SIT,
explains that the school is addressing the mounting requirement for
information security with courses that are relevant to the amount of
experience a soldier has accumulated.

The information assurance security officers' course is entirely Web-based
and aimed at system administrators or network managers with fewer than three
years of experience. It includes information about the rules, regulations
and accreditation of information technology systems, and general security
policies. 

Students can complete the course in 20 to 40 hours. Once they pass the final
examination, which also is taken online, they receive a certificate. More
than 6,000 personnel have completed this course since its inception in 1999.

For information technology professionals with more experience, the school
offers its system administrator/network manager security (SA/NMS) course.

The 10-day SA/NMS lesson is integrated into several other classes taught at
SIT, including the basic noncommissioned officer course, the advanced
noncommissioned officer course, the warrant officer basic and advanced
courses, the information systems management course, and the functional
course offered for civilian government personnel, soldiers and contractors.
Approximately 1,000 people are trained in these courses in about 60 classes
each year. 

Maj. Hoyt explains that the SA/NMS curriculum originated at Fort Gordon in
1998; however, an increase in the number of system administrators and
network managers who needed information assurance training prompted the
director of information systems for command, control, communications and
computers (DISC4) to fund and field several mirror sites.

"All mirror sites had to pass a certification process by first having their
instructors come to Fort Gordon for four weeks to take and teach the course
while being monitored by another certified instructor. Then they had to
build their computer laboratory to the Fort Gordon standard and pass an
on-site inspection by SIT's chief of information assurance training from
Fort Gordon," Maj. Hoyt relates. The mirror sites are required to teach the
same material that is taught at Fort Gordon, he adds. Today, the SA/NMS
course is offered at 10 locations worldwide, including Korea and Hawaii.

The major adds that during the class students take part in hands-on
training. After some instruction, they are assigned to computers and must
secure the system by using the techniques they have learned in class. This
is an effective teaching tool, Maj. Hoyt notes, because they can make
mistakes in the classroom without crashing a system that is part of ongoing
operations.

As a result of the training, students better understand and have practical
experience on firewalls, router access, control lists, intrusion detection
systems, cryptography, legal issues, and proper Army reporting procedures
and incident handling, the major says. Because the course is only two weeks
in duration, Maj. Hoyt explains it is difficult to cover all of the
necessary material. To address this challenge, students receive two security
checklists for Windows NT and UNIX systems and a compact disc that includes
additional resources about regulations, security checklists and classroom
material.

To keep the class material current, the courses are updated or changed
quarterly with revisions based on security incidents, student feedback and
instructor involvement. "Instructors are very active in going out on the Web
and finding out about the threats that are out there," the major explains.

While hacker methods are shared with the students, trainees are not taught
how to break into a system. Maj. Hoyt points out that individual hackers may
use only about 10 different methods to break into a system, but system
administrators and network managers must be aware of as many of the
techniques as possible.

Since its inception, more than 4,000 personnel have been trained in the
SA/NMS course. "According to several people in [the Office of] the DISC4,
this course has had a major impact on aiding in the computer network defense
of Army networks and information systems," Maj. Hoyt relates.

The importance of information security continues to grow as data becomes a
more valuable tool on the battlefield, the major maintains. "The primary two
issues [in the tactical realm] are preventing unauthorized access to our
systems and preventing denial of service attacks against our systems while
allowing for fast and reliable data communication. The Army needs to have
confidential information flow--encrypted--that is readily available to give
Army commanders on the ground all available information in a timely manner.
This allows commanders to make sound decisions and win engagements," he
states.

While the major contends that there are literally hundreds of information
security problems today, some of the key issues are information technology
security policies that are insufficient and not enforced, poor patching of
operating systems, inadequate physical security of computer systems, poor
passwords and a lack of encryption mechanisms.

The use of encryption to keep data confidential will likely increase in the
future, Maj. Hoyt opines. "Eventually everyone in the Army will encrypt most
if not all information transferred over the Army's networks," he states. The
service also may begin to replace passwords with biometric technology and
may further isolate its networks from the Internet to secure its systems, he
adds.

As information sharing moves down to the individual soldier level through
the use of wireless devices, one of the largest threats to information
sharing becomes denial of service attacks, Maj. Hoyt observes. "Information
is protected with encryption that is very hard to break, so the biggest
problem is jamming. On a dispersed battlefield, if you can't reach someone,
you can't command them," the major states. Although security is a large
problem in a battlespace environment, bandwidth is a bigger challenge, he
observes.

The major describes two other substantial threats to information assurance:
insiders who already have access to information technology systems and
intruders who have access to adequate resources. The best way to counter
insider attacks is through encryption, he says.

Although available software helps system administrators monitor the
networks, a need exists for programs that can better analyze the data.
Developing software that can sift through the information more efficiently
and automatically would support the protection of information by allowing
system administrators to focus on and react to threats, Maj. Hoyt relates.

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:DISA:.One.Plan,.140.Actions,.500.Days.to.Execute]"
Previous message: Fred Cohen: "[iwar] [fc:Chilling.Effects.of.Anti-Terrorism]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST