[iwar] [fc:U.S..'Red.Teams'.Think.Like.Terrorists.To.Test.Security]

From: Fred Cohen (fc@all.net)
Date: 2002-08-21 07:55:02


Return-Path: <sentto-279987-5224-1029941701-fc=all.net@returns.groups.yahoo.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 21 Aug 2002 08:04:07 -0700 (PDT)
Received: (qmail 11682 invoked by uid 510); 21 Aug 2002 15:00:45 -0000
Received: from n28.grp.scd.yahoo.com (66.218.66.84) by all.net with SMTP; 21 Aug 2002 15:00:45 -0000
X-eGroups-Return: sentto-279987-5224-1029941701-fc=all.net@returns.groups.yahoo.com
Received: from [66.218.66.98] by n28.grp.scd.yahoo.com with NNFMP; 21 Aug 2002 14:55:01 -0000
X-Sender: fc@red.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-8_1_0_1); 21 Aug 2002 14:55:01 -0000
Received: (qmail 1187 invoked from network); 21 Aug 2002 14:55:01 -0000
Received: from unknown (66.218.66.216) by m15.grp.scd.yahoo.com with QMQP; 21 Aug 2002 14:55:01 -0000
Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 21 Aug 2002 14:55:01 -0000
Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7LEt2a27859 for iwar@onelist.com; Wed, 21 Aug 2002 07:55:02 -0700
Message-Id: <200208211455.g7LEt2a27859@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL3]
From: Fred Cohen <fc@all.net>
X-Yahoo-Profile: fcallnet
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Wed, 21 Aug 2002 07:55:02 -0700 (PDT)
Subject: [iwar] [fc:U.S..'Red.Teams'.Think.Like.Terrorists.To.Test.Security]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20
X-Spam-Level: 

San Diego Union-Tribune
August 20, 2002
U.S. 'Red Teams' Think Like Terrorists To Test Security
They probe targets, potential methods
By Toby Eckert, Copley News Service
WASHINGTON - Since Sept. 11, policy-makers, Pentagon brass and terrorism
experts have been trying to anticipate when and where the next strike might
occur.
Part of their effort involves thinking - and in some cases acting - like a
terrorist in an effort to identify security weaknesses and potential
targets.
The concept, called "red-teaming," has long been used by the military in
war-gaming. But it has gained new vogue throughout government and industry
since the attacks on the World Trade Center and the Pentagon.
Red teams would play a central role under the broad counterterrorism
strategy President Bush unveiled last month. Working with intelligence
agencies, the proposed new Department of Homeland Security "would have
certain employees responsible for viewing the United States from the
perspective of terrorists, seeking to discern and predict the methods, means
and targets of the terrorists," the strategy says.
"Without (the element of surprise), the terrorists stand a good chance of
being pre-empted by authorities, and even if they are not, the damage that
results from their attacks is likely to be less severe," it adds.
Red-team exercises can range from seminars and computer simulations to mock
attacks on facilities that are thought t o be likely targets.
Experts say the concept has numerous limitations.
"These new brands of terrorists have a tendency to think big and look at the
system as a whole, go after multiple targets and multiple vulnerabilities. .
. . In a country as complex as the U.S., you can't afford to do exercises in
every area the enemy might think of," said Gary Anderson, a retired Marine
colonel and war-gaming expert now at the Potomac Institute for Policy
Studies.
But Anderson and other security analysts say that does not diminish the need
for wider use of red teams in the post-Sept. 11 world.
Some experts say the usefulness of red teaming has been seriously undermined
by the refusal of government agencies and businesses to share information
about vulnerabilities that are uncovered during exercises, even though they
may affect others who use similar systems.
The government may classify the results. Businesses are reluctant to discuss
security gaps they discover in their systems, fearing it may expose them to
liability.
"The concern is when there have been red teams, that data has been made
available only to the facility that's been red-teamed. Consequently, it's of
limited value," said Joseph M. Weiss, an expert in computer-system security
at KEMA Consulting.
The Bush administration supports exempting such information from
public-disclosure laws to encourage businesses to share threat assessments.
Congress is debating the issue as it considers legislation to establish the
Homeland Security Department.
White House officials are providing few details about how they might use red
teams, saying the plans are still being developed. Gordon Johndroe, a
spokesman for Homeland Security Director Tom Ridge, said the teams would
concentrate on "critical infrastructure" like the nation's power grid and
transportation system.
Red-team exercises that have been carried out at nuclear plants in the past
decade are "certainly a good model," he added.
The exercises, which were suspended after Sept. 11 and are being reassessed
by the Nuclear Regulatory Commission, involved "force on force" drills in
which teams assembled by the commission would try to penetrate plant
security.
"Essentially, they try to get to target sets at the plant, which are a set
of systems that, if they're sabotaged, there could be a release of
radiation," said Ray Golden, a spokesman for the San Onofre nuclear plant,
where the last such exercise was conducted in November 2000. "We don't know
what their strength is, what (mock) weapons they carry."
Some critics say the drills had limited utility because they were scheduled
six to 10 months in advance and largely followed the same script at every
plant.
Even so, the head of the regulatory commission's program, retired Navy
special-operations Capt. David Orrik, told a congressional panel last spring
that the exercises exposed serious security weaknesses at nearly half the
nuclear plants tested and led to improvements.
In 37 of the 81 exercises conducted since 1991, teams were able to
successfully simulate sabotaging a target set, he said.
"The happy side of this coin is . . . as (the) NRC identified weaknesses,
the utilities corrected them. . . . That is reflected in a major improvement
in the industry's armed response or counterterrorism capability since 1991,"
Orrik said in prepared testimony.
Other red-team exercises have revealed major vulnerabilities in government
and private-sector computer systems. Officials are increasingly concerned
that sophisticated terrorists could hack into the systems and sabotage power
grids, shut down emergency communications or release torrents of water from
dams.
When red teams from the General Accounting Office, Congress' investigative
arm, tried to penetrate the computer networks of numerous federal agencies,
"every single one demonstrated pervasive weaknesses," said House Commerce
Committee Chairman Billy Tauzin, R-La.
"We think this (red-teaming) ought to be a high priority of the new
Department" of Homeland Security, he said.
Few experts consider red-teaming a foolproof predictor of terrorist actions.
For example, it is extremely difficult to detect all of the vulnerabilities
in sprawling, increasingly interconnected computer systems, especially older
ones, said Alan Paller, director of research for the SANS Institute, which
trains computer security experts.
"When you find something, you write up a report about that," Paller said.
"In general, only that problem is fixed. An attacker will probe for multiple
vulnerabilities."
Another major limitation is cultural.
"At the end of the day, they're still Americans" who are conducting the
exercises, said Pete Baxter, director of Jane's Global Consultancy
Operations, a private company that does red-teaming for government and
business clients. "Despite their best efforts, there's always going to be
some things that are tainted or influenced by the fact that they are not the
actual opposing team."
Still, Baxter and other experts say red-teaming can provide crucial insights
into the possible means and methods of attackers.
"We are not the terrorists," Baxter said. "Does that mean we can't work
harder to understand how they think and act? No." 

------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/mG3HAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT