Return-Path: <sentto-279987-5224-1029941701-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Wed, 21 Aug 2002 08:04:07 -0700 (PDT) Received: (qmail 11682 invoked by uid 510); 21 Aug 2002 15:00:45 -0000 Received: from n28.grp.scd.yahoo.com (66.218.66.84) by all.net with SMTP; 21 Aug 2002 15:00:45 -0000 X-eGroups-Return: sentto-279987-5224-1029941701-fc=all.net@returns.groups.yahoo.com Received: from [66.218.66.98] by n28.grp.scd.yahoo.com with NNFMP; 21 Aug 2002 14:55:01 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_1_0_1); 21 Aug 2002 14:55:01 -0000 Received: (qmail 1187 invoked from network); 21 Aug 2002 14:55:01 -0000 Received: from unknown (66.218.66.216) by m15.grp.scd.yahoo.com with QMQP; 21 Aug 2002 14:55:01 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 21 Aug 2002 14:55:01 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g7LEt2a27859 for iwar@onelist.com; Wed, 21 Aug 2002 07:55:02 -0700 Message-Id: <200208211455.g7LEt2a27859@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Wed, 21 Aug 2002 07:55:02 -0700 (PDT) Subject: [iwar] [fc:U.S..'Red.Teams'.Think.Like.Terrorists.To.Test.Security] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: San Diego Union-Tribune August 20, 2002 U.S. 'Red Teams' Think Like Terrorists To Test Security They probe targets, potential methods By Toby Eckert, Copley News Service WASHINGTON - Since Sept. 11, policy-makers, Pentagon brass and terrorism experts have been trying to anticipate when and where the next strike might occur. Part of their effort involves thinking - and in some cases acting - like a terrorist in an effort to identify security weaknesses and potential targets. The concept, called "red-teaming," has long been used by the military in war-gaming. But it has gained new vogue throughout government and industry since the attacks on the World Trade Center and the Pentagon. Red teams would play a central role under the broad counterterrorism strategy President Bush unveiled last month. Working with intelligence agencies, the proposed new Department of Homeland Security "would have certain employees responsible for viewing the United States from the perspective of terrorists, seeking to discern and predict the methods, means and targets of the terrorists," the strategy says. "Without (the element of surprise), the terrorists stand a good chance of being pre-empted by authorities, and even if they are not, the damage that results from their attacks is likely to be less severe," it adds. Red-team exercises can range from seminars and computer simulations to mock attacks on facilities that are thought t o be likely targets. Experts say the concept has numerous limitations. "These new brands of terrorists have a tendency to think big and look at the system as a whole, go after multiple targets and multiple vulnerabilities. . . . In a country as complex as the U.S., you can't afford to do exercises in every area the enemy might think of," said Gary Anderson, a retired Marine colonel and war-gaming expert now at the Potomac Institute for Policy Studies. But Anderson and other security analysts say that does not diminish the need for wider use of red teams in the post-Sept. 11 world. Some experts say the usefulness of red teaming has been seriously undermined by the refusal of government agencies and businesses to share information about vulnerabilities that are uncovered during exercises, even though they may affect others who use similar systems. The government may classify the results. Businesses are reluctant to discuss security gaps they discover in their systems, fearing it may expose them to liability. "The concern is when there have been red teams, that data has been made available only to the facility that's been red-teamed. Consequently, it's of limited value," said Joseph M. Weiss, an expert in computer-system security at KEMA Consulting. The Bush administration supports exempting such information from public-disclosure laws to encourage businesses to share threat assessments. Congress is debating the issue as it considers legislation to establish the Homeland Security Department. White House officials are providing few details about how they might use red teams, saying the plans are still being developed. Gordon Johndroe, a spokesman for Homeland Security Director Tom Ridge, said the teams would concentrate on "critical infrastructure" like the nation's power grid and transportation system. Red-team exercises that have been carried out at nuclear plants in the past decade are "certainly a good model," he added. The exercises, which were suspended after Sept. 11 and are being reassessed by the Nuclear Regulatory Commission, involved "force on force" drills in which teams assembled by the commission would try to penetrate plant security. "Essentially, they try to get to target sets at the plant, which are a set of systems that, if they're sabotaged, there could be a release of radiation," said Ray Golden, a spokesman for the San Onofre nuclear plant, where the last such exercise was conducted in November 2000. "We don't know what their strength is, what (mock) weapons they carry." Some critics say the drills had limited utility because they were scheduled six to 10 months in advance and largely followed the same script at every plant. Even so, the head of the regulatory commission's program, retired Navy special-operations Capt. David Orrik, told a congressional panel last spring that the exercises exposed serious security weaknesses at nearly half the nuclear plants tested and led to improvements. In 37 of the 81 exercises conducted since 1991, teams were able to successfully simulate sabotaging a target set, he said. "The happy side of this coin is . . . as (the) NRC identified weaknesses, the utilities corrected them. . . . That is reflected in a major improvement in the industry's armed response or counterterrorism capability since 1991," Orrik said in prepared testimony. Other red-team exercises have revealed major vulnerabilities in government and private-sector computer systems. Officials are increasingly concerned that sophisticated terrorists could hack into the systems and sabotage power grids, shut down emergency communications or release torrents of water from dams. When red teams from the General Accounting Office, Congress' investigative arm, tried to penetrate the computer networks of numerous federal agencies, "every single one demonstrated pervasive weaknesses," said House Commerce Committee Chairman Billy Tauzin, R-La. "We think this (red-teaming) ought to be a high priority of the new Department" of Homeland Security, he said. Few experts consider red-teaming a foolproof predictor of terrorist actions. For example, it is extremely difficult to detect all of the vulnerabilities in sprawling, increasingly interconnected computer systems, especially older ones, said Alan Paller, director of research for the SANS Institute, which trains computer security experts. "When you find something, you write up a report about that," Paller said. "In general, only that problem is fixed. An attacker will probe for multiple vulnerabilities." Another major limitation is cultural. "At the end of the day, they're still Americans" who are conducting the exercises, said Pete Baxter, director of Jane's Global Consultancy Operations, a private company that does red-teaming for government and business clients. "Despite their best efforts, there's always going to be some things that are tainted or influenced by the fact that they are not the actual opposing team." Still, Baxter and other experts say red-teaming can provide crucial insights into the possible means and methods of attackers. "We are not the terrorists," Baxter said. "Does that mean we can't work harder to understand how they think and act? No." ------------------------ Yahoo! Groups Sponsor ---------------------~--> 4 DVDs Free +s&p Join Now http://us.click.yahoo.com/pt6YBB/NXiEAA/mG3HAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:32 PDT