A technician hurriedly slings his backpack over his shoulders, straps on his M9 pistol, and bolts out of the transport with his squad of commandos in a hail of gunfire. As soon as his team reaches the compound, he whips out a laptop and starts deploying a rootkit to the target server, bullets whizzing overhead all the while.
This might sound like the action movie of a hacker’s dreams, but The Army Cyber Institute at West Point is training its recruits to do just that. At Chicago’sThotcon hacker conference last week, attendees got a glimpse of what its elite units might look like.
During their talk, the institute’s Major Natalie Vanatta and Captain Erick Waage mused on dramatic changes ahead. Conventional warfare soon may be shaped by computer networks, and the race to perfect techniques to infiltrate them has touched off an ambitious effort to bring experts in the public and private sectors together.
Understanding Human Foibles
The Army sees recruiting and soliciting expertise from the private sector as the optimal approach to reaching the necessary level of technological familiarity, Vanatta and Waage emphasized during their talk.
Though it’s not uncommon for specialists in information security to leave the government for lucrative work in the private sector, government-based think tanks like The Army Cyber Institute can offer the more theoretical work that penetration testing often doesn’t afford, they pointed out.
As in warfare before computers, human nature can be depended upon for quirks and judgment lapses, Vanatta said, when asked what line of attack might be successful in compromising enemy networks.
Like their civilian peers, soldiers are accustomed to modern interconnected life and the social networks and services that enable it, Chapman told LinuxInsider, and they often don’t realize immediately how their unconscious habits can jeopardize operational security.
To illustrate, he related a story from his time as an instructor with The Army Cyber Institute, when he chastised trainees for taking photos of simulated operating areas, because the GPS details contained in the metadata easily could compromise a real mission.
“It’s a two-way street,” Waage told LinuxInsider. “Future potential adversaries have the same kinds of problems — at least those that have more open, connected societies.”
All Hands on Deck
Highly specialized missions stand little chance of success unless they are systematized with rigorous training, and The Army Cyber Institute is conducting some of the most cutting-edge network infiltration training operations in the U.S. military.
In their 25-minute Thotcon presentation, Vanatta and Waage described some of the exercises that take place on a 1,000-square-mile patch of the Mojave desert. Units composed of traditional and digital warriors practice raiding enemy outposts — manned by other recruits — and precisely deploying the kind of penetration exploits that may become commonplace in an ever-more-networked world.
Vanatta, Waage and other Army Cyber Institute researchers are in charge of designing the simulations they detailed to attendees. However, most of the institution’s effort is dedicated to monitoring and predicting technological trends, to ensure that the Army’s training and the country’s defenses keep pace.
Their talk, “Unleashing the Dogs of [Cyber] War” was, in part, an invitation for members of the information security community in the audience to step up and contribute their expertise. They were asked to offer their conjectures to help shape the way the U.S. military maintains its edge against opponents dependent on networked infrastructure.
With major information security players like Trustwave, Cylance and others based in Chicago, where Thotcon took place, the event offered an ideal opportunity for Vanatta and Waage to put out the call.
Over the course of their presentation, they gave conference-goers a look at how their elite frontline hacking units operate — but they stressed the need to heighten familiarity with network penetration techniques across all units and branches of the armed forces.
“A lot of it is us trying to figure out how, in a training environment, we can show [soldiers] the effect that … the digital domain can have on tactical operations,” Vanatta told LinuxInsider in an interview following the session. Also present at the interview were Waage and their colleague, Brent Chapman, cyber operations officer at the Defense Innovation Unit Experimental, or DIUx.
Harm Reduction Goals
To raise awareness of the impact of connected devices on warfare, the Army think tank is working to instill operation-conscious digital habits, while teaching soldiers to exploit their foes’ awareness deficiencies.
The approach is different with intelligence agencies, which are tasked with acquiring information on political adversaries to inform policy making, and which have been known to spark controversy by veering into monitoring of ordinary citizens, Vanatta said. Units furnished with Army Cyber Institute training focus exclusively on neutralizing enemy military capabilities in hot war, using publicly known techniques.
“Most of our research at the Army Cyber Institute is focused on the unclassified side,” Vanatta remarked, adding that this focus is what allows the group to collaborate seamlessly with academia and industry professionals to hone the effectiveness of their training techniques.
The Army Cyber Institute is keenly aware of the potential hazards a unit designed for network penetration poses to civilian infrastructures in theaters of war, she continued. As a research body, the institute does not conduct operations. However, it does guide the procedures of units that do — and to that end, the team evaluates the civilian impact on conducting military network intrusion operations.
As there have been few open inter-state conflicts that involve network attacks, it is hard to assess how successful defensive units might be at minimizing harm to vital civilian infrastructures, but the team is mindful of those concerns.
The team includes lawyers and academics, such as sociologists and historians, in order to get a full picture of the impact of network attacks on the military and society, said Vanatta, and to propose policy changes designed to mitigate potential harm.
A seamless integration of network attacks into warfare still may be quite a way off, but The Army Cyber Institute is hard at work ensuring that both the U.S. military and the public are ready when that day comes.