NSA Cyber-WarGames Showcases NSA Takedown Potential

By PatB
Contributing Writer, [GAS]

The NSA just finished a series of cyber-warfare gaming with itself as the attackers.  The defenders?  The military academies, including the Naval Academy in Annapolis, the Air Force Academy in Colorado, and the US Military Academy in West Point.  For the second year in a row, the Army came in first place in the exercise.

But what is more interesting than the winner is the information this article from Wired here reveals about the NSA, including the facts that they have the legal authority to disable any US network, and can classify attack codes based on skill level of an adversary.

From Wired:

For four days in late April, the National Security Agency — the nation’s most secretive repository of spooks, snoops and electronic eavesdroppers — directed coordinated assaults on custom-built networks at seven of the nation’s military academies, including West Point, the Army university 50 miles north of New York City.

It was all part of the seventh annual Cyber Defense Exercise, a training event for future military IT specialists. The exercise offered a rare window into the NSA’s toolkit for infiltrating, corrupting or destroying computer networks.

For the second year in a row, the Army placed first over the Navy, Air Force, Coast Guard and others, winning geek bragging rights and the privilege of holding onto a gaudy, 60-pound brass trophy festooned with bald eagles and American flags. Adams credits the team’s thorough preparation and their excellent teamwork despite the round-the-clock schedule.

Even with a solid network design and passable software choices, there was an element of intuitiveness required to defend against the NSA, especially once it became clear the agency was using minor, and perhaps somewhat obvious, attacks to screen for sneakier, more serious ones.

Legal limitations were a surprising obstacle to a realistic exercise. Ideally, the teams would be allowed to attack other schools’ networks while also defending their own. But only the NSA, with its arsenal of waivers, loopholes, special authorizations (and heaven knows what else) is allowed to take down a U.S. network.

And despite the relative sophistication of the NSA’s assaults, the agency told Wired.com that it had tailored its attacks to be just “a little too hard for the strongest undergraduate team to deal with, so that we could distinguish the strongest teams from the weaker ones.”

In other words, grasshopper, nice work — but the NSA is capable of much craftier network take-downs.

When it comes to Cyber-Warfare, I’m happy to have the NSA on our side.