Comm team prepares Kadena for cyber war
by Senior Airman Nestor Cruz
18th Wing Public Affairs
12/26/2007 - KADENA AIR FORCE BASE, Japan (AFPN) -- "Intruders" from cyberspace are trying to hack into the Kadena Air Base network and steal information from unsuspecting e-mail users.
The intruders are not hackers, though they pretend to be to gain access to information they would need if they wanted to cripple the mission here.
Fortunately, they are not a real threat but a group of Airmen from the 18th Communications Squadron's "Blue Team" charged with strengthening Kadena's network through training, testing and assessing users.
"(Lt. Col. Clayton Perce, 18th CS commander) recognized we had people in our squadron with the unique talent of understanding the mindset of hackers," said Lt. Col. Alonna Barnhart, 18th CS Blue Team officer-in-charge. "We act as 'blue team aggressors' against Kadena's network users, helping people recognize the threat, train for the threat and retrain as necessary."
One of the biggest threats to the local network is an e-mail scam known as phishing. Phishing is an attempt to acquire sensitive information by fraudulent means such as e-mail designed to look like a bank or other trustworthy company. Sensitive information sought by hackers includes usernames, passwords and credit card numbers.
"E-mail is the most accessible feature an enemy can use to exploit us," said Staff Sgt. Damon Cook, 18th CS NCO-in-charge of information protection operations. "Many people still fall prey to these e-mail scams designed to grab information from users. We would rather catch victims first, using the same techniques as the enemy, so we can ensure people are trained properly."
Blue Team members recommend checking for digital signatures if an e-mail seems questionable.
"With unsigned e-mail, you really can't tell where it's coming from," said Staff Sgt. Andrew Jones, 18th CS network applications supervisor.
Some may remember a phishing e-mail sent during past local operational readiness exercises. But the team goes beyond preparing Airmen for the next exercise.
"While the 18th CS sent out phishing e-mails only during exercises, we intend to help network users increase their level of readiness all the time," said Colonel Barnhart. "All Kadena network users will be tested."
Local network users include anyone with access to the network, such as Airmen, Soldiers, Sailors, Marines, tenant unit personnel, civilians and local nationals.
"If our users are not properly trained, they will become a threat to the network," the colonel said.
In the months ahead, the Blue Team staff plans to test network users on other network vulnerabilities such as unsecured common access cards and computers left unlocked.
The team, still in its infancy, has already earned strong support from base leadership.
"(Brig. Gen. Brett Williams, 18th Wing commander,) is very supportive of our team and our mission," said Colonel Barnhart. "The commander is very serious about information assurance training and wants us to 'increase the level of pain' somewhat."
The Blue Team received direction from base leaders to disable the accounts of any user who fails a future assessment until retraining is accomplished. Network users have already shown improvement in information assurance, or IA.
"Statistically speaking, the numbers have gone down," said Sergeant Cook. "When we started out, we had thousands of people falling for one of our e-mail tests; nowadays, we're down in the hundreds. Users are definitely getting smarter, which means we have to be sneakier."
The Blue Team recommends network users acquire as much training as they can and educate themselves on current network threats.
"People should be aware of the training issued from the 18th CS," said Colonel Barnhart. "We send out e-mail to all users with recommended training and we try to highlight threats to our users. It's important to review all the available information and go above and beyond the annual IA training."
Although e-mail tests sent out by Blue Team members are intended for training purposes only, they are meant to highlight the fact that hackers pose a real threat to military networks.
"People need to understand that this is a very real threat," Sergeant Cook said. "If we're at war, our networks will be targeted by our enemies."
Network users should contact their unit client support administrator with questions about phishing scams or other IA issues.
Join the GlobalSecurity.org mailing list