Las Vegas Sun

December 22, 2014

Currently: 47° — Complete forecast | Log in | Create an account

Technology:

Teaching the shadowy art of cyber war

Nellis AFB school aimed at taking the high ground on cyber battlefields

Image

Leila Navidi

The USAF Weapons School at Nellis Air Force Base northeast of Las Vegas on Tuesday, June 26, 2012.

Click to enlarge photo

Lt. Colonel "Steve" (who did not want his full name used) is the director of operations for the Cyber Weapons Instructor Course at the USAF Weapons School at Nellis Air Force Base. He was photographed at Nellis northeast of Las Vegas on Tuesday, June 26, 2012.

Flying above the clouds in hostile territory, a U.S. Air Force F-15E fighter pilot checks his computer to make sure he’s on course, trying to steer clear of a no-fly zone.

But can he trust the information that comes up on his screen? Can he complete his mission without creating an international incident? Could a cyber terrorist network have hacked his data?

“How do you know you’re clean? You don’t. That’s a continual problem that no one has solved,” says the man in the shadows at Nellis Air Force Base, outside of Las Vegas.

As a jet engine roars from a nearby field, the man — who wants to be identified only as Steve because of the sensitivity of his work — ponders the hypothetical situation he has just described.

It’s a scenario the quiet lieutenant colonel has been dealing with for the last few months: the world of cyber warfare.

“All you can do is protect yourself in the best way possible and continue to be vigilant to any indicators of adversarial activity,” Steve said.

His eyes turn across the room to a colorful 3-D topographical wall map depicting the mountainous terrain and bleak desert landscape of the Nevada Test and Training Range.

Since 1949, military fighter pilots have been coming to the range to pass on the real-life lessons learned in past wars, including an upcoming Red Flag exercise this month in the 5,000 square miles of airspace.

But Steve operates on a different test range — one in the limitless virtual world of computer networks and communications systems.

He’s the new director of operations of the Air Force’s first Cyber Weapons Instructor Course.

Eight students recently graduated from the course after spending 10- to 12-hour days for six months going through a rigorous curriculum. The school’s goal? To create leaders who can tackle problems as they arise with computer hackers.

Their coursework prepares them to teach others to recognize and learn how to deal with the possibility of a cyber attack. Graduates will become instructors and advisers to military leaders.

"We want our graduates to transform and inspire our nation's combat power, to bring the cyber piece to operational planning, but also to help build the cyber force to recognize that they are part of the overall picture and a capability we are providing to the combatant commander," Lt. Col. Bob Reeves, the commander of the 328th Weapons Squadron at Nellis, said in a prepared statement.

The Air Force has been charged with protecting its own communications networks in the virtual domain, which is the mission that drives the Cyber Weapons Instructor Course, Steve said.

“Our adversaries will be using this domain to come after us,” Steve said, “and we want to maintain the ability to protect against them.”

The instructors in his program will go on to work with the Department of Defense’s Cyber Command, which also draws forces from the Army, Navy and Marines, Steve said.

Click to enlarge photo

An F-16 Fighting Falcon Aggressor flies over the Nevada Test and Training Range Oct. 19, 2009.

So far, the military hasn’t seen any serious outside threat that has actually broken into the Air Force's operations. But it could happen, he said.

“Right now, it’s entirely plausible for someone to use computer networks as a means to collect intelligence, and that’s what we see on a daily basis as the biggest threat we’re responding to today,” he said. “We’re preventing people from collecting that intelligence.”

Threats come from individual hackers or from cyber guerrillas hired by countries hostile to U.S. interests, he said.

There are also "hacktivist" groups, such as the loose-knit "Anonymous" collective. Last year, Forbes reported Anonymous was seeking to disrupt communications at the Quantico, Va., base where Pfc. Bradley Manning was incarcerated on charges he had given documents to WikiLeaks.

Steve said the National Security Agency is charged with warning when it sees cyber intrusions.

The Department of Homeland Security is probably the most likely target of any cyber attack, he said. Other likely targets are the military branches, energy companies, cable companies or the banking system, he said.

Are home computers susceptible to hackers?

“It’s unlikely they would find a normal individual a high enough payoff to go through the effort of impacting them,” Steve said. “But could they? Yes.”

Before coming to the Cyber Weapons Instructor Course at Nellis, students go through three months of Undergraduate Cyber Training at Keesler Air Force Base, Miss., and two months of Intermediate Network Warfare Training at Hurlburt Field, Fla.

Most of the original eight students came from the 67th Network Warfare Wing and 688th Information Operations Wing at Lackland Air Force Base in San Antonio, Texas.

The main goal of the program is to help them recognize if a problem has occurred, figure out what went wrong and go about fixing it, Steve said.

“It’s a problem-solving mindset,” he said.

As part of Nellis' Warfare Center, aircraft use the Nevada Test and Training Range to simulate warfare scenarios.

“We have a virtual world out there on the computer side that’s the counterpart to that,” Steve said.

They use an "aggressor squadron" that attacks from both the aircraft side of the training and from the information side, he said.

“They do what they can to emulate what a bad guy would do, or a thinking adversary," Steve said. "So they challenge our students with a different problem set every time. We take some liberties with what the adversary’s capabilities are to change the scenarios for the students."

Real-world scenarios are put together for students, he said.

“We pick a region of the world where there would be increasing tensions and an adversary who doesn’t want U.S. involvement in that area — typically where a no-fly zone would be put in place," he said. "And then we play out the computer side of that war in the virtual space and challenge our students with what they could expect to see from an adversary in that area.”

For example, an adversary might be attempting to gain access to the Air Force’s systems or steal intelligence on its operations prior to their launch and possibly send corrupt data to confuse an operation.

Steve said the graduates of his program work with Cyber Command to consider and develop all options, defensive or offensive.

The Washington Post and other news sources have reported the United States and Israel developed the Flame computer virus to slow Iranian nuclear efforts. Israel has also admitted it is involved in offensive cyber warfare operations.

Steve, however, would not give specifics about offensive measures and mostly talked about the defensive systems he teaches.

To protect an F-15, for example, it’s necessary to identify all the dependencies the aircraft might have in the cyber world before it goes out on a mission. The preparation for the flight, the course it will take and where it will need to stop to refuel are some areas that could be planned on a computer network.

The key is to be wary of anything that looks suspicious, he said.

“If an F-15 is flying a sortie off of bad data, they could be in the wrong place or they could miss a refueling point," Steve said. "Students learn to identify the abnormal."

Join the Discussion:

Check this out for a full explanation of our conversion to the LiveFyre commenting system and instructions on how to sign up for an account.

Full comments policy

Previous Discussion: comments so far…

Comments are moderated by Las Vegas Sun editors. Our goal is not to limit the discussion, but rather to elevate it. Comments should be relevant and contain no abusive language. Comments that are off-topic, vulgar, profane or include personal attacks will be removed. Full comments policy. Additionally, we now display comments from trusted commenters by default. Those wishing to become a trusted commenter need to verify their identity or sign in with Facebook Connect to tie their Facebook account to their Las Vegas Sun account. For more on this change, read our story about how it works and why we did it.

Only trusted comments are displayed on this page. Untrusted comments have expired from this story.

No trusted comments have been posted.