U.S. Navy Amps Up Cybersecurity Awareness with Hands-on Simulations

PANAMA CITY, FL, UNITED STATES

08.01.2016

Story by Katherine Mapp 

Naval Surface Warfare Center Panama City Division

✔ ✗ Subscribe

6

PANAMA CITY, Florida — Naval Surface Warfare Center Panama City Division (NSWC PCD) and Gulf Coast State College joined together to collaborate on the Capture the Flag (CTF) Cybersecurity event July 15, 2016.

According to Daniel Jermyn and Trevor Phillips, Naval Research Enterprise Internship Program (NREIP) interns and CTF developers and co-hosts, the event allows teams of participants to use common hacking tools to break security practices, such as cracking passwords and retrieving information maliciously. By teaching the participants how easily this can be done, it gives them a greater appreciation for information assurance (IA) practices and methods.

NSWC PCD Cybersecurity Architect Kate Maglio said the event makes the participants more likely to employ best security practices.

“This event gives participants an idea of how to secure their own networks while learning how hackers are able to get into their systems and how to keep them out,” said Maglio.

Matthew Chastain, NSWC PCD senior software engineer, believes the event is an eye-opener to participants looking to protect their systems.

“The CTF event shows how important it is to secure your system,” said Chastain. “There are always hackers probing to see what systems and networks are unsecure and vulnerable.”

The initiative to hold their own CTF event began with inspiration from past CTF events hosted by Naval Undersea Warfare Center (NUWC) Newport. Their events were focused on providing participants the opportunity to learn about the cyber-attack cycle and tools and to put that knowledge into practice by “hacking” into unmanned vehicles.

Here, Jermyn and Phillips developed the scenario, built the files, developed the threads the “hackers” needed to follow and implemented these with the hacking tools in an off-line network. After a test run with experienced cybersecurity personnel, the event was scheduled with four teams competing to “capture the flag” first.

Maglio says one of the main reasons for wanting to bring about this cyber awareness is to create a culture shift on base.

“Right now, a systems engineer or software developer who develops the systems are separate from the IA teams. Cybersecurity processes can be mapped into every part of the systems engineering lifecycle,” said Maglio. “We are trying to bring awareness to this issue and encourage the IA team and engineers to become more integrated as one and work as a team.”

Maglio and her team said that if they are going to deliver a system to the warfighter, they want to ensure that they’re giving them the safest, functioning system possible. This will keep them safe, secure and protected from enemy forces.

“If you are creating software or a network within the system for an aircraft, you don’t want anyone to be able to get into that interface and disable the weapons system or take down the aircraft,” said NSWC PCD Organic Systems Branch Head Mary Hulgan. “This is an example of what could happen if we don’t ensure the proper requirements are met.”

Chastain said this awareness helps the scientists and engineers who are writing code and developing products to build this IA protection into their products from the very beginning, rather than slap something on at the end.

“Some people think ‘let’s build this system and hammer some IA on the outside to make it secure.’ That is not how this works,” said Chastain. “The IA protection needs to be designed within the system so it is secure from the first code that is written, to the hardware vendor selected, to locking ports on the firewall. The whole system needs to be designed with cybersecurity in mind.”

To conduct this testing, Maglio, Chastain and their team received Naval Innovative Science and Engineering funding to create a cyber lab. A cyber lab is a research and development environment that allows for testing of computer systems for vulnerabilities, research of different attack methods and countermeasures and training for scientists and engineers to become more aware of cybersecurity and the need to keep our Navy systems more protected from cyber-attacks.
Currently, the team is developing requirements for hardware, software and space for a cyber lab on base at NSWC PCD.

“The cyber lab will offer a safe place to test how computer exploits work and to learn how to attack and protect a computer in an effort to keep programs more protected from adversaries, “ said Maglio. “It is an isolated environment that cannot access any other computer system. The tools necessary to learn how to perform penetration testing are not allowed on standard networks due to the potential danger they pose to other systems.”

According to Maglio, the lab will be beneficial to every project at NSWC PCD.

“The lab will allow for an in-house capability to do vulnerability testing, problem solving and training for all projects. This will also benefit every project at NSWC PCD and the customers of the projects,” said Maglio. “Every project is required to go through cybersecurity testing as part of Naval Sea Systems Command’s Initial Operational Test and Evaluation. The cyber lab will give the projects the ability to prepare for this testing and know their security posture prior to this test.”
In the future, the NSWC PCD team hopes to host an event similar to NUWC Newport’s CTF event. The objective of these future events is to train the NSWC PCD workforce about cybersecurity awareness.

Not only was the cyber lab trial beneficial to Navy scientists and engineers, but also to the two NREIP interns who created, organized and co-hosted the event.

“My network experience from gaining a Security+ certification and taking a Cisco course for my degree helped me prepare for this internship,” said Jermyn. “I was able to apply configurations to hardware and perform ‘best practices’ that I learned in courses during the internship to better accomplish some of the networking aspects.”

Phillips learned things that will help him succeed as he completes his undergraduate degree.

“My main focus during the internship was networking and cybersecurity. These were mostly newer concepts to me before beginning my internship.” said Phillips. “I learned a lot this summer and I think these skills will be extremely useful as I complete my last two years at the University of Connecticut (UConn).”

Jermyn and Phillips’ internships have taught them that it is essential to practice cybersecurity safety practices.

“Practicing keeps cybersecurity practices relevant,” said Jermyn. “Anyone can be told to follow a practice, but actually seeing the importance will make the practices stick. Seeing is believing.”

Phillips said cybersecurity becomes more important with today’s technological advances. “The increase in embedded technology and the ‘Internet of things’ is undeniable, making security best practices even more critical. For the U.S. Navy, this is especially true.”

Both Jermyn’s and Phillips’ efforts in planning and executing the CTF event has taught them valuable concepts to use in their future endeavors.

“Hosting this event taught me the importance of preparation and gave me great confidence in my project management skills which will better help me manage my workload obtaining my master’s degree,” said Jermyn. “My biggest takeaway from my internship was the significance of teamwork. I could not have accomplished everything without the help of my mentor, Kate (Maglio), partner Trevor (Phillips), the cybersecurity team at the NUWC Newport base, among many others.”
A point to which Phillips agrees.

“Hosting the event has given me experience for planning and implementing events, including leading groups and teaching new skills,” said Phillips. “My time at NSWC PCD has been amazing. The base is doing research on cutting edge of science and technology that looks like it is straight out of an Avengers movie! The best part has been meeting so many incredible people who share in a collaborative work culture.”

The completion of the CTF event fulfills Jermyn’s capstone project and graduation requirement from his technology management bachelor’s degree program at Gulf Coast State College (GCSC). After graduation from GCSC, Jermyn will begin his master’s degree in software engineering at the University of West Florida. Phillips plans to take his newfound knowledge and use it in furthering his studies at UConn in his computer science and engineering fields of study.
NSWC PCD: Technical Center of Excellence for Littoral Warfare and Coastal Defense