Cyberdefense is key to annual Europe exercise
Stars and Stripes
GRAFENWÖHR, Germany — Build the network, and they will come: phishing scams, unauthorized devices and malware capable of disabling user functions or stealing information.
All are threats to any network, but especially those used by militaries.
And so the concepts of network security and cyberdefense loomed more than ever over Combined Endeavor, European Command’s annual multinational network-building exercise that ended here Thursday. Now in its 18th year, the exercise maintains the same theme every year — interoperability among NATO members and partner nations — while accounting for the growth in threats.
In 2010, EUCOM launched Cyber Endeavor, a parallel forum at the exercise that allows collective work on cybersecurity issues. A “Cyber Inject” team now introduces scenarios, from phishing to outside network scans, into the exercise.
“Last year all the (signals commanders) came, and that was the most talked about topic, was cyberdefense, Cyber Endeavor — ‘I want to do that,’ ” said Air Force Lt. Col. Brian J. Heberlie, exercise director. “And it’s the same thing this year. It’s a recognition. Everybody understands how important it is, and for us, we can’t feed it fast enough to answer all the questions.”
More than 1,100 signals professionals from 40 nations and all U.S. services gathered for the 13-day exercise, which operates under a fictitious civil emergency — this year an earthquake — and demands that five multinational networks representing separate geographic commands keep in contact with one another during the humanitarian response.
Other testing also happens, from the U.S. Navy’s joint project with Finland in sharing maritime data, to various European Union battlegroups working together.
During the course of the exercise, participants built the overall network, then tested it for functional gaps. A third phase involved running it through scenarios, including the cyberinjects.
Roger Nelan, technical director for the exercise, said the goal was to foster a collective cyberdefense.
“We’re only as strong, as capable, as the weakest link,” he said. “Yeah, it’s a large network. I don’t know if I’d characterize it as a clunky network, but it is a large network with many opportunities for vulnerabilities.”
Some of those are operator mistakes, such as the placement of unsecure devices — or access to the Internet — on what is supposed to be a sensitive, closed network. Other problems come from the outside, including penetrative port scans designed to find openings or flaws in a network.
“I think any network is vulnerable,” Heberlie said. “And for us, because this is a training environment, when they do those injects, we get to watch and see … all right, we’re trying to hit these boundary defenses that he has engineered, and let’s see what the nations do. Let’s see who notices, and let’s see if not only do they notice, but who did they report it to?”
The Combined Endeavor network is framed around nonclassified data written for the exercise, organizers say. Its nearest relative in reality might be the Afghanistan Mission Network, which was completed in 2010 to give coalition members in the country a standard picture of operations.
Beyond defending coalition networks, future exercises such as Combined Endeavor will focus on the ability of coalitions to establish combat mission networks like the AMN faster. Next year’s exercise will consider protocols for the Future Mission Network, a kind of template for setting up coalition networks rapidly, Nelan said.