Sandia's Red Teams: On the Hunt for Security Holes

By Chris Preimesberger  |  Posted 2006-09-03 Print this article Print

Sandia National Laboratories' Red Teams are in a race to plug security holes in the U.S. infrastructure to thwart a potential terrorist cyber-attack.

ALBUQUERQUE, N.M.-Is it possible for a cyber-terrorist to hack into a city's water distribution system and poison thousands? Or disrupt air traffic communications to cause two airplanes to collide? Or create a surge in the power grid that would leave millions of people in the dark?

These are the types of questions pondered by the so-called Red Teams, based at Sandia National Laboratories here.

On the fifth anniversary of the Sept. 11 terrorist attacks on New York and Washington, these scenarios are front and center for Sandia, the Department of Homeland Security and law enforcement agencies across the United States.

The Red Team's job is to anticipate cyber-terrorism, create contingency plans that assume the worst and ultimately thwart a pending attack by plugging existing holes.

Michael Skroch, leader of the Red Teams, said utilities and government agencies are increasingly at risk as they replace custom IT systems created in the 1950s and 1960s with less expensive, off-the-shelf Windows and Unix systems that, incidentally, are easier marks for hackers. The older systems were secure because they weren't well known and had limited contact with other systems.

Thus, "It's clear that the threat and risk level has never been higher for cyber-security," Skroch said.

Sandia is owned by the Department of Energy, is run by Lockheed Martin and is located at Kirtland Air Force Base. Formed in 1945, Sandia's overall mission is "to enhance the security, prosperity and well-being of the nation."

The Red Teams are part of Sandia's Information Operations Red Team & Assessments group. Each one comprises a small group (three to eight people) of computer and systems experts who are the IT equivalent of the Navy SEALs special-operations outfit.

Click here to read about how government agencies have failed IT security tests.

The Red Teams provide independent assessments of information, communication and critical infrastructure to identify vulnerabilities, improve system design and help decision makers increase system security.

Although often viewed as a singular entity, the IORTA group breaks into several smaller groups to tackle individual Red Team projects.

In layman's terms, Sandia's Red Teams are hired by countries and companies to anticipate and stop cyber-terrorism and other security breaches before they happen.

The teams, which focus on the potential for attacks from adversaries, apply a wide spectrum of methodologies, tools, research and training to help achieve the customers security goals.

The Information Design Assurance Red Team is part of the IORTA program, which was begun in 1996.

Blind to cyber-threats?

To critics, groups like Sandia's Red Teams are pivotal because, they say, the United States is asleep to the threat of cyber-terrorism, just as it was to the Japanese threat in the months and years leading up to the attack on Pearl Harbor in 1941.

Evan Kohlmann is one of the more vocal critics. Kohlmann, a terrorism researcher at the University of Pennsylvania, is the author of "Al-Qaida's Jihad in Europe: The Afghan-Bosnian Network," and he runs the Web site.

"The United States is gradually losing the online war against terrorists," Kohlmann wrote in an article titled "The Real Online Terrorist Threat" in the current issue of Foreign Affairs magazine.

"Rather than aggressively pursuing its enemies, the U.S. government has adopted a largely defensive strategy, the centerpiece of which is an electronic Maginot Line that supposedly protects critical infrastructure (for example, the computer systems run by agencies such as the Department of Defense and the Federal Aviation Administration) against online attacks," he wrote.

"The U.S. government is mishandling the growing threat because it misunderstands terrorists."

Meanwhile, the DHS has also struggled with cyber-security. It hasn't had a cyber-czar for a year and has been panned by Congress for its internal computer security practices.

Next Page: Finding IT's Achilles Heels.

Chris Preimesberger Chris Preimesberger was named Editor-in-Chief of Features & Analysis at eWEEK in November 2011. Previously he served eWEEK as Senior Writer, covering a range of IT sectors that include data center systems, cloud computing, storage, virtualization, green IT, e-discovery and IT governance. His blog, Storage Station, is considered a go-to information source. Chris won a national Folio Award for magazine writing in November 2011 for a cover story on and CEO-founder Marc Benioff, and he has served as a judge for the SIIA Codie Awards since 2005. In previous IT journalism, Chris was a founding editor of both IT Manager's Journal and and was managing editor of Software Development magazine. His diverse resume also includes: sportswriter for the Los Angeles Daily News, covering NCAA and NBA basketball, television critic for the Palo Alto Times Tribune, and Sports Information Director at Stanford University. He has served as a correspondent for The Associated Press, covering Stanford and NCAA tournament basketball, since 1983. He has covered a number of major events, including the 1984 Democratic National Convention, a Presidential press conference at the White House in 1993, the Emmy Awards (three times), two Rose Bowls, the Fiesta Bowl, several NCAA men's and women's basketball tournaments, a Formula One Grand Prix auto race, a heavyweight boxing championship bout (Ali vs. Spinks, 1978), and the 1985 Super Bowl. A 1975 graduate of Pepperdine University in Malibu, Calif., Chris has won more than a dozen regional and national awards for his work. He and his wife, Rebecca, have four children and reside in Redwood City, Calif.Follow on Twitter: editingwhiz

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel