Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Sandia's Red Teams: On the Hunt for Security Holes



 By: Chris Preimesberger
2006-09-03
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Sandia's Red Teams: On the Hunt for Security Holes
  2. ' Finding IT's Achilles Heels '
  3. ' Room for Improvement '

Rate This Article:
Poor Best
Sandia's Red Teams: On the Hunt for Security Holes
( Page 1 of 3 )

Sandia National Laboratories' Red Teams are in a race to plug security holes in the U.S. infrastructure to thwart a potential terrorist cyber-attack.

ALBUQUERQUE, N.M.Is it possible for a cyber-terrorist to hack into a city's water distribution system and poison thousands? Or disrupt air traffic communications to cause two airplanes to collide? Or create a surge in the power grid that would leave millions of people in the dark?

These are the types of questions pondered by the so-called Red Teams, based at Sandia National Laboratories here.

On the fifth anniversary of the Sept. 11 terrorist attacks on New York and Washington, these scenarios are front and center for Sandia, the Department of Homeland Security and law enforcement agencies across the United States.

The Red Team's job is to anticipate cyber-terrorism, create contingency plans that assume the worst and ultimately thwart a pending attack by plugging existing holes.

Michael Skroch, leader of the Red Teams, said utilities and government agencies are increasingly at risk as they replace custom IT systems created in the 1950s and 1960s with less expensive, off-the-shelf Windows and Unix systems that, incidentally, are easier marks for hackers. The older systems were secure because they weren't well known and had limited contact with other systems.

Thus, "It's clear that the threat and risk level has never been higher for cyber-security," Skroch said.

Resource Library:

Sandia is owned by the Department of Energy, is run by Lockheed Martin and is located at Kirtland Air Force Base. Formed in 1945, Sandia's overall mission is "to enhance the security, prosperity and well-being of the nation."

The Red Teams are part of Sandia's Information Operations Red Team & Assessments group. Each one comprises a small group (three to eight people) of computer and systems experts who are the IT equivalent of the Navy SEALs special-operations outfit.

Click here to read about how government agencies have failed IT security tests.

The Red Teams provide independent assessments of information, communication and critical infrastructure to identify vulnerabilities, improve system design and help decision makers increase system security.

Although often viewed as a singular entity, the IORTA group breaks into several smaller groups to tackle individual Red Team projects.

In layman's terms, Sandia's Red Teams are hired by countries and companies to anticipate and stop cyber-terrorism and other security breaches before they happen.

The teams, which focus on the potential for attacks from adversaries, apply a wide spectrum of methodologies, tools, research and training to help achieve the customers security goals.

The Information Design Assurance Red Team is part of the IORTA program, which was begun in 1996.

Blind to cyber-threats?

To critics, groups like Sandia's Red Teams are pivotal because, they say, the United States is asleep to the threat of cyber-terrorism, just as it was to the Japanese threat in the months and years leading up to the attack on Pearl Harbor in 1941.

Evan Kohlmann is one of the more vocal critics. Kohlmann, a terrorism researcher at the University of Pennsylvania, is the author of "Al-Qaida's Jihad in Europe: The Afghan-Bosnian Network," and he runs the Globalterroralert.com Web site.

"The United States is gradually losing the online war against terrorists," Kohlmann wrote in an article titled "The Real Online Terrorist Threat" in the current issue of Foreign Affairs magazine.

"Rather than aggressively pursuing its enemies, the U.S. government has adopted a largely defensive strategy, the centerpiece of which is an electronic Maginot Line that supposedly protects critical infrastructure (for example, the computer systems run by agencies such as the Department of Defense and the Federal Aviation Administration) against online attacks," he wrote.

"The U.S. government is mishandling the growing threat because it misunderstands terrorists."

Meanwhile, the DHS has also struggled with cyber-security. It hasn't had a cyber-czar for a year and has been panned by Congress for its internal computer security practices.

Next Page: Finding IT's Achilles Heels.





  Reader Comments: Sandias Red Teams: On the Hunt for Security Holes
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By Chris Preimesberger
 


xr㶲0;; ʷ♵M=RJd[+eikRJEĘ"Hʗ䬗v8x %23N& 4F?Hpur56%SE}"ICH~`RϩIzNڶ? t u;Azۀpg3YÃ[j (K&O`MlM1elck`p,cw5h{;D@='s!&2{<K;;$?*B#]2Hߦ0uɷ~=2tS[{!*:|HJ4يʏшqCOП}g^ԡoU'li3[:$C5CVlfesVV^s9Fȹ׳Z$nRvn8Gd jlI*v`iTi11<]Lч;@ڮS.PVjFԲ9guGgcGMҳG]LH6=l~0kQMK.lZJP['C;)xA#ס,`U[[UxsyHn&j&9bcm  @2zz`N-2訞öʲnMw3a[]ޡlwGZ*մ*rM)֎Eo[©̝ wQokB)(U:Gq7ںsm)y] Z sruO}qA6ny6tx+ȯFD_*QI- i|h/ Z@ ?&N{_"xZjkMюR=24g fZ҈ 'UUjH,ǝq%ZWM&M}X&ZhCA+@tW?#{ˠjq{ں}\=rڽ!Iٝ{N4Aqs j__[r\߃-omz ??NmrO=.iTjVM&x|9!9Io 'ȿ;Be}#$77#RxDɼ9V5o ߦIY WTj5^t&T7o`H2 4 }=w a4[=RF &\ aC|bUal&XJp7Ӕ>`I2TI0{ВYtBFȺN}%I F(NR'}:;SjZi};Nkh|?ƒ(6ʋCPsi[nL,@sՇt54A>+G޺zL߳0}Uԇ5jIA :\TR}>49qPhSP<zw0[@[Sh%jyt( u4/f{@`\@8ppYY;90@YubsBݷ|{њuև *QsnPBgԁ.v~9.WbA/tK4L>HQox@F6}Sˀ)4*d9ps <`t}Xj\p>q|=sI$З^rn2MS|,7n2g/h|+UPƒa"`,+$2[mĞ7(Vf9NrB@S*𯜲,pH@&mпd0{Oq)2Sj$),44'Ne;ZĿL;ͺ|+dYWz#V6/:At _օVPKo@yC dh{Kmkaԕ %/մEA nbXG:X}iP^&äWRT&4n:j,j\'M{?&TYOӟ@xz#jISʑbY=wlA ʸnJiriz>NUKϵA)"?vlntp>hBJmw6q - cOЬ,pZUS=Cab恈7_E3k’%tDiЁUraOә; Ңw^^SvԿ~Fl4޴ۄ#歰AVaဉNgT3aAKY6 }~Z3OMb^-!{0kMug 7aT5Scq-Z by>dcMWѹrDB?l1D.-g@AaRo5>  T#!EX+LTBYah]sV/r~N4:E80'eCf+;Ǚm*IH-b]Pr(RDj7AaeL䱯^x8CH&,;Ez . ZK DrAa \+c..'7M.&D~ÊDJQcG=&Cf+DŜU^oV8;gjZ(T+1:ʪZJsV2k-}4ۢ`@"+j3Ev~Iaף瞏vkkF$X c5=L: JV-ڞwZuߜ%]pHA! М;#ؐCMAk1ʯAq\;(TX7guE{^7U[o&J)*-ғe4 /B|66W5/íJAɷ x8&SoJ@(1ݼZ\"h Z[Gjy=%r zDD/{~~UM+%e2"P1ڃg#H隱Ju9*)<Wk*k `9z{Ǻq7ɭYqLW/ASB9^%L ɹ&wB֮NZo^2i$ezTxY3G{u¿U."G78@dDrzןWsc{~NY m:R.@R\)Hǖ1}]ܙe>tgc:7O7poUUAS^F<:H9S$ߐ@ڨOhM ] ֮o,sqI0e>2V&B(J٨-kr/g ?+:Tf3DU }d5C WѐF[G#^$G{FY(,.nDUPU(V $ }V;*h6+#4+^}a n?9[ 1wҨ\IV+Gs;Ÿʊg b|r}q6'F{tȣj>cWԄƸ4;f'Xh;6!ڤiH@mXJ7eNV5XI0iUI+T Z} 2aCU^U&.2>%SS]5  ~οݚr >(J$7rQӊ 5`JR}'0L Q@Z: GdQ. |eR)*7% K} j !cc?`"MMXh'=a?qq5492-kԈx0M V(YƵqALohqLL _^?؇V?jUeQbcE6 7k{J~jg^Ѝ ?PX2"NrE^)wV4M}ڽKC<d¼zO㇧Nӽ:|D۝~A`WKǽ,U.aš JV_tD`MUK\6Tc8 !6g5> `i8FjxD]ۮ>rfSϋfչ:nxE:p0\ !Ѱq^ 8͛ΕxI{ѽE-%[wEs5BAH͋! BV='Mx6y)qm2G3zǎ ްCښҽio85c-Il< &aFp[Qx~WX* 5̄?|CAJN(G@R`OH[%#ZEst;-38^t}h !h:Ua2^XJI!)$z'e3jto(6F_ћٿz~i \ |5~K0wfAb^+F+9ǭՓZO{q@H E?_9/wIB9e(n2~I .Uu?oRo2MDYk.Nm-ŧ-[O|BBaJ9ńKa2Ru;Is6v׺[&N!hAS2%ə(F =)!*ښI$"8J542 eI? U4㓘PV iOɂW#'59ܻԹ8T/\\7"=O&0?v\&0F q4/‰@ R޲;8%ŤYGJ^KJpVKuV4@  #eZ #Z{hUZ"ԱAt#O.]<;n{ W@)3^X 2k=(v-̳,]97__loYU2CZс?1nQݘ4vzN`rS@ {:`NO[up߁ ؁ ?O.yraGVɭei<;S7ekͰ< #>sGӝꖃ]LV\uyoߐ9ar܆s JAu#k􎿿|¯F *r{kgOtG/{F]YlFg 'kA}i^u7|Zؖ[qh*A=wK<L>?F$c: I"I^U֭YdU)IW=YE㣑);8{xHߴ/Aoҁ-3Hm3{F޹3}KwKY<cO7]f+wB&B6Zg%JW}qMԈ@k"kir"^Y8Z䑼DG۵%t`o 14m*z7=}z9{vÏ5"k ?Q@.mvc鼱2/> AYCؖrbL2HB%F[e5w+[c'cc;ȯF%%oSϱgA jmWwBqVE0p>-KpfulE;ேgɎ?eMr sf2y po9;_ ߅?=Sq x zГqi+<@ъO\-1-X}Od|:X=?eȺO\//M&7K.n;( OCl\B?<~ٮ'H[J%),Co"021aHȂ¶ dA*be# mCkb8Nynxp4vYD4X/8j<mEcPnj-YP5gN2~X!~=.5mY;LII˟^qv#qO.+q D2) F0>JՂZ6_%nӚXm \MXECډS9iGx:HxJoQhda<00nS/X@3#'J+. e%z\XˏWp37ܼI#~J$g#2YBHlS $5ӝzpWL$6yR@ TtV#TLj,U !-i9E}K7 TRلJsP]P1'bayH8}R0jEb0 h|4%4D;YKa~eYRjRx7"m&NDQTERk눂pEYcX#!]\0000 jX-0˫װOvDRboU.h>n{frݣΗaX.fXfQ p!"A$1D.F';Rc}MЕԳ1xA-iՌ,/,|9Ґ#NqZ%8HlʊD'a^j٢׍nI fD -}8xI }$غrhVg{aA%롗DT킛oIj/45E|`L\?68GƂq$9$ .EI/3= Y d4_vKr{5g:qN%0g@nW5l Apt O8|TICoJ|5^ ԖtZ~c]D`7hn . Mӝm&L<:H Gz]9(Zg`[R^ZMdl  "3VgZM TMXU1T¡2$;1T"~=zxZgB̸%!!!!+7VʚR 4ҟPI-I=ǐ;0c\SoG1EZ϶Lq @b HC-AZ?!/< ;k/mu҄v3}P\-X*R|rG_OXTbe +K²lՍe>آaO^cs7.Ԁx)(uX-KsY2=*wH‚$.'56dx{~Pq1PVIBysPw ş!ȱ,X}GEaFw^ަ-2pkzwe0_{Wv]#;jCs-л<tU.B܇LwTY?qðsk{Xm3HfwFm;}m[~bQŠQ_-zvts5Q8#Yg{[F2 sңV Hrݖş-lzK6\˔qQ3wrׄ%T|W _|\'ޚ'401H^EXl߽ ٩Qͤm-koS k:௶evau$EDž<}6dYسG=]>+b9Zv$b{rh<yG¡Yj,&*gx\sZuLvu  3cXk?qþŝ4ڃO'/ 2â?"LqOզ0a":n6M݈z@~RJ~/`MgNp^xI+LE||ǔ`'RDPS\(n^q#H| MD|ycQ#l=X:›s*juܷFc#,$^q_IuYâP؎48#$a{=ʵm~|;DyF5q."uMe9L4 'Ʈ$%5zH JH 0CX^qWQ>0"G4#uT]S[̉7T,hD9E NE7&XxX8"/2dR  /(_7`hB{a>FSYh9S!icb9j\l(.H^,:-vi=^_@FQPoges{`ɣ3#ԄTtspU) * PZ`o1 g sr_VS#6Vr"z0˪ \7r"vզz0Մq|W\AO[jswDPeಹ֝UȒPcƢ.* =,eO4D6;#l'A~hR?d_j~hR.mgI*@4`C"hR$2ZH+(%\B;˛н^3B{sأU=/Vkޞ,,9)=\`3-nޖTm}qVҽ]F-bd3}"纣;~ рHz3jXzg2?b)o:,=Wгr-x+jO;C( Tu5W1JzN[#Ļeůq+Sx#T TbЭB1KM;InP}3Y?d=` zXۿ[!VU%ruZ.__t[6gjEt MxC6+ ާX7A6po<|WPʕU+'=hp|m@1"s? I { | (HLvvwn0O ]ąg١v/ OC-l  \Q,vr)G2g;޾檧Ԕ1";W'0ᖩeS-1)kMQ(VpxcMNV? ,iM^C.B'Q?sc7[7;ΥIHDZ<& .yHcI 8^iNTX+=7,X2| ><Rh̘TՊR *uU 2,-VR\<>;A~g5Ep H@+^@3:}O1:uP }a5brOtni4MMz{'7~{E[<݄uh[8j=N9>t?v7~qjy0aB_Ye(,g6OzYyfzʜPNG:c.ͅdY/Y.2U94dC_1}TuV,; Yühjezs7ME[c̣ jݴ{=--,Ǜ#x[jȉkfH>1 M-G}*5=0<(:hEOW\#TyDyyx +~7O@͌.w3ґ[V;#O֧~N3s?hGH>kw֧wZFd3th'r_z! fe\B/3 /~/3{ %2@y yAȣW2!<#KHH+ ..ȟn|fȗk o~n2eeϠ _?}}̠O)+)2w Y@{ f wAɹN2!HofYN/T8\8^JeY+OY鰄:HAz<++A/nt3 < ?3_2 ̵T_;'Vr]!4.5PeZk+/YSݲ*q m}}}P ByekR+ AQfQ.a 3l>VLY[,Oмz' Jܓs+Z`~H逷\]d}+er6VD-V_bbMx{,xlǾJ5fa_d_ǻ'Ы{""%YØܺ CzˆnQ'/L2~4'ԎblOAp}n7}Fn_~L|uҚܴO?ŭhg?>/ݹgֺ+3c+p'k͠~%k"N\d6x߇ ߊD,&yT eHI[ա[h7~r'܌3:X'o:kAi\5/ͳ6̧{4t)N(~PWEjn2h sŁS wCm 3y XGQscwˡB~2RV@Lે/Y2&3!Uť{oTxx ‹e*莃\}uQ0Zqǵd<@T:?@/P_Nc̓~@}fIߣ\#u{IJ]bD}!rE:]\#Xnp[b2 rBLx-@OZnܸxQ#Ij% fLd~G] :bRzՏIO[E=0&JôFo1#9݌ţ*aсHY] c{D8_;- 55u[ ~]@- p1o6Nώ{;]9![V5u7L[Naŗת@@rvそ/lY>19tK:DQ`/fxwN"L/0@Oq^g 0MD+fAl! r& c 64yaO"|Ŷ/O㿆$E;y0t;l'Ʈޝ)}|\k,#!1苄IUЦ Z{JfBZ}Mo 9o9RJX`n皑Lt6q>kso_yklø?& ((z >AϐTh(/t(,ዦJ{&W3n,=GID/j˦UUj΢ْ=]K`RJVr. =`n6{2T/ă_| .u,sD[jςezLT zδ tXl3%^ ϒ֒{ֶ ;CavEEKݻI?ARhv6N>Lؽ^"ZZ*nNc.-s0ŴBShI -(O?5ogkn 5E`w4aeh <ձ]w  7G=Ƌrx{Gk/%/.H}nHU֧j2:Οm9n(Z| ӽ'iZQڃtERb05yNvCF} _2"L-L Ԧ?MSw)+],1AƂ?vL7VC)jҸE "9BU(];<x[9ċO0xmӕhOQl>-5O#]^D&+8~mA=fyfڕ*zYD0evm-3ӲG(q",@z̰S+Kea$Vi)$n0S`hwq#b }u+y!N1 Ȱ.Xݫ8mׁR#nȥȰ+`jk7E]YtA<黶w{&׶\dؕc׮< Xè+7q;3h__90 |6,lp+>o&G[04cx﮳z[[KY'}d& , $8jVI{{:7&iy-ccC v_ʉvph;?ˆY>A wVǰ>BOsSo 30RO +(|[P[z0 _jPo0y,XBLַ 52lt*XjuΒ񲞽P7vqr9̳#P1TfYWVI8Fv16EOZ\֒Rv3F'e9TU>ɜKBU+$WY/gfTN$ƇZʾ wm&l2)v}m-c6]-{T\)