Sandia's Red Teams: On the Hunt for Security Holes

Sandia National Laboratories' Red Teams are in a race to plug security holes in the U.S. infrastructure to thwart a potential terrorist cyber-attack.

ALBUQUERQUE, N.M.-Is it possible for a cyber-terrorist to hack into a city's water distribution system and poison thousands? Or disrupt air traffic communications to cause two airplanes to collide? Or create a surge in the power grid that would leave millions of people in the dark?

These are the types of questions pondered by the so-called Red Teams, based at Sandia National Laboratories here.

On the fifth anniversary of the Sept. 11 terrorist attacks on New York and Washington, these scenarios are front and center for Sandia, the Department of Homeland Security and law enforcement agencies across the United States.

The Red Team's job is to anticipate cyber-terrorism, create contingency plans that assume the worst and ultimately thwart a pending attack by plugging existing holes.

Michael Skroch, leader of the Red Teams, said utilities and government agencies are increasingly at risk as they replace custom IT systems created in the 1950s and 1960s with less expensive, off-the-shelf Windows and Unix systems that, incidentally, are easier marks for hackers. The older systems were secure because they weren't well known and had limited contact with other systems.

Thus, "It's clear that the threat and risk level has never been higher for cyber-security," Skroch said.

Sandia is owned by the Department of Energy, is run by Lockheed Martin and is located at Kirtland Air Force Base. Formed in 1945, Sandia's overall mission is "to enhance the security, prosperity and well-being of the nation."

The Red Teams are part of Sandia's Information Operations Red Team & Assessments group. Each one comprises a small group (three to eight people) of computer and systems experts who are the IT equivalent of the Navy SEALs special-operations outfit.

/zimages/4/28571.gifClick here to read about how government agencies have failed IT security tests.

The Red Teams provide independent assessments of information, communication and critical infrastructure to identify vulnerabilities, improve system design and help decision makers increase system security.

Although often viewed as a singular entity, the IORTA group breaks into several smaller groups to tackle individual Red Team projects.

In layman's terms, Sandia's Red Teams are hired by countries and companies to anticipate and stop cyber-terrorism and other security breaches before they happen.

The teams, which focus on the potential for attacks from adversaries, apply a wide spectrum of methodologies, tools, research and training to help achieve the customers security goals.

The Information Design Assurance Red Team is part of the IORTA program, which was begun in 1996.

Blind to cyber-threats?

To critics, groups like Sandia's Red Teams are pivotal because, they say, the United States is asleep to the threat of cyber-terrorism, just as it was to the Japanese threat in the months and years leading up to the attack on Pearl Harbor in 1941.

Evan Kohlmann is one of the more vocal critics. Kohlmann, a terrorism researcher at the University of Pennsylvania, is the author of "Al-Qaida's Jihad in Europe: The Afghan-Bosnian Network," and he runs the Web site.

"The United States is gradually losing the online war against terrorists," Kohlmann wrote in an article titled "The Real Online Terrorist Threat" in the current issue of Foreign Affairs magazine.

"Rather than aggressively pursuing its enemies, the U.S. government has adopted a largely defensive strategy, the centerpiece of which is an electronic Maginot Line that supposedly protects critical infrastructure (for example, the computer systems run by agencies such as the Department of Defense and the Federal Aviation Administration) against online attacks," he wrote.

"The U.S. government is mishandling the growing threat because it misunderstands terrorists."

Meanwhile, the DHS has also struggled with cyber-security. It hasn't had a cyber-czar for a year and has been panned by Congress for its internal computer security practices.

Next Page: Finding IT's Achilles Heels.

Chris Preimesberger

Chris Preimesberger

Chris Preimesberger is Editor of Features & Analysis at eWEEK, responsible in large part for the publication's coverage areas. In his 12 years and more than 3,900 stories at eWEEK, he has...