FORT GEORGE G. MEADE, Md. (July 9, 2015) – Three teams of 30 people sat crammed around computers in the classroom of McGill Training Center on Fort George G. Meade, Maryland.
The teams, named “Trogdor,” “Kobayashi Maru,” and “Planet Express Ship,” made up of mostly Soldiers and civilians, were partitioned off from one another. Each team monitored large projector screens, tracking a spaceship through enemy territory. A loud, celebratory whoop went up from Team Trogdor as the event resumed after lunch.
The teams were playing a modified version of the spaceship bridge simulator “Artemis” to help develop their capabilities as part of the Cyber Mission Force. The goal of the game: To infiltrate and override other teams’ ships through their computer networks while working together to attack other teams, defend their own ship and provide solutions for any self-inflicted mishaps.
This game of cyber capture the flag, hosted by the 780th Military Intelligence Brigade, was an unclassified force-on-force network exercise that enforced practical lessons on how to operate as part of a joint environment in the cyber domain.
The May 2015 virtual exercise was open to all members of the brigade, as well as select mission partners.
“Significant gains can be made by running a type of exercise like this,” said 1st Lt. Alexander Farmer, officer-in-charge. “Getting people to be able to react to new situations. So what we did is we built an entirely new system that … they’ve never seen before, and doesn’t work like they expect it to work.”
Farmer and his second in command for the exercise, 1st Lt. Stephen Rogacki, developed and built an industrial control system to overlay on the video game. When participants used an in-game command, that command was routed through the industrial control system, which could be manipulated to provide unexpected results by other teams if a ship was not well defended, such as draining weapon power.
“[Farmer] built a network with services that you would see in a real network, in the concepts of hey, this will provide maybe data communication, or provide different types of power,” said Staff Sgt. Craig Seiler, member of Team Kobayashi Maru. “They call them industrial controls … and … they laid that on top of an actual, real game so that we can play it in a live environment, and you can manipulate, control, turn off any of those services within that network.”
“People care more when it is a force-on-force event and what they are doing actively contributes significantly to their success as a team,” Farmer explained.
“You learn very quickly what doesn’t work,” Seiler said. “I’ve seen one of the vignettes; one of the teams … figured out how to make a defensive Python script – Python is one of programming languages – to kind of secure their network a little better. But at the same time implementing that piece of software shut down their own services and they crashed their ship ….”
Rogacki said the participants would learn a lot of network defense capabilities, like analyzing network traffic, identifying vulnerabilities and writing good patches or upgrades during the event. He explained that having force-on-force training like this is something most units can’t do without playing laser tag.
“People are learning computer things, but they’re also learning how it ties into the tactics of the game in a new environment, and how leadership matters hugely in organizing efforts across the ship,” Rogacki added.
The teams had five people designated as bridge personnel, who were in charge of flying the ship, while the rest of the “crew” focused on cyber attack and defense, though teams were organized however they wished to be organized. There were no requirements, but finding the right combination of leaders and doers was one of the challenges of the game.
“The thing that is probably most difficult is communication, up and down and sideways,” Rogacki said.
Communication difficulties were one of the first things Seiler encountered during the first scenario of the game. His team was split according to bridge personnel: Team members good at writing code patches were put under the command of the bridge’s engineer, for example. And while the five micro-teams communicated well internally, they weren’t communicating well with the other parts of the crew.
“We got destroyed completely in that scenario because we did not communicate [with] each other. We didn’t understand our system fully,” he said. His team managed to fix their communication issues and did better as the game progressed, though ultimately Team Trogdor won the day.
Rogacki hopes this one-day event will evolve into a multi-day event in the future, so that participants will have time to look at and understand the system, and to develop offensive and defensive capabilities for their ships.
Seiler and members of the 780th enjoy hosting events like this one. “People are happy coming to these events and getting to [learn in a] less formal setting (and) figure out new things. Cyber is consistently changing, and we always look [to] others to get excited about it.”