- The Washington Times - Thursday, March 6, 2014

The Air Force and Homeland Security Department have teamed up to create a new test kit that imitates cyber malware, the better to train government analysts to fend off attacks from hostile sleeper viruses.

The Air Force developed the prototype kit, the first of its kind, to improve the malware-fighting skills of Homeland Security officials. The kit is designed to replicate covert computer virus symptoms, and includes a list of procedures for identifying the systems, so that federal employees can hone their ability to find the real thing.

The goal, according to Air Force Maj. Jonathan Butts, director of the Air Force Institute of Technology’s Center for Cyberspace Research, is to provide government officials with training necessary to detect sleeper viruses embedded in critical infrastructure, such as a power grid or oil and gas pipelines.

Maj. Butts said the Department of Homeland Security provided research funds to develop the test kit, which works in a manner similar to doctors determine what is wrong with their patients — by looking for new or unusual symptoms. A major part of the training, he said, involves look at the “vital signs” of a given computer system and learning “what to expect,” by measuring to see if the computer’s vital signs have changed.

It remains to be seen how effective the kit will be in training officials for battle on a widening cybersecurity landscape that analysts say has grown increasingly difficult to negotiate over the past decade.

The test kit is “one of the many needed approaches” to dealing with the nation’s cyber security problems, said Peter W. Singer, who heads the Center for 21st Century Security and Intelligence at the Brookings Institution in Washington.

Mr. Singer said awareness of cyber security threats has heightened in the U.S. military national security communities since 2008 when a U.S. soldier plugged a random flash drive into a Pentagon laptop and inadvertently loaded malware onto the laptop.

The incident, which allowed for a foreign source to launch an espionage attack on the military’s classified networks, is what the cyber experts refer to as “a candy drop,” Mr. Singer said.

“Someone left a memory stick in the parking lot of a U.S. base and a soldier picked it up and, you know, violated both the ‘don’t take candy from strangers’ rule and also the five-second rule,” he said. The Pentagon has since placed restrictions on the use of flash drives. Mr. Singer noted how the incident illustrated similarities between the current slate of cybersecurity threats facing the U.S. government and those facing the private sector.

The nation’s largest companies, he said, have fallen prey to cyber criminals seeking to steal their negotiating strategies. “When I say negotiating strategies, I mean everything from oil companies to soft-drink companies to pretty much every think tank in Washington D.C. has been targeted,” Mr. Singer said. “This is not a world where there’s a big, bright shining line between the military and the civilian world, both in means and in the target.”

Maj. Butts said the prototype test kit was developed as part of a three-year collaboration between the Air Force and the Department of Homeland Security and that Homeland Security experts are expected to begin training on the kit this month. Homeland Security officials have not responded to numerous requests for comment.

Under the Comprehensive National Cybersecurity Initiative — established by former President George W. Bush in 2008 — the Department of Homeland Security is tasked with deploying a intrusion-detection system of sensors across federal government systems and to coordinate research and cybersecurity development efforts.

• Maggie Ybarra can be reached at mybarra@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide