Nellis AFB, teaching the shadowy art of cyber war

LAS VEGAS  — Flying above the clouds in hostile territory, a U.S. Air Force F-15E fighter pilot checks his computer to make sure he's on course, trying to steer clear of a no-fly zone.

But can he trust the information that comes up on his screen? Can he complete his mission without creating an international incident? Could a cyber-terrorist network have hacked his data?

"How do you know you're clean? You don't. That's a continual problem that no one has solved," says the man in the shadows at Nellis Air Force Base, near Las Vegas.

As a jet engine roars from a nearby field, the man — a lieutenant colonel who wants to be identified only as Steve because of the sensitivity of his mission — ponders the hypothetical situation he has just described.

It's a scenario the quiet lieutenant colonel has been dealing with for the last few months: the world of cyber warfare.

"All you can do is protect yourself in the best way possible and continue to be vigilant to any indicators of adversarial activity," the lieutenant colonel told the Las Vegas Sun (http://bit.ly/NGLwv7).

His eyes turn across the room to a colorful 3-D topographical wall map depicting the mountainous terrain and bleak desert landscape of the nearby Nevada Test and Training Range. Since 1949, military fighter pilots have been coming to the range and its 5,000 square miles of airspace to pass on the real-life lessons learned in past wars.

The lieutenant colonel operates on a different test range — one in the limitless virtual world of computer networks and communications systems. He's the new director of operations of the Air Force's first Cyber Weapons Instructor Course.

Eight students recently graduated from the course after spending 10- to 12-hour days for six months going through a rigorous curriculum. The school's goal? To create leaders who can tackle problems as they arise with computer hackers.

Their coursework prepares them to teach others to recognize and deal with the possibility of a cyber-attack. Graduates will become instructors and advisers to military leaders.

"We want our graduates to transform and inspire our nation's combat power, to bring the cyber piece to operational planning, but also to help build the cyber force to recognize that they are part of the overall picture and a capability we are providing to the combatant commander," Lt. Col. Bob Reeves, the commander of the 328th Weapons Squadron at Nellis, said in a statement.

The Air Force has been charged with protecting its own communications networks in the virtual domain, which is the mission that drives the Cyber Weapons Instructor Course, Lt. Col. Steve said.

"Our adversaries will be using this domain to come after us," the lieutenant colonel said, "and we want to maintain the ability to protect against them."

The instructors in his program will work with the Department of Defense's Cyber Command, which also draws forces from the Army, Navy and Marines, he said.

So far, the military hasn't seen any serious threat that has broken into the Air Force's operations. But it could happen, he said.

"We're preventing people from collecting that intelligence," he said.

Threats come from individual hackers or from cyber guerrillas hired by countries hostile to U.S. interests, the lieutenant colonel said.

The lieutenant colonel said the National Security Agency is charged with warning when it sees cyber intrusions. The Department of Homeland Security is probably the most likely target of any cyber-attack, he said. Other likely targets are the military branches, energy companies, cable companies or the banking system, he said.

Before coming to the Cyber Weapons Instructor Course at Nellis, students go through three months of Undergraduate Cyber Training at Keesler Air Force Base, Miss., and two months of Intermediate Network Warfare Training at Hurlburt Field, Fla.

The main goal of the program is to help them recognize if a problem has occurred, figure out what went wrong and fix it, the lieutenant colonel said.

As part of Nellis' Warfare Center, aircraft use the Nevada Test and Training Range to simulate warfare scenarios.

"We have a virtual world out there on the computer side that's the counterpart to that," he said.

They use an "aggressor squadron" that attacks from both the aircraft side of the training and from the information side, he said.

"They do what they can to emulate what a bad guy would do, or a thinking adversary," the lieutenant colonel said. "So they challenge our students with a different problem set every time. We take some liberties with what the adversary's capabilities are to change the scenarios for the students."

Real-world scenarios are put together for students, he said.

"We pick a region of the world where there would be increasing tensions and an adversary who doesn't want U.S. involvement in that area," he said. "And then we play out the computer side of that war in the virtual space and challenge our students with what they could expect to see from an adversary in that area."

For example, an adversary might be attempting to gain access to the Air Force's systems or steal intelligence on its operations prior to their launch and possibly send corrupt data to confuse an operation.

The lieutenant colonel said the graduates of his program work with Cyber Command to consider and develop options, defensive and offensive, though he would not give specifics about offensive measures and mostly talked about the defensive systems he teaches.

To protect an F-15, for example, it's necessary to identify all the dependencies the aircraft might have in the cyber world before it goes out on a mission. Preparations for the flight, the course it will take and where it will need to stop to refuel are some areas that could be planned on a computer network.

The key is to be wary of anything that looks suspicious, he said.

"If an F-15 is flying a sortie off of bad data, they could be in the wrong place or they could miss a refueling point," he said. "Students learn to identify the abnormal."

___

Information from: Las Vegas Sun, http://www.lasvegassun.com