Naval Facilities Engineering Systems Command (NAVFAC) Headquarters Adversarial Cyber Operations (ACO) technical lead Bao Huynh joined 200 military and civilian cyber experts in a cyber warfare exercise recently in Tallinn, Estonia.
The exercise, conducted annually by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), brought participants together from 40 NATO and non-NATO member nations.
The exercise focused on training cyber specialists to execute full spectrum offensive cyber operations in a simulated crisis environment, and included cyber operators, digital forensic experts, and specialists from various units who work with their national cyber forces.
“We are a defensive alliance by nature. In order to understand how our adversaries think we also need to master offensive cyber skills,” said Dr. Mart Noorma, Director of NATO CCDCOE. “Deterrence in cyberspace is complicated, but we continue doing our best to keep our nations safe.”
Huynh joined a group of hackers targeting the railway system of a fictional hostile nation and disrupting the movement of supplies to the front lines. His expertise in industrial control systems was instrumental in the development of the attack his hacker group levied to take down the rail system and eventually take down the hostile nation's supply chain.
NAVFAC does not engage in offensive cyber operations, Huynh said. “We were invited to participate because offensive capabilities are crucial for improving defense.”
“Taking an attacker’s perspective against our own system allows us to expose weaknesses that are often overlooked or misunderstood, so they can get the attention and resources they need.”
To combat real-life attacks, NAVFAC also employs a Hunt and Incident Response Team (HIRT) to detect and respond to any breach of our networks, Huynh said. “The NAVFAC ACO works closely with HIRT to improve their detection capabilities while they in turn motivate us to become stealthier.”
“NAVFAC is responsible for providing mission critical services to the fleet,” Huynh said, “many of which resemble systems that have been attacked in past and present conflicts around the world.”
Huynh said participation in large-scale hacking exercises such as the NATO CCDCOE event allows the NAVFAC ACO to “level up” both capabilities, enhancing our system defenses.
“It’s one capability to find and exploit a weakness, Huynh explained. “It’s another to perform an attack with stealth. An attacker needs both to achieve their objective.”