Building Teams of Cyber Warriors by LTC Joseph Doty Teurs Succeed? the 2004 U.S

Building Teams of Cyber Warriors By LTC Joseph Doty teurs succeed? The 2004 U.S. Olympic Is this true, however, with cyber se- and basketball team, composed entirely of curity? Expertise in cyber warfare and MAJ T.J. O’Connor professional players, lost three games security requires knowledge, skills, and finished the tournament with a abilities and talent that necessitate eveloping an offensive cyber-war- bronze medal. Four years later, the U.S. years of study and practice of how dif- Dfare capability is one of our na- Olympic basketball team went unde- ferent protocols and security mecha- tion’s goals right now and a key com- feated and won the gold medal. The nisms work. Even having a breadth of ponent of our national security strategy. 2008 team’s head coach, Mike Krzyz- knowledge doesn’t make an individual At the heart of this challenge is recruit- ewski, was singularly focused on en- talented in cyber warfare. ing and building cyber-warfare teams suring that these phenomenally tal- It requires the ability to take that composed of highly talented and skilled ented professionals were playing as a knowledge and turn it on its head. To individuals. We cannot simply assem- team. (See The Gold Standard: Building a be really successful in cyber warfare ble a group of all-stars and then watch World-Class Team by Mike Krzyzewski requires teams that can figure out how as they “conquer the world.” and Jamie K. Spatola.) The 1980 U.S. to bend and break the mold, to make Rather, we must focus on how to Olympic hockey team, composed main- protocols work in a method for which teach and develop these cyber war- ly of unknown college players, defeat- they were not originally intended, to riors to work as part of a larger team ed the mighty Soviet Union team in find weaknesses in proven mecha- and to begin playing in a team envi- what is widely considered to be one of nisms for security—this is the art, in- ronment. For cyber-warfare teams to the biggest upsets in the history of stead of the science, of cyber warfare. succeed (and our adversaries are for- sports. At the very heart of this is the The practical reality is that in order to midable opponents), we need to ex- phenomenon that people who place a be that introspective, a cyber warrior is amine closely what a cyber warrior higher value on the success of the team more likely to be an individual than a looks like, and what we can do to fur- (not the individual) succeed because of member of a team. Yet we need teams ther build successful cyber-warfare a shared purpose, vision and trust. A to succeed in cyber warfare. A coordi- teams. team working together will achieve far nated offensive strike against another Why do teams of talented and skilled more than the sum of the individual team nation or decentralized network re- professionals fail where teams of ama- members working alone. quires thousands of hackers working

12 ARMY I January 2010 in multiple locations who communicate talented professional with a clear pro- uilding cyber-warfare teams is and build upon each other’s strengths. fessional agenda back into the field de- Bsomething the U.S. Military Acad- How is cyber warfare done well? fending our nation’s secrets. In con- emy at West Point does extremely There have been a number of suc- trast, the DoE punished Carpenter for well. Every year, West Point fields a cesses in team-organized cyber war- violating procedural regulations—the cyber-warfare team that competes fare. In early July, a team attack tar- equivalent of firing a bank teller who against teams from every other service geted dozens of government web sites fought back against a bank robber. Tal- academy. in the United States and South Korea. ented cyber warriors often look and act For four days in the spring, the Na- While suspected to have originated in differently from usual society. They are tional Security Agency’s best hackers North Korea, the attack required the often referred to as nerds or geeks. We attack the U.S. Coast Guard Academy, ability to work with individuals in the should embrace rather than fear the the U.S. Air Force Academy, the U.S. United States, Guatemala, Japan and Shawn Carpenters in our organizations Naval Academy, the U.S. Merchant China. The team effort succeeded in because they are vital to the security of Marine Academy and the U.S. Military crippling the web sites of 27 different our country. Academy. For the past three years, the services in the United States and South Korea. Shared communication, shared vision and a cooperative working en- vironment contributed to the unfortu- nate (for U.S. and South Korean security) success of these attackers. What does the cyber warrior look like? In 2004, Chinese hackers from the province of Guangdong attacked the U.S. Army Missile Command at Red- stone Arsenal, Ala. In an operation called Titan Rain by U.S. authorities, a team of about 20 Chinese hackers grabbed specifications for helicopters and flight planning software. They gained and kept access to several ma- chines at Sandia National Laborato- ries at Redstone, pillaging secret infor- mation from the U.S. government, and were eventually discovered and stopped by a single individual, Shawn Carpenter. An employee at the De- partment of Energy (DoE), Carpenter performed an unauthorized investiga- tion into the hackers that led to their detection and Carpenter’s subsequent dismissal from the DoE. Carpenter’s success in detecting the hackers highlights a challenge with cyber warriors: These talented people have highly specialized skills that the national security community does not necessarily fully understand or com- prehend. Essentially, every cyber warrior has the ability to read his boss’ e- mail—building teams of such people is a scary thought. We require them to be ethical and maintain professional- ism in their craft, but this is often sec- ondary to their ability to strike with technical precision. In the case of Shawn Carpenter, the DoE missed the opportunity to put a

January 2010 I ARMY 13 U.S. Military Academy has won deci- vidual who has incredible technical next cyber-warfare battlefield, we must sively. Why? The other schools have savvy, yet also has a high ethical code not forget to tap the Sal Messinas that equivalent educational programs teach- and a dedication to a profession. This we have already grown and developed ing their students technical expertise. often means they come from existing within our ranks. I West Point’s team is so successful be- professional environments and may cause individuals playing as a team have little to no technical expertise. LTC Joseph Doty, Ph.D., is the deputy di- win, while teams playing as individu- rector of the Army’s Center of Excellence als lose. West Point’s team was led last lifford Stoll, renowned for detect- for the Professional Military Ethic. He year by senior Cadet Sal Messina. Cing the first series of cyber-warfare previously commanded 1st Battalion, Halfway through the competition, his attacks in the 1980s, was simply an as- 27th Field Artillery Regiment, V Corps second-in-command made a mocking trophysicist who became upset when Artillery. MAJ T.J. O’Connor teaches in phone call to the NSA deputy director. he could not perform his research prop- the Department of Electrical Engineering Cadet Messina chastised the other erly on compromised computer ma- and Computer Science at the U.S. Mili- cadet—not for the phone call, but for chines. Shawn Carpenter was a DoE tary Academy at West Point, N.Y. He putting the team at risk. He told the employee dedicated to protecting his previously served as a signal center direc- cadet he did not have the right to sacri- government’s secrets. Does this mean tor with the 7th Special Forces Group in fice the work of the other members of that cyber warriors must be drawn ex- Afghanistan. (The views expressed the team. This was a clear example of clusively from the professional ranks of here are those of the authors and do the team’s shared vision and effort. our Department of Defense? No. They not purport to reflect the position of It takes a great deal of resources— are most likely, however, to be individ- the U.S. Military Academy, the De- time and money—to recruit a talented, uals who have learned to work on partment of the Army or the Depart- ethical cyber warrior, that unique indi- teams. As we charge forward into the ment of Defense.)

14 ARMY I January 2010