'Through the eyes of the adversary': Information Aggressors infiltrate D-M, train Airmen

  • Published
  • By Staff Sgt. Jake Richmond
  • 355th Fighter Wing Public Affairs
DAVIS-MONTHAN AIR FORCE BASE, Ariz. --  "The Air Force has spent lots of time, effort and money to build layered defenses to protect our resources. One bad choice from one individual can render them all ineffective."

Those are the cautionary words of Lt. Col. William Waddell, the mission commander of the information aggressor "Red Team" that visited D-M Sept. 8 through 19 to covertly test the base's physical and electronic security postures.

Colonel Waddell's team included guardsmen from the 177th Information Aggressor Squadron, a unit assigned to the Kansas Air National Guard's 184th Intelligence Wing at McConnell Air Force Base, along with active-duty Airmen from the 57th IAS. Both are part of the 57th Adversary Tactics Group at Nellis Air Force Base, Nev.

The IAS mission provides a unique service to installation commanders. Their specially trained teams can show just how vulnerable a base is to enemy aggression. Davis-Monthan was the ninth military installation tested by the IAS since moving under the ATG.

"In the deployed environment, threats are more obvious to our Airmen," said Col. Paul T. Johnson, commander of the 355th Fighter Wing and the installation itself. "But here at home, it is much easier to assume a sense of security - a very false sense of security."

Although the IAS team is made up of military members, they follow strict rules that prohibit the use of any military advantage they may have. When they go up against the base's various security measures, they do it with methods and equipment that would be equally accessible to the enemy.

For several weeks prior to their arrival in the local area, the Red Team researched the base - its leaders, units and habits - and attempted to hack into Davis-Monthan's computer networks. Through the strategic use of open-source information, it wasn't long before the Red Team aggressors had the keys to D-M's cyber-domain.

Then came the second phase of their mission, which they call the "Road Show." As the name implies, it's when the aggressor team takes their operation on the road, literally moving their command center to a secret location near the base itself. From there, they began "Red Week" - the first week of two that they spend in the local area.

Red Week is when the team ramps up their efforts to infiltrate the installation, both physically and electronically. Just like the enemy, they're smart and determined. They "spy" on our electronic information. They get through the gate. They get into buildings on base. They even find their way onto the flight line.

How?

Most of their methods are sensitive, and they're closely guarded to protect operational security. However, the entire IAS mission would be pointless without training base personnel on specific vulnerabilities. So, that's exactly what they do.

That's how "Blue Week" fits in. The IAS team spends the entire second week of their local-area stay focused on teaching Airmen about what happened in Red Week and training them on how to prevent similar attacks instigated by the enemy.

"It's all about Blue Week," said Col. Andrew Toth, 57th ATG commander. "When Blue wins, we all win."

At the direction of base leadership, the Blue Week training briefs at D-M were mandatory for all base personnel. When the IAS team members showed the large audiences how they were able to penetrate the installation's defenses using simple creative methods and open-source intelligence, the surprise was palpable.

"The aggressors' mission here at D-M was eye-opening," Colonel Johnson said. "They revealed our security strengths, but more importantly, they showed us vulnerabilities we might not have seen otherwise. With their help, we'll be able to fortify our security measures and cultivate more vigilant warfighters."

Colonel Waddell stressed personal accountability and vigilance.

"All of the layers of security we have on a base eventually come down to an individual," he said. When individuals are not vigilant enough, a vulnerability is born.

The point of the IAS visit, though, wasn't to point fingers at people. In fact, at the heart of their mission is the concept of non-attribution - the promise exchanged between IAS teams and installation commanders that nobody will get in trouble for their actions or inactions that unknowingly aided the aggressors.

"Non-attribution is the culture we're trying to develop," Colonel Toth said. "These commanders are giving us the keys to their kingdom. We have to maintain that commander's trust."

"The purpose is not to penalize mistakes," Colonel Johnson added. "The purpose is to get better, and we will."

The IAS team avoids attribution so they can continue taking their show on the road, teaching more and more Airmen about the importance of staying vigilant in a military world that does so much business in the public domain.

Considering the widespread use - and misuse - of social Web sites like MySpace, Facebook and TogetherWeServed, the enemy may know more about you and your job than you realize.

"When you log on, the fight's on," Colonel Waddell warned the audience during a Blue Week briefing. "Assume we're working in a compromised environment. We are."