Cyber Protection Team Workshop

Recently, I was privileged to spend half a day with some of our nation’s finest cyber warriors at a RedSeal workshop. Early in the morning, members of various DoD Cyber Protection Teams (CPTs) gathered around a u-shaped table in Columbia, Maryland. We had four Army soldiers, five Maryland Air National guardsmen, two United States Marines and one Navy sailor.

The workshop showcases how CPTs use RedSeal every day to secure cyber terrain and support the warfighter’s mission. This was the fourth workshop that RedSeal has organized this year.

RedSeal in a simulated real world mission environment

The workshop’s mission concept is to validate that a secure network for a THAAD antimissile battalion had been deployed in South Korea. For the workshop, we say that an initial network survey has been completed on the deployed THAAD system and we are in phase two of a CPT mission called Secure. In this phase, the teams must verify that the network — primarily the key battery line IT systems — is secure.

Further, verifying that the THAAD system’s key cyber terrain is secure is of paramount importance to protect alliance forces in South Korea. Intelligence indicates a high probability of a kinetic war breaking out on the Korean peninsula soon. Cyber activity penetrating military C2 and civilian infrastructure would be a precursor to a shooting war.

RedSeal for Network Mapping and Automation

First, the attendees are shown how RedSeal ingests all the network information in a matter of hours, using configuration files. Everyone could see that manually attempting this process would be a time-consuming folly. It would take years to scan thousands of lines of code in each config file, multiplied by hundreds and thousands of devices.

RedSeal automates this process for CPTs and generates an accurate, up-to-date network model.

Second, the attendees are shown that RedSeal’s network topology map is not static but can be moved around and adjusted. All the network information can be organized into an easy and clear graphic representation of the devices and how they connect with each other.

When attendees ask if this is a scanning tool that will jam up their networks, we explain that there isn’t any scanning at all.

Then, we show detailed path results that look like a subway map of connected devices. One attendee said, “RedSeal shows me all the hops on the path from device to device.”

Visualizing cyber terrain serves an important role. CPTs often find themselves in debates with network operators about the significance of vulnerabilities. RedSeal provides a single source of truth that everyone can agree on.

Another attendee commented, “Now that I’m done worrying about access control, I’m worrying about threats. I can focus on higher level questions like, how are they using payloads against us?”

We discuss the value of using RedSeal to make higher-level informed decisions and to create hypotheticals around changes to the network. This allows accurate risk management of proposed network changes, even “temporary” changes.

RedSeal has been deployed successfully by active CPTs in every service branch. Our team looks forward to supporting each and every CPT as it conducts its important mission.

Want to learn more about RedSeal’s support of CPTs and how it will improve your agency’s digital resilience? Click here to set up your free trial of RedSeal and choose the better way.