Save this content for laterSave this content on your device for later, even while offline Sign in with FacebookSign in with your Facebook account Close

Wargame of cyber proportions unfolds in Colorado Springs symposium

February 6, 2017 Updated: February 7, 2017 at 10:06 am
Caption +
John Muscarnero works to defend the "Blue Team" from a cyber attack that posted this "You have been hacked" message on team's website during a cyber wargame exercise Monday, February 6, 2017 at the Rocky Mountain Cyberspace Symposium. Photo by Mark Reis, The Gazette

The way to hack an oil refinery seemed rather basic, or "basisk" to a team of potential hackers playing the part of nation-state, backed perhaps by the Chinese or Russian governments.

That's because the word "basisk" was the default user name and password for an internet-connected valve on an oil storage system in a mythical European refinery they hacked as part of a cyber wargame event Monday organized by information technology giant SAIC during a cyberspace symposium at The Broadmoor hotel's Colorado Hall.

It took the five-person team most of the 55 minutes set side during the exercise to accomplish their goal, but they succeeded in shutting off the value, making the tank overflow and shutting down the refinery - making their team the winner and the team defending the refinery from the hack the loser.

The nation-state team, which called itself EtherApe, was one of two hacking teams targeting the refinery's website, databases and industrial control systems and had help on the inside from a spy that placed a beacon on the server that controlled the value to make it easier to find and compromise. The other team was modeled after the international hacking group Anonymous, though they didn't wear the group's trademark hoodies or masks, and wanted to retaliate against the refinery for spilling millions of gallons of oil into the Atlantic Ocean.

The defending team admitted that its biggest mistake was failing to update quickly enough a browser plug-in, which proved to be the route EtherApe used to first access the refinery's networks. The team's spokesman also said they should have locked down critical technology immediately after detecting the intrusion.

"The Blue (defending) team operated well as a team; they knew their roles. But they were just a step behind the attackers," said Jason Nichols, solutions architect for SAIC in Reston, Va., who led the exercise and was part of the group that scored how well each team did to determine who won and lost the wargame.

Participants were symposium attendees who signed up for the exercise as one of several training events offered on the first day of the four-day conference, hosted by the Rocky Mountain chapter of the Armed Forces Communications and Electronics Association. Rhonda Dyer, SAIC's vice president of cyber capture and strategy, said Nichols selected participants for each team to balance their cyber experience and expertise to have a broad spectrum of talent.

The exercise is designed to be a game of cat-and-mouse, with the defenders responding and blocking the attackers, who try instead to exploit another vulnerability in the network, Nichols said.

"We were successful in getting people to think about cybersecurity in different ways, whether they had extensive or very little cybersecurity experience," Nichols said. "You have got to assume the bad guys will break in and expect that your network will be penetrated. You have to figure it out and contain the damage."

The exercise was the first time that SAIC had run the wargame outside the company, Dyer said. The event has been offered about "a half dozen" times in the past nine months, mostly for members of the company's board of directors or senior management to raise awareness about cybersecurity risks, she said.

"People are sitting at computers and trying to prevent an oil spill or a dam releasing too much water and causing a flood," Dyer said. "These hacks have real-life effects. People think that it is all about information technology and computers, but it is really about protecting critical infrastructure."


Contact Wayne Heilman: 636-0234

Twitter @wayneheilman

Facebook Wayne Heilman

Register to the Colorado Springs Gazette
Incognito Mode Your browser is in Incognito mode

You vanished!

We welcome you to read all of our stories by signing into your account. If you don't have a subscription, please subscribe today for daily award winning journalism.

Register to the Colorado Springs Gazette
Register to the Colorado Springs Gazette
Subscribe to the Colorado Springs Gazette

It appears that you value local journalism. Thank you.

Subscribe today for unlimited digital access with 50% fewer ads for a faster browsing experience.

Already a Subscriber? LOGIN HERE

Subscribe to the Colorado Springs Gazette

It appears that you value local journalism. Thank you.

Subscribe today for unlimited digital access with 50% fewer ads for a faster browsing experience.

Subscribe to the Colorado Springs Gazette

Some news is free.
Exceptional journalism takes time, effort and your support.

Already a Subscriber? LOGIN HERE

articles remaining
Thank you for your interest in local journalism.
Gain unlimited access, 50% fewer ads and a faster browsing experience.