The Maple Leaf

Articles

Preparing for CF computer network operations

Alone packet of data races across a network and trips an intrusion detection sensor. The alert is communicated to the CF network operations centre (CFNOC) at CFS Leitrim, where a computer network defence troop (CND Tp) analyst investigates the alert and determines whether this is one of thousands of false alarms or a real and present threat to DND/CF networks around the globe.

CND Tp analysts are the CF’s forward surveillance elements, observing our perimeter for hostile intrusions 24/7/365. They require an in-depth understanding of computer networking—network architecture to internet protocols to operating systems—and very specific knowledge of the network (“terrain”) they are defending.

For the second year running, newly posted-in members of CFNOC travelled to Royal Military College of Canada in Kingston (RMC) for a two-week short course in networks and security (SCINS).

The analysts ranged in rank from private to sergeant, and came from a variety of trades. To better design the course, the RMC professors visited CFNOC in summer 2008 to observe and interview members of CND Tp.

The students alternated between classroom lectures and sitting at a computer learning how to use both offensive and defensive tools in a closed network environment usually reserved for undergraduate and graduate courses at RMC. The key to absorbing this type of knowledge is by having students sit in front of a keyboard and experiment with the tools.

The course wound culminated in a computer defence exercise (CDX) for which Masters students and technical support staff in the Electrical and Computer Engineering Department at RMC created a virtual internet, including simulated user traffic and background noise.

The exercise scenario involved three businesses whose computer networks had changed quite a bit but weren’t always properly administered. Intelligence indicated that their competitors were going to try to break into their networks, so they asked the analysts (the students) to monitor their networks to determine when and if their competitors were successful.

The CFNOC students were split into three teams acting as network security analysts for the companies. Each time was assigned an instructor to act as a mentor to ensure the exercise progressed. Joint Red Team members— DND and communications security establishment personnel, and Masters’ students—played the attackers.

The Red Team penetrated the networks and the defenders worked to identify how. The exercise confirmed the students’ knowledge of basic network security concepts and demonstrated just how difficult it is to defend a network even if you know it’s under attack.

“You will be a little amazed and more than a little paranoid about what you learn about networks,” said CFNOC student Master Corporal Chisholm.

CFNOC’s Sergeant Andre Gendreau, who has been on more than 15 IT security-related courses, said RMC’s SCINS was “one of the most informative and well designed courses” he’s taken part in.

Never before have professors and an advanced technical department at RMC been used to prepare junior NCMs and sergeants for their operational tasks. This evolution in the approach to educating our fighting elements underscores both the complexity of the operating environment and the growing reliance on specialization in this field.

If you think you have what it takes and would like to know more about the possibility of working at CFNOC, have your career manager e-mail Holman Maj JG@ADM (IM) CFNOC Leitrim@Ottawa-Hull) or Racicot CPO1 JGM@ADM(IM) CFNOC@Ottawa-Hull.