U.S. ARMY GARRISON GRAFENWOEHR, Germany — Wars are not always fought on the battlefield; some occur in places we can't even see like 'the network'. For most countries, namely the nearly 40 here at Combined Endeavor 2013, cyber security is the number one concern for these 1,200 communications professionals in keeping their networks safe and operational.
However, there's one CE13 team that has been charged with searching for vulnerabilities and degrading the very network these nations have spent the past two weeks building, in order to help strengthen it and reduce its risk of cyber attacks from real-world adversaries.
"My role is to integrate cyber security into Combined Endeavor," said Nathan Menkevich, U.S. European Command International Cyber Engagement Branch and CE13 red team director. "We're here to assess the network and perform live scenario-based injects when we move to Phase III [the operational phase] of the exercise."
Menkevich's team, consisting of 10 members from the United States, Poland, Lithuania, Latvia and Bulgaria, are part of the 'red team' that is scheduled to perform vulnerability assessments for 22 countries participating in Combined Endeavor. They are also tasked with reviewing policies associated with CE13 and determining the effectiveness of the cyber security team.
So far, the team has conducted five assessments per day since the start of Phase II of the exercise, and noted that they have found several critical vulnerabilities they plan to share with the countries involved. Finland and Austria have taken a keen interest in the team's role in Cyber Endeavor and have provided the team access to their systems and network architecture to evaluate how well they are performing in the area of cyber security.
"We believe the response to our assessments will be positive because we're going to talk with these countries and provide them with the tools they need to improve their networks," Menkevich said.
Menkevich said they hope the information they provide to the 22 countries and the implementation of the cyber injects helps pave the way for future Combined Endeavor exercises as they transition to a more operational environment.
"[In future Combined Endeavor exercises] our focus will be more toward degrading the entire network as opposed to just providing assessments," Menkevich said. "We want to see if these countries can figure out how to continue to operate even when their systems are not available."
Red team lead, Polish Maj. Thomas Strycharek, who has been involved in all three phases of the exercise, said this has been a challenging, yet rewarding experience.
"This is actually one of the best exercises that I've ever attended,” Strycharek said. "This is my second time as team lead for Combined Endeavor cyber injects and I'm happy to have the opportunity to practice my skills and share my experience and information with other members."
CE13 is a multinational command, control, communications and computer (C4) systems exercise designed to build and enhance communications and network interoperability between the participating NATO and Partnership for Peace countries.