Page 13 - Cyber Defense eMagazine - July 2018
P. 13
OPERATION ELIGIBLE RECEIVER - THE BIRTHPLACE OF
CYBERSECURITY: CONFIGURATIONS
More than 20 years ago, the NSA conducted an exercise named Operation Eligible Receiver
97. The purpose of the exercise was to test the response capabilities of critical Department of
Defense information systems in the case of a breach. The exercise concluded with startling
results. Utilizing only publicly available hacking techniques, the NSA was able to completely
infiltrate the DoD network and gained superuser access into high-priority devices. However,
one of the only known cases of the NSA being prevented from reaching their targets
occurred when a marine noticed suspicious traffic on the network and immediately changed
1
configuration settings to lock down permissions.
After a two-year review of the exercise, recommendations were made for an increased focus
on configuration management for all entities. Though best practices were not formally
codified, compliance frameworks were developed and include configuration management
practices. These frameworks include NIST 800-53 and Security Technical Implementation
Guides (STIGs).
Operation Eligible Receiver highlighted the importance of organizations knowing what they
have, how it’s configured, what’s changed, and who changed it. With this understanding,
security teams are better equipped to meet regulatory compliance and identify configuration
drift.
TODAY’S COMMON MISTAKES
Organizations need to know what they have in order to improve security posture. In
addition to a reliable asset inventory, it is essential for security teams to know how their
network is configured and what has changed over time. When done manually, the process of
keeping track of configuration changes can take large amounts of time that security
professionals do not have. This approach will typically rely on guesswork when answering
questions such as, “Who added a workstation to a domain?” or “When did this user receive
administrative privileges?”
Eligible Receiver 97 After Action Report. Retrieved from: https://www.youtube.com/watch?v=iI3iZAq0Nh0
1
13 Cyber Defense eMagazine – July 2018 Edition
Copyright © 2018, Cyber Defense Magazine, All rights reserved worldwide.