Defense Secretary Ash Carter looks over the CberCity simulator at the Air Force Academy, taken May 12, 2016.

Defense Secretary Ash Carter looks over the CberCity simulator at the Air Force Academy, taken May 12, 2016. PATRICK TUCKER / DEFENSE ONE

The Tiny Town Where Air Force Cadets Learn to Drop ‘Cyber Bombs’

The future of cyber warfare training looks like a model railroad where network security majors take turns turning off the lights.

COLORADO SPRINGS, Colorado — In a small room at the U.S. Air Force Academy stands a scale model of a town, complete with power and other utilities, looking as if someone had upgraded their model railroad with radar towers and air defense equipment. The pieces are connected to tiny Raspberry Pi controllers running Modbus, a protocol commonly used in the gear that controls real-world utilities. Last week, Defense Secretary Ash Carter showed up to watch a group of cadets reverse-hack a tiny radar tower until they could turn it on and off at will.

Installed earlier this spring, the CyberCity simulator allows cadets to take turns hacking the town and defending against attacks. They learn how to issue kill orders and cancel kill processes, implement and then take down new firewalls, and set up scheduled operations that can be hard for network operators to detect. It was originally designed some years ago by a New Jersey-based security firm for the Air Force. The other version is at the  SANS Institute.

The military’s service academies also run a three-year-old hacking contest, developed by the Defense Advanced Projects Research Agency, or DARPA, called CyberStakes. Naval Academy, Air Force Academy, and other students compete in events like “lock picking” and “rapid-fire hacking.”

The simulator helps train Air Force cadets in the Academy’s new network security major. Many of its graduates go off to U.S. Cyber Command at Fort Meade, Maryland, and elsewhere, where they are engaging in a new form of warfare, the use of offensive cyber weapons.

Speaking at a change-of-command ceremony for last week, Carter took a moment to highlight the “expanding Cyber Mission Force,” and the historic role they were playing in the fight against the Islamic State.

“While I can’t discuss many of these efforts publicly, I can say that DoD’s cyber capabilities are being employed in Iraq and Syria to prevent the ISIL threat from reaching the homeland,” he said. “We’re using these tools to deny the ability of ISIL leadership to command and finance their forces and control their populations; to identify and locate ISIL cyber actors; and to undermine the ability of ISIL recruiters to inspire or direct homegrown violent extremists.

Carter first announced that elite mission teams were conducting cyber operations on the Islamic State in February, and that “the methods we're using are new,” leaving cybersecurity watchers to wonder what sort of information weapons the Pentagon had cooked up.

Deputy Defense Secretary Robert Work used colorful, if slightly simplistic language, saying that the U.S. was “dropping cyberbombs” on the Islamic State.

In April, Pentagon officials told the New York Times that cyber mission teams were implanting malware on equipment or networks used by the Islamic State to “to alter their messages, with the aim of redirecting militants to areas more vulnerable to attack by American drones or local ground forces.”

A Pentagon spokesperson later clarified that it wasn’t so much the methods that were new so much as Cyber Command playing a direct and offensive role in the fight against ISIS.

Speaking at Intel last Wednesday, Carter confirmed that that the tools themselves were not novel — and adding that he expects to see much the same tools used against U.S. forces, companies, and citizens.

“We’re not using anything unique or distinctive. And therein lies a lesson: we all have to have good cyber defenses as well,” he said.

Some of the cyber offensive capabilities are  intended to “fool” ISIS, Carter said Wednesday in a discussion alongside Homeland Security Secretary Jeh Johnson and Commerce Secretary Penny Pritzker.

Of course, anyone with access to stored data or information can change or manipulate that data as it’s rendered. Consider the Stuxnet virus, which changed values on a database in order cause pieces of equipment to break down. Stuxnet eventually went on to infect networks around the world.

Such cyber attacks that change, rather than simply steal or destroy data, are a rising threat. In September testimony to the House Subcommittee on Intelligence, Director of National Intelligence James Clapper wrote that In the future “we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e., accuracy and reliability) instead of deleting it or disrupting access to it.”

In the same hearing, Adm. Michael Rogers, the head of Cyber Command, said that “the use of cyber for manipulative, destructive purposes” was a new and particularly frightening threat.

That’s why teaching young Air Force cadets to hack radar towers is so important.