Aggressor squadron tests

by Aaron Schoenfeld
435th Air Base Wing Public Affairs

In an overseas environment, physical security receives its share of due attention. Sometimes though, an enemy is lurking closer than we think.
With the increasing use of online communication, an adversary can carefully watch activity on a military base without being anywhere near it.

And sometimes, all the critical information they’re looking for is handed right to them.
It’s this type of unintentional assistance to the enemy that brought the 177th Information Warfare Aggressor and the 57th Information Aggressor Squadrons for an unannounced visit to Ramstein Feb. 8 to 20. The team of aggressors posed as outsiders and used a variety of advanced tactics to try and gain access to the base and valuable information through rigorous tests of physical and information security.
“Our job is to replicate an adversary’s intelligence threats to raise awareness and teach people how to counter those threats,” said the commander of the 177th IAS.
Prior to visiting Ramstein, the team collected as much information as possible through open source intelligence. The process includes finding, selecting and acquiring information from publicly available sources and analyzing it so it can produce actionable intelligence. Open source intelligence could be as easy to collect as typing “Ramstein Air Base” into a popular search engine.

“America is a very free and open society and that’s great,” said the “enemy” commander, “but sometimes that can work against us.”
Since avoiding the Internet altogether isn’t a viable option in preventing the dissemination of potentially harmful information, the team devoted the second week of their visit to sharing their findings and educating base personnel on how to be aware of and avoid potential vulnerabilities.

A large part of the focus was on network security. Steps such as logging off computer systems at night, digitally signing e-mails and encrypting messages with personal information are a few things that the team urges people to do to keep networks safe. They also encouraged using common sense on physical security.
 
“The lessons learned opportunity here is incredible,” said Col. Don Bacon, 435th Air Base Wing commander. “We know there are real threats to our networks and groups who want to target our Airmen, and this training helps us make our security stronger. Sometimes, living and working in such friendly surroundings can have the effect of letting our guard down. I’m glad they were able to come share some simple things that each of us can do to improve our operational security.”

The aggressor teams visit several bases every year and one of the most frequently asked questions is how each base fares in comparison to the others. While the team does not compare vulnerability results among bases, they do keep track of how many people they address at each location.

So far, Ramstein takes the honors for having the most Airmen educated during a single visit.

“This is the largest training venue we’ve seen yet. We were at least 500 people over our current attendance record,” said the mission commander about the visit.
The record breaking attendance provides good assurance that Ramstein personnel are more aware of how their everyday actions could work against them. And since most of the collection methods and test results of the aggressors are considered sensitive information, the training was held in a controlled environment, but surprise was obvious among those who discovered their missteps were closely tracked during the evaluation period.

“We’re not here to get people in trouble. We’re here to give the installation commander a snapshot look at the realistic OPSEC and security posture of the base,” said the squadron commander.

“It’s like flying against Red Air during Red Flag and working against the very best,” Colonel Bacon said. “Our job now is to take away the tactics and techniques that will ensure we are smarter and more secure.”

Even off base, personnel are asked to carefully consider what they put on the Internet through use of social networking sites, blogs and other personal Internet sites.

“Nobody wants to be the person that provides an adversary the missing piece of the puzzle,” the commander said. “All you need to do is always assume someone is watching. Just consider that every time you log on – the fight’s on.”
 
(Editor’s note: The names of the aggressor team members were not included to protect their roles as imitation adversaries.)