Story by Mass Communication Specialist 3rd Class Lex T. Wenberg
Photo by Mass Communication Specialist 3rd Class Kevin Murphy
During the Composite Training Unit Exercise (COMPTUEX), ships in a unit such as the John C. Stennis Carrier Strike Group (JCSCSG) are subjected to complex training tests.
Among the assessments of COMPTUEX are the Green, Blue and Red Team assessments of computer network security aboard JCSCSG’s flagship USS John C. Stennis (CVN 74).
During Green, Blue and Red Team’s embarkation, Stennis’ network security enforcers, Information Assurance (IA), will be graded on their capabilities.
Ensuring responsible use of the ship’s computer network by the crew is just one of IA’s jobs. They are also responsible to the Commanding Officer for defending our networks against outside attacks.
“We develop and maintain a Command Level IA program to provide adequate security for all associated assets,” said Ensign Joseph Jones, Stennis’ Information Assurance Manager.
Green Team is the first of the three assessments where a group of security specialists embark and inspect the network for vulnerabilities. Green Team also gives recommendations to the ship for actions which IA can take to strengthen network security.
“Green Team is responsible for helping us see things we overlooked,” said Information Systems Technician 1st Class (SW/ AW) Eric Ebe. “This helps us root out security risks.”
Having completed the initial assessment, Green Team’s recommendations are already being implemented.
“During Green Team’s assessment, we saw iTunes installed on computers as well as other software,” said Ebe. “This type of software is not authorized on the ship’s computer network, so we got rid of it.”
What is supposed to be the next phase of the testing, called Blue Team, is almost identical to Green Team, but the results of the assessment carry far more weight. Blue Team has been postponed until June, said Information Systems Technician 1st Class (SW) Brandon Manning, IA’s current LPO.
“We had to jump right into the Red Team assessment due to time constraints,” said Manning.
Assuming the ship performs well for Red Team, a group of ethical hackers who will test network security procedures and attempt to exploit vulnerabilities and give the network a general work-over, the next step will be Blue Team.
“Some of the questions we ask ourselves between drills are: did we accomplish what Green Team asked us to?” said Ebe. “Were we able to make the changes fast enough? Red and Blue Team will evaluate our successes.”
The entire crew is involved in these phased assessments, said Jones.
“My request for the crew is not about the upcoming assessments,” said Jones. “It’s about what we need to do on a daily operational basis: do not install unauthorized software or hardware, stay away from porn sites, do not open suspicious e-mails that have attachments or links, no electronic spillage, etc. Everyone on the ship signed a SAAR-N form for access to the network, so please adhere to it.”
Failure to meet the standards of Blue Team’s assessment can mean a loss of connection to the Global Information Grid.
“That means no e-mail, no web browsing, no share drive, and no comms,” said Ebe. “Nothing.”
“This is the final assessment and will be the final condition we have to meet before deployment,” said Ebe.
Since communication is essential to any sea-going vessel, particularly the flagship of a carrier strike group, both IA and the rest of Stennis’ crew must be vigilant when it comes to proper network security.