Email this Article Email   

CHIPS Articles: Cyber Red Team engages offensive measures to train against attacks

Cyber Red Team engages offensive measures to train against attacks
By J.W. Marcum, NSWC PHD Public Affairs - March 30, 2020
PORT HUENEME, Calif.—In October 2019, Naval Surface Warfare Center, Port Hueneme Division (NSWC PHD), launched a cybersecurity Red Team Development Program (RTDP), to enhance and promote enterprise-wide cybersecurity and fleet readiness. The first cohort has been actively training and testing their skills during tabletop exercises and mock-up scenarios, as well as real-world applications.

The team consists of penetration testers who regularly compete in capture the flag events and contribute to Department of Defense (DoD) programs and Naval Sea Systems Command’s (NAVSEA) cybersecurity mission priority.

Their objective is to simulate the adversaries that threaten the confidentiality, integrity, and availability of Navy systems.

Red teamers take an offensive posture in software testing, whereas blue teams defend against cyber-attacks. Red teams train blue teams to understand adversarial techniques so they can better detect and defend against them.

“The Red Team Development Program has taken my computer skills and cybersecurity knowledge to a new level,” stated Christopher Draper, who serves as a mechanical engineer within NSWC PHD’s Tomahawk Hardware Engineering Branch. “Participating in this program has allowed me to take cybersecurity classes I could have only dreamed of as a hardware engineer…allow[ing] me to prove myself and fast track my change into a new career path. I’m now the go-to guy for any software issues with our equipment.”

Since NSWC PHD is the In-Service Engineering Agent for surface warfare combat systems, the team brings subject matter expertise on how the fleet operates and maintains these systems in the field.

“We can augment the NAVSEA-Red Team (RT) with insight that normally can’t be gathered in a weeks-long assessment,” said Afloat Cyber Security Technical Lead and Cybersecurity Engineer, Bao Huynh.

The NAVSEA-RT is a National Security Agency-certified red team with authority to conduct penetration testing on Navy systems across the DoD Information Network.

“Our success is not our own,” said Huynh. “The NAVSEA family has embraced the development of red-teaming capabilities and made it significantly easier to get training than if we had to do it on our own.”

The team has received support from not only the command’s leadership, but also outside support from the NAVSEA Command Information Office (SEA 00I), to engage in Booz Allen Hamilton Inc.’s Kaizen Capture the Flag (CTF); the Department of Defense to participate in the National Cyber Range CTF; and training vouchers from the Afloat Cybersecurity Engineering Directorate (SEA 05Q).

The team’s diversity spans the station’s talent from engineering to product support.

Steven Coleman is a logistics management specialist that serves in Air Dominance Department’s Technical Documentation Branch. He earned a spot on the team after months-long assessments and self-paced study. The selection process is highly competitive. Each member is awarded 30-40% of their work schedule to be devoted to the program, receiving world-class training, travel to capture-the-flag events and even monetary awards for their wins.

“What I’ve learned in RTDP has already paid dividends in my immediate tasking and support of my branch,” said Coleman. “The knowledge and experience gleaned has given me insight from multiple perspectives in implementing new technologies and IT strategies both to improve the efficacy of products delivered to the fleet, as well as make my branch team members’ lives easier and more productive.”

“At the end of the day, if we are able to improve our processes using Information Technology, the more attention we have remaining to ensure the products and services we provide are as good as they can be,” he concluded.

The team contributes locally to the command’s line-department programs, laboratories and cybersecurity initiatives, including Project Mayhem.

“Mayhem is a tool that uses machine learning to discover software defects in binary programs,” said team member and Cybersecurity Engineer, Shane Bennett. “The reverse engineering skills we have practiced will aid in working on the project. These skills are necessary to harden programs when source code is not available.”

Mayhem was the winner of the Defense Advanced Research Project Agency’s Cyber Grand Challenge in 2016, the first fully autonomous CTF.

Outside the organization, the team works with partners like the Naval Postgraduate School, developing tools and resources such as the Cyber Security Training Tool (CSTT).

“We’re using technology they’ve developed to build a lightweight, yet high-fidelity simulation of the shipboard cybersecurity tools,” said Huynh. “CSTT will be deployed to schoolhouses so each sailor will have his own lab environment instead of having the entire class share the same system. Previously, if the real system broke, it would take days to troubleshoot. CSTT can be reset within a few minutes if it breaks. This allows the students the ability to explore without fear of breaking the only system shared by the whole class.”

“We get to solve puzzles and provide solutions to the fleet and the warfighter,” said Cybersecurity Engineer Calvin Raines.

“We’re looking forward to the annual HACKtheMACHINE competition where we’ll get to test what we’ve learned against some real-world systems,” said Huynh. “Of course, we still have much to learn, but win or lose, I’ve been amazed at how quickly the team has progressed in only five months.”

This will be the Navy’s sixth HACKtheMACHINE event, set to occur in September 2020, location is yet to be determined. The event is organized and sponsored through the collaborative efforts of NAVSEA, Naval Air Systems Command, Naval Information Warfare Systems Command, and the Navy Cyber Warfare Development Group. At the event, participants from government, industry and academia will address complex cybersecurity problems utilizing real-life scenarios in maritime cyber test beds.

— an off-base laboratory housing state-of-the-art equipment, which serves as a collaborative space to foster relationships with small businesses, industry, investment partners and academia; and promotes rapid fielding of new technologies to the fleet. The lab aligns with the Navy’s Tech Bridges program, created by the Naval Expeditions Agility Office (NavalX) under direction of Assistant Secretary of the Navy for Research, Development and Acquisition, the Hon. James Geurts, as part of the 2018 National Defense Strategy. The command helped create Fathomwerx through a Partnership Intermediary Agreement with the Ventura County Economic Development Collaborative, which leases the space from the Port of Hueneme. A fourth partner, Camarillo, California-based Matter Labs is engaged in attracting small high-tech companies that eventually will have access to the lab, along with other members of the community.

For more news from NAVSEA and the Warfare Centers, go to

PORT HUENEME, Calif.—Members of the Naval Surface Warfare Center, Port Hueneme Division’s Cyber Red Team Development Program (RTDP), conduct training and tabletop exercises in penetration testing to protect the integrity and readiness of Navy systems at the Fathomwerx innovation lab, Feb. 13. Pictured are RTDP members (clockwise from left), Shane Bennett, Calvin Raines, Christopher Draper, Steven Coleman, Devin Gavin, and Bao Hyunh. U.S. Navy photo by J.W. Marcum, NSWC PHD Public Affairs / Released
Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer