RED TEAM IN A BOX (RTIB): DEVELOPING AUTOMATED TOOLS TO IDENTIFY, ASSESS, AND EXPOSE CYBERSECURITY VULNERABILITIES IN DEPARTMENT OF THE NAVY SYSTEMS
Loading...
Authors
Plot, Joseph A.
Subjects
red team
cyber
offensive cyber operations
vulnerability assessment
automation
cyber
offensive cyber operations
vulnerability assessment
automation
Advisors
Shaffer, Alan B.
Singh, Gurminder
Date of Issue
2019-06
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
The U.S. Navy and Marine Corps manage a vast number of computer systems, both afloat and ashore, many of which are neither directly connected to an external Internet Protocol (IP) network nor updated regularly, but do occasionally interact with other IP-connected devices. As malicious actors advance their capabilities to exploit and penetrate computer networks, the Department of the Navy (DoN) must be able to verify whether or not its computer systems are susceptible to cyber-attacks. A current mitigation technique is to use a cyber red team to assess a friendly network in a controlled environment; however, this method of conducting assessments can be costly and time-consuming, and may not target specific critical systems. This thesis developed a proof-of-concept tool called Red Team in a Box (RTIB) that addresses the current resource limitations of cyber red teams by leveraging open source software and other methods to discover, identify, and conduct a vulnerability scan on a computer system’s software via a graphical user interface. The results of the vulnerability scan offer the RTIB user possible mitigation strategies to lower the risk from potential cyber-attacks without the need for a dedicated cyber red team operating on the target host or network. This research fundamentally provides the foundation to further develop an automated tool that Sailors and Marines with limited expertise can use to conduct a thorough cybersecurity vulnerability assessment on DoN systems.
Type
Thesis
Description
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
OSD
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.