Summary of the 2014 Po’oihe Cyber Defense Exercise

On July 18-20, 2014, the ICS Department along with other university, state, industry, and military organizations hosted the second annual Po’oihe cyber defense exercise at the University of Hawaii’s Campus Center Ballroom. Over 150 people participated in the event.

Po’oihe means “tip of the spear”, and is meant to symbolize Hawaii’s position on the leading edge of cyber defense. Over two dozen organizations took part, including UH campuses (Kapiolani and Leeward Community Colleges, Maui College, Manoa), government (City and County of Honolulu, State of Hawaii), industry (Analyzer USA, Hitachi Systems, Innertrode, ISSA, Pacific Business Services, Referentia, Hawaii Pacific Teleport, Training 808), and military (California Air National Guard, Hawaii Air and Army National Guards, U.S. Air Force, and the U.S. Defense Logistics Agency). In addition, high school students from Sacred Hearts Academy and Iolani provided logistical support. Po’oihe used cyber range software developed by the National Information Assurance Training and Education Center (NIATEC) at Idaho State University. Hardware for this event was provided primarily by the University of Hawaii with significant assistance by Dell Computer Corporation. Over 8000 hours were put into the planning of the event.

The 2014 scenario is loosely based on one used by the Hawaii Emergency Management Agency. In the scenario, the Hawaiian islands are hit by a Category 4 hurricane that goes up the chain, knocking out every island’s cyber infrastructure including communication systems, airports, harbors, hospitals, and so forth. UH’s Information Technology Center (ITC) survives, and a few ICS students occupying the ITC “Bunker” during the storm build a network from spare equipment. Unfortunately, this network is immediately attacked by outsiders trying to get personally identifiable information (PII) such as homeowner and medical insurance numbers, medical information, addresses, and so forth. As time goes on, the public becomes frustrated with recovery efforts and begins to compromise websites, servers, and routers.

To carry out this scenario, the Po’oihe exercise split participants into teams, organized by color. 72 participants were divided into 7 Blue Teams, each defending a copy of the network built in the ITC Bunker. Their work involved identifying what information was on their network, processing incoming emails, reporting network status, developing policies, updating their databases and websites, identifying attacks, and preventing damage. 28 participants were divided into the 2 Red Teams who attempted to compromise each Blue Team’s network. A single White Team with 21 participants created the scenario simulation for the Blue Teams through work orders, email traffic from emergency shelters, ports, and airports, updated casualty information, and so forth. The White Team also judged each Blue Team’s performance. The 15 members of the Black Team monitored the hardware and software running the exercise to insure it remained operational and was not itself compromised. Finally,  the dozen observers and invited guests were members of the Gold Team. All participants were required to wear a name badge with their color at all times to ensure that team members stayed in appropriate areas of the ballroom.

Po’oihe is an exercise, not a competition. The objective is to allow Blue Team members to assess and improve their cyber defense skills and determine areas for improvement. The exercise tested their knowledge on securing systems, setting policies, communicating problems, and group management. Each Blue Team received a report assessing their performance.

An important result of this exercise is the creation of working relationships with a variety of organizations across the State of Hawaii and the mainland. For the ICS Department, Po’oihe represents an important component of our current thrust in cyber security research and education.