Cyber defenders play offense in security contest

National Defense University hosts cybersecurity exercise for feds, contractors and service members

Twelve duos of feds, contractors, and service members each armed with two laptops – one machine for attacking and one for defending – took aim at each other's computers and networks of fictional agencies today during a cybersecurity competition hosted by the National Defense University's iCollege.

The NDU’s Cyber Security Challenge II's participants ordinarily spend their days fighting off would-be hackers, but today they put themselves in their adversaries’ shoes to try to attack and disrupt systems by using a cadre of open-source hacking tools.

Related Story:

Cybersecurity audit guidelines recommended

The teams earned points for successfully targeting competitors’ systems and those of two fictional federal agencies and a mock state agency. For example, participants could earn 10 points for copying the HR records off a fictional federal agency’s file server or one point for defacing another participant’s Web server. Players could earn 25 points for hacking into a fictional state agency and opening or closing a model bridge designed to replicate the supervisory control and data acquisition that control some critical infrastructure in the United States.

Meanwhile, the participants had to play defense by fending off attacks on their own systems to avoid having points deducted. Players were given a short time to configure their machines for defense before the competition. 

Air Force Maj. Stephen Mancini, a military faculty member at NDU who put the exercise together, said it’s important that cyber defenders understand offense. Mancini said the competition is also an opportunity for people to meet colleagues who work on similar problems. The first Cyber Security Challenge – a smaller event – was held in late 2009.

“This is learning experience,” he told participants just before the event held at the NDU facility in Washington. “At the end of the day, we’re all on the same team.”

The players came from organizations such as the Defense Information Systems Agency, the Federal Aviation Administration, military academies, the military and contractors. People working with the State and Homeland Security departments observed.

Two West Point cadets compete at the Cyber Security Challenge II on March 12.

Two West Point cadets compete at the National Defense University's Cyber Security Challenge II on March 12.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Veterans Affairs
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    VA health record go-live pushed back to July

    The Department of Veterans Affairs is delaying a planned initial deployment of its $16 billion electronic health record project by four months, but is promising added functionality at the go-live date.

  • Workforce
    The Pentagon (Photo by Ivan Cholakov / Shutterstock)

    Esper says he didn't seek the authority to gut DOD unions

    Defense Secretary Mark Esper told lawmakers he was waiting for a staff analysis of a recent presidential memo before deciding whether to leverage new authority.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.