Cyber defenders play offense in security contest

National Defense University hosts cybersecurity exercise for feds, contractors and service members

Twelve duos of feds, contractors, and service members each armed with two laptops – one machine for attacking and one for defending – took aim at each other's computers and networks of fictional agencies today during a cybersecurity competition hosted by the National Defense University's iCollege.

The NDU’s Cyber Security Challenge II's participants ordinarily spend their days fighting off would-be hackers, but today they put themselves in their adversaries’ shoes to try to attack and disrupt systems by using a cadre of open-source hacking tools.

Related Story:

Cybersecurity audit guidelines recommended

The teams earned points for successfully targeting competitors’ systems and those of two fictional federal agencies and a mock state agency. For example, participants could earn 10 points for copying the HR records off a fictional federal agency’s file server or one point for defacing another participant’s Web server. Players could earn 25 points for hacking into a fictional state agency and opening or closing a model bridge designed to replicate the supervisory control and data acquisition that control some critical infrastructure in the United States.

Meanwhile, the participants had to play defense by fending off attacks on their own systems to avoid having points deducted. Players were given a short time to configure their machines for defense before the competition. 

Air Force Maj. Stephen Mancini, a military faculty member at NDU who put the exercise together, said it’s important that cyber defenders understand offense. Mancini said the competition is also an opportunity for people to meet colleagues who work on similar problems. The first Cyber Security Challenge – a smaller event – was held in late 2009.

“This is learning experience,” he told participants just before the event held at the NDU facility in Washington. “At the end of the day, we’re all on the same team.”

The players came from organizations such as the Defense Information Systems Agency, the Federal Aviation Administration, military academies, the military and contractors. People working with the State and Homeland Security departments observed.

Two West Point cadets compete at the Cyber Security Challenge II on March 12.

Two West Point cadets compete at the National Defense University's Cyber Security Challenge II on March 12.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Comment
    customer experience (garagestock/

    Leveraging the TMF to improve customer experience

    Focusing on customer experience as part of the Technology Modernization Fund investment strategy will enable agencies to improve service and build trust in government.

  • FCW Perspectives
    zero trust network

    Why zero trust is having a moment

    Improved technologies and growing threats have agencies actively pursuing dynamic and context-driven security.

Stay Connected