Cyber defenders play offense in security contest
National Defense University hosts cybersecurity exercise for feds, contractors and service members
Twelve duos of feds, contractors, and service members each armed with two laptops – one machine for attacking and one for defending – took aim at each other's computers and networks of fictional agencies today during a cybersecurity competition hosted by the National Defense University's iCollege.
The NDU’s Cyber Security Challenge II's participants ordinarily spend their days fighting off would-be hackers, but today they put themselves in their adversaries’ shoes to try to attack and disrupt systems by using a cadre of open-source hacking tools.
Cybersecurity audit guidelines recommended
The teams earned points for successfully targeting competitors’ systems and those of two fictional federal agencies and a mock state agency. For example, participants could earn 10 points for copying the HR records off a fictional federal agency’s file server or one point for defacing another participant’s Web server. Players could earn 25 points for hacking into a fictional state agency and opening or closing a model bridge designed to replicate the supervisory control and data acquisition that control some critical infrastructure in the United States.
Meanwhile, the participants had to play defense by fending off attacks on their own systems to avoid having points deducted. Players were given a short time to configure their machines for defense before the competition.
Air Force Maj. Stephen Mancini, a military faculty member at NDU who put the exercise together, said it’s important that cyber defenders understand offense. Mancini said the competition is also an opportunity for people to meet colleagues who work on similar problems. The first Cyber Security Challenge – a smaller event – was held in late 2009.
“This is learning experience,” he told participants just before the event held at the NDU facility in Washington. “At the end of the day, we’re all on the same team.”
The players came from organizations such as the Defense Information Systems Agency, the Federal Aviation Administration, military academies, the military and contractors. People working with the State and Homeland Security departments observed.
Two West Point cadets compete at the National Defense University's Cyber Security Challenge II on March 12.
Ben Bain is a reporter for Federal Computer Week.