Cyber defenders play offense in security contest

National Defense University hosts cybersecurity exercise for feds, contractors and service members

Twelve duos of feds, contractors, and service members each armed with two laptops – one machine for attacking and one for defending – took aim at each other's computers and networks of fictional agencies today during a cybersecurity competition hosted by the National Defense University's iCollege.

The NDU’s Cyber Security Challenge II's participants ordinarily spend their days fighting off would-be hackers, but today they put themselves in their adversaries’ shoes to try to attack and disrupt systems by using a cadre of open-source hacking tools.

Related Story:

Cybersecurity audit guidelines recommended

The teams earned points for successfully targeting competitors’ systems and those of two fictional federal agencies and a mock state agency. For example, participants could earn 10 points for copying the HR records off a fictional federal agency’s file server or one point for defacing another participant’s Web server. Players could earn 25 points for hacking into a fictional state agency and opening or closing a model bridge designed to replicate the supervisory control and data acquisition that control some critical infrastructure in the United States.

Meanwhile, the participants had to play defense by fending off attacks on their own systems to avoid having points deducted. Players were given a short time to configure their machines for defense before the competition. 

Air Force Maj. Stephen Mancini, a military faculty member at NDU who put the exercise together, said it’s important that cyber defenders understand offense. Mancini said the competition is also an opportunity for people to meet colleagues who work on similar problems. The first Cyber Security Challenge – a smaller event – was held in late 2009.

“This is learning experience,” he told participants just before the event held at the NDU facility in Washington. “At the end of the day, we’re all on the same team.”

The players came from organizations such as the Defense Information Systems Agency, the Federal Aviation Administration, military academies, the military and contractors. People working with the State and Homeland Security departments observed.

Two West Point cadets compete at the Cyber Security Challenge II on March 12.

Two West Point cadets compete at the National Defense University's Cyber Security Challenge II on March 12.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

    sensor network (agsandrew/

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.