Cyber defenders play offense in security contest

National Defense University hosts cybersecurity exercise for feds, contractors and service members

Twelve duos of feds, contractors, and service members each armed with two laptops – one machine for attacking and one for defending – took aim at each other's computers and networks of fictional agencies today during a cybersecurity competition hosted by the National Defense University's iCollege.

The NDU’s Cyber Security Challenge II's participants ordinarily spend their days fighting off would-be hackers, but today they put themselves in their adversaries’ shoes to try to attack and disrupt systems by using a cadre of open-source hacking tools.

Related Story:

Cybersecurity audit guidelines recommended

The teams earned points for successfully targeting competitors’ systems and those of two fictional federal agencies and a mock state agency. For example, participants could earn 10 points for copying the HR records off a fictional federal agency’s file server or one point for defacing another participant’s Web server. Players could earn 25 points for hacking into a fictional state agency and opening or closing a model bridge designed to replicate the supervisory control and data acquisition that control some critical infrastructure in the United States.

Meanwhile, the participants had to play defense by fending off attacks on their own systems to avoid having points deducted. Players were given a short time to configure their machines for defense before the competition. 

Air Force Maj. Stephen Mancini, a military faculty member at NDU who put the exercise together, said it’s important that cyber defenders understand offense. Mancini said the competition is also an opportunity for people to meet colleagues who work on similar problems. The first Cyber Security Challenge – a smaller event – was held in late 2009.

“This is learning experience,” he told participants just before the event held at the NDU facility in Washington. “At the end of the day, we’re all on the same team.”

The players came from organizations such as the Defense Information Systems Agency, the Federal Aviation Administration, military academies, the military and contractors. People working with the State and Homeland Security departments observed.

Two West Point cadets compete at the Cyber Security Challenge II on March 12.

Two West Point cadets compete at the National Defense University's Cyber Security Challenge II on March 12.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.