Cybersecurity

Student cyber teams do battle

CDX 2017 - Photo Sean Carberry 

Cyber squads match wits and exploits at an annual tournament for the U.S. service academies. (Photo credit: Sean Carberry/FCW)

Last fall, Army's football team broke a 14-year losing streak against Navy, and now Army's cyber cadets are looking to defeat Navy's midshipmen again in the 2017 Cyber Defense Exercise run by the National Security Agency.

The Coast Guard Academy, Merchant Marine Academy, and the Royal Military College of Canada are the other blue team contestants in the three-day competition, now in its 17th year.

Teams of up to two-dozen students at the academies are feverishly trying to defend their networks from a red team operating out of a "war room" at Parsons Corporation in Columbia, Md. that reporters were invited to visit on April 12.

A Jolly Roger flag hangs in the middle of the room. A rainbow of network cables snakes across tables into an armada of laptops. Snack food wrappers litter the tables along with empty cans of energy drinks.

Red cell members, mostly young, casually dressed NSA employees, some with shaggy beards and wearing hoodies, along with members of the Delaware Air National Guard and a few others, are feverishly typing away launching a variety of attacks on the student networks.

A monitor shows a 3-D rendering of the networks and the traffic going back and forth. Other video feeds show the student teams back at their academies scrambling to contain the attacks. Another monitor shows bar graphs with the real time scores of the teams – Army had a slight lead at the time of the press visit to CDX.

Adding to the challenge, a "grey team" designed to represent typical users -- from ignorant to malicious -- is surfing the web and clicking on links in spearphishing emails. Just as an employee at a government agency might, they are opening the door for malware and exploits the students have to contain on the simulated network.

In the corner of the room sit the "white cell" members who are keeping score and making sure the students are following the rules -- they just had to dock the Coast Guard team a significant number of points for a creative, but unapproved gambit. The student teams also monitor each other to make sure no one is pulling a Captain Kirk and gaming the system.

Since the participants are underclassmen with limited cyber education, the exercise is geared to their level with open source tools that are common in the real world. There are no proprietary NSA tools or exploits on the level of nation-state hackers they might be combatting in their future careers.

"We're using techniques that they would see in the wild," said Curtis Williams, who is charge of the red cell. "They have a real live competitor that's expert level, so if they do fairly well here, even if they don't win per se, that experience is going to be valuable."

The NSA's James Titcomb, who is the CDX technical lead, said that the exercise is getting more difficult to carry out each year because vendors like Microsoft and Cisco are continuing to harden their products.

"Basically by the second day, normally we've already compromised their systems, we've already moved through their networks," he said. "As of last night only three networks were compromised."

One of the new elements of the exercise this year is having students participate on the red teams. Typically, cadets and midshipmen focus on defense cyber studies, so this has been eye opening to Army Cadet Connor Eckert and Navy Midshipman Nick Co.

"I was surprised when on the first day the red cell guys were like, 'we got root on almost all the boxes, like, we got backdoors everywhere,'" said Eckert with a laugh and a slight blush. "I'm like, 'oh, it couldn't have been that easy. All of West Point's boxes have been owned already.'"

"The biggest thing I've found is that a lot of these people have such a passion for this stuff, it's like they eat, sleep breathe this stuff," said Co. "So to a degree there's like the technical knowledge but there's also like the art and skill that goes behind it."

Both said seeing how attackers work will deepen their understanding of defensive operations, but also they said they hope their academies will add more offensive training.

In addition to the core network defense exercise, students also have to complete challenge exercises such as reverse engineering, network forensics and an unmanned aerial vehicle mission where they have to defend their drones while attacking those of a virtual adversary.

This year's winner will be announced on April 14.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.