Microsoft Subnet An independent Microsoft community View more

Air Force hackers win NSA's 13th annual Cyber Defense Exercise

Students from the Air Force, Army, Navy, Coast Guard and Merchant Marine academies competed on the cyber battlefield against about 60 NSA and DoD hackers for the Cyber Defense Exercise trophy.

Did you hear about the big game last week? Perhaps not, since "this annual battle might not yet have achieved the same mythic status as, say, the Army-Navy football game," but there was a simulated cyberwar being waged from April 16 to 18. During the NSA's 13th annual Cyber Defense Exercise (CDX), sponsored by the NSA's Information Assurance Directorate (IAD), "nearly 60 government experts - sitting under a black skull and crossbones flag - worked around the clock this week to break into computer networks built by students at the Air Force, Army, Navy, Coast Guard and Merchant Marine academies." Two military graduate schools, the Naval Postgraduate School and the Royal Military College of Canada, also participated.

According to the NSA press release, "The U.S. Air Force Academy won this year's Cyber Defense Exercise (CDX), gaining its fourth trophy - and its first consecutive victory - since the annual competition began in 2001."

"If you were a boxer, and you never stepped into the ring before and Mohamed Ali or Mike Tyson gave you a couple of pops, it would be difficult for you to defend yourself had you never had any practice," Bill Stackpole told CSO; he is an associate professor who teaches network security at the Rochester Institute of Technology. "These competitions give you practice on the receiving end."

The NSA was the red team, "pretending to be the bad guys," stated Collegiate Cyber Defense Competition Director Dwayne Williams. "Their job was to break into each of the military academys' teams' networks, steal information from them, shut down their services, degrade their capabilities - that sort of thing." Due to time constraints of this simulated cyberwar, NSA hackers were a bit "louder" than if this were a nation state or other bad actor hackers trying to covertly break into infrastructure. Yet "the attack tools are the same - probe the network, scan the network, break into the network, put in backdoors, steal information, set up dummy accounts and disrupt capabilities."

The teams spent about three weeks building their networks, then spent last week defending them against NSA and Department of Defense Red Force hackers who launched attacks around the clock to determine which team best defended their network "on the cyber battlefield." The competitors could also "launch cyber-counter attacks, conduct cyberwarfare, and attempt to maintain their system's online service delivery."

They used the same tools "used by the military to defend Department of Defense networks. And they're facing many of the same strategies used by real hackers - at least, the unclassified ones." All of CDX teams, competing for the NSA Information Assurance Director's trophy and bragging rights, started with zero points. "If its defense strategy works and the NSA's attacks fail, the team earns points. If the NSA breaks through the protections, the team loses points." At the end of the competition, teams were "evaluated on their ability to maintain services, protect the privacy of the information on their system and respond to and prevent further attacks."

"They're vulnerable to a variety of different attacks." Lt. Colonel David Raymond of West Point Academy said to imagine what would happen if the banking system or the Internet were to go down within the continental United States; "that would cause some significant challenges. It's a great opportunity for them to take that whole four-year computer science education and put it into one big exercise." Cadet Rebecca Malone, a senior at West Point Academy, added, "Most of us are going into the signal and military intelligence corps. So in the future this is going to be practical stuff that we're going to be working with."

"CDX offers an unparalleled opportunity for some of the nation's top students to showcase their cyber skills to NSA's leading practitioners," said Neal Ziring, IAD's Technical Director. "America increasingly needs professionals with highly technical cyber skills to help the country remain safe and adapt with greater agility. We need the best and brightest to help us defeat our adversaries' new ideas."

The NSA wrote:

Cyber warriors who assess and defend the U.S. government's most sensitive communication systems challenged the ability of service academy teams to protect networks designed, built, and configured at the students' respective schools. Working at Lockheed Martin's facility in Hanover, Md., another group of specialists graded each team's ability to effectively maintain network services while detecting, responding to, and recovering from security intrusions or compromises.

Lockheed Martin coordinated with the NSA to establish virtual private networks for the exercise, "providing a safe path for the exercise while preventing interference with real-world networks." Darrell Durst, vice president of cyber solutions for Lockheed Martin's Information Systems & Global Solutions said, "Cyber Security is at the core of all we do, so each year we are inspired by these innovative students as they face challenges from veteran NSA experts. The students tackle the same types of threats our nation faces daily in cyber security. Whether detecting intruders, or adapting to sophisticated threats, NSA leverages this opportunity to educate the next generation of cyber professionals."

"This was the second year in a row that the Air Force Academy, based in Colorado Springs, came out on top, with West Point's Army cadets finishing just behind them." West Point posted the 13th annual Cyber Defense Exercise images in this article plus more on Flickr.

Image credits: U.S. Army photos by Mike Strasser/USMA PAO

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies