Did you hear about the big game last week? Perhaps not, since "this annual battle might not yet have achieved the same mythic status as, say, the Army-Navy football game," but there was a simulated cyberwar being waged from April 16 to 18. During the NSA's 13th annual Cyber Defense Exercise (CDX), sponsored by the NSA's Information Assurance Directorate (IAD), "nearly 60 government experts - sitting under a black skull and crossbones flag - worked around the clock this week to break into computer networks built by students at the Air Force, Army, Navy, Coast Guard and Merchant Marine academies." Two military graduate schools, the Naval Postgraduate School and the Royal Military College of Canada, also participated.
According to the NSA press release, "The U.S. Air Force Academy won this year's Cyber Defense Exercise (CDX), gaining its fourth trophy - and its first consecutive victory - since the annual competition began in 2001."
"If you were a boxer, and you never stepped into the ring before and Mohamed Ali or Mike Tyson gave you a couple of pops, it would be difficult for you to defend yourself had you never had any practice," Bill Stackpole told CSO; he is an associate professor who teaches network security at the Rochester Institute of Technology. "These competitions give you practice on the receiving end."
The NSA was the red team, "pretending to be the bad guys," stated Collegiate Cyber Defense Competition Director Dwayne Williams. "Their job was to break into each of the military academys' teams' networks, steal information from them, shut down their services, degrade their capabilities - that sort of thing." Due to time constraints of this simulated cyberwar, NSA hackers were a bit "louder" than if this were a nation state or other bad actor hackers trying to covertly break into infrastructure. Yet "the attack tools are the same - probe the network, scan the network, break into the network, put in backdoors, steal information, set up dummy accounts and disrupt capabilities."
The teams spent about three weeks building their networks, then spent last week defending them against NSA and Department of Defense Red Force hackers who launched attacks around the clock to determine which team best defended their network "on the cyber battlefield." The competitors could also "launch cyber-counter attacks, conduct cyberwarfare, and attempt to maintain their system's online service delivery."
They used the same tools "used by the military to defend Department of Defense networks. And they're facing many of the same strategies used by real hackers - at least, the unclassified ones." All of CDX teams, competing for the NSA Information Assurance Director's trophy and bragging rights, started with zero points. "If its defense strategy works and the NSA's attacks fail, the team earns points. If the NSA breaks through the protections, the team loses points." At the end of the competition, teams were "evaluated on their ability to maintain services, protect the privacy of the information on their system and respond to and prevent further attacks."
"They're vulnerable to a variety of different attacks." Lt. Colonel David Raymond of West Point Academy said to imagine what would happen if the banking system or the Internet were to go down within the continental United States; "that would cause some significant challenges. It's a great opportunity for them to take that whole four-year computer science education and put it into one big exercise." Cadet Rebecca Malone, a senior at West Point Academy, added, "Most of us are going into the signal and military intelligence corps. So in the future this is going to be practical stuff that we're going to be working with."
"CDX offers an unparalleled opportunity for some of the nation's top students to showcase their cyber skills to NSA's leading practitioners," said Neal Ziring, IAD's Technical Director. "America increasingly needs professionals with highly technical cyber skills to help the country remain safe and adapt with greater agility. We need the best and brightest to help us defeat our adversaries' new ideas."
The NSA wrote:
Cyber warriors who assess and defend the U.S. government's most sensitive communication systems challenged the ability of service academy teams to protect networks designed, built, and configured at the students' respective schools. Working at Lockheed Martin's facility in Hanover, Md., another group of specialists graded each team's ability to effectively maintain network services while detecting, responding to, and recovering from security intrusions or compromises.
Lockheed Martin coordinated with the NSA to establish virtual private networks for the exercise, "providing a safe path for the exercise while preventing interference with real-world networks." Darrell Durst, vice president of cyber solutions for Lockheed Martin's Information Systems & Global Solutions said, "Cyber Security is at the core of all we do, so each year we are inspired by these innovative students as they face challenges from veteran NSA experts. The students tackle the same types of threats our nation faces daily in cyber security. Whether detecting intruders, or adapting to sophisticated threats, NSA leverages this opportunity to educate the next generation of cyber professionals."
"This was the second year in a row that the Air Force Academy, based in Colorado Springs, came out on top, with West Point's Army cadets finishing just behind them." West Point posted the 13th annual Cyber Defense Exercise images in this article plus more on Flickr.
Image credits: U.S. Army photos by Mike Strasser/USMA PAO
Like this? Here's more posts:
- Law professor makes a case for legally recognizing the Dangers of Surveillance
- PETA plans to spy on hunters with drones
- Hackers steal photos, turn Wi-Fi cameras into remote surveillance device
- Microsoft Phones, tablets as gaming controllers that detect gritting teeth, blinking?
- Refuse to be terrorized after Boston Marathon bombs; stay calm, stay free
- Hacks to turn your wireless IP surveillance cameras against you
- DOJ, DHS rejecting law school grads based on online comments
- Microsoft may not scan your email for keywords like Google, but your boss can
- Microsoft: Facebook Home is a copycat, Windows Phone is the 'real thing'
- AV-Test issues first Windows 8 antivirus solution ratings
- Kaspersky Lab launches world's first anti-malware product for UEFI
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited