The New York Times recently posted an article about the US military academies’ cyber defense exercise. This annual event has taken place since 2000, and has been growing stronger ever since. There are three major categories of teams, the blue teams, the white team, and the red team. The blue teams (the students) are charged with defending the networks they’ve spent months designing from the relentless attacks of the red team (NSA staffed team). The white team acts as an impartial judge, scoring the teams, and resolving any ambiguities that may arise during the competition. The primary distinguishing feature of this exercise is that the blue teams design their networks from scratch, and are only given a set of requirements and services that their network must provide. The other notable feature is the quality of the red team, as the NSA is widely known to be the best in the business when it comes to Computer Network Exploitation (CNE) and Attack (CNA).

In 2004 a group of mostly academics, including myself and another student from The University of Texas, and representatives from West Point met in San Antonio to discuss the feasibility of an intercollegiate cyber defense exercise. Out of this, members from The University of Texas – San Antonio, The University of Texas – Austin, and Texas A&M met together to lay the foundations of the Collegiate Cyber Defense Competition (CCDC) hosted by The University of Texas – San Antonio. The first competition was held in 2005, and consisted of only 5 teams. Since then it has grown considerably, the competition held held in 2009 consisted of over 40 teams competing in 8 regional competitions all over the US, with the top team from each region moving on to nationals in San Antonio. This competition is a bit different than the military CDX, in that the teams are given a network on the first day and they only have 1 hour to analyze it and secure it before the red team starts attacking. I had the great joy this year of competing on the red team for the northeast region held at RIT. As a participant in the first annual CCDC, I can safely say that it is far more fun and less stressful to be on the red team than the blue team.

It should be noted that both of these competitions have the students focus on defense and defense alone. There are other competitions that do focus on offense as well as defense, notably DEFCON’s CTF and Giovanni Vigna’s iCTF. Understandably, academics and other officials have been shy when it comes to teaching students the offensive side of computer and network security, but with more and more public talk about the need for more offense coming from on high, I think this will change sooner rather than later. Sun Tzu wrote many years ago that you must not only know yourself, but know your enemy as well. If one is to truly defend themselves against a motivated and skilled attacker, they must first know their enemy’s tools, techniques, and motivations.

These types of fast-paced, enhanced real life scenarios are critical for preparing the next generation of cyber defenders for either industry or military positions, and the military academies’ CDX has certainly set the bar high.

**All statements of fact or opinion on this website are the sole expressed views of the author and have no connection to the views of current or former employers**
This entry was posted on Monday, May 11th, 2009 at 9:07 pm and is filed under InfoSec. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

0 Comments until now

Be the first commenter!

Comments are closed.