April, 2017: GSS’s Cyber Operations, Analysis and Research (COAR) team partnered with Education to host their Second Annual Cyber Defense Competition (CDC) on Saturday, April 1, 2017. Students from varying levels of higher education and regions within the United States competed to defend a real-world simulation of an energy and water distribution system.
To find out how the day went, we asked COAR’s Amanda Joyce.
“This year’s competition hosted 15 teams from seven different states across the U.S., out of 27 teams that registered for the event. CDC committee members reached out personally to computer science departments and other faculty to engage student interest in the topic of cyber security. We also promoted diverse ways that students could become involved at Argonne through things like internships and research. It is a way to let faculty, undergrads, and PhD candidates know about what Argonne is and the research it has, and how it can partner with institutions areas of mutual research interest.
In the coming years, we hope to add more national laboratories to the competition, so that every applicant school can participate and the national laboratories have a common cyber picture.
This year’s scenario was based on keeping the power and water up and running for the fictional country of Pangea. Students were provided physical industrial control systems to simulate the water and electrical production coming from and going to their country. Teams were given over one month to secure their networks, which included an external website, a Samba file server, an email server, and an Active Directory server. Read all about this year’s electrical grid/infrastructure challenge here.
Arriving Friday, enthusiastic teams spent the afternoon and evening setting up at the TDC for the big event to begin at 8am the next day. Over 100 volunteers participated in various roles on Saturday, including approximately 40 Argonne staff and 60 members of the greater Argonne community. The majority of volunteers stayed all day and had a great time. Volunteer experience ranged from experienced software engineers who could make a lot of intentional trouble to others played the more novice roles.”
Argonne’s Cyber Competitions are Different
“Argonne’s competitions are distinguished from other CDCs by encouraging outside-the-box defenses and strategies. Additionally, Argonne provides the physical element of their competitions. In 2017 it was an industrial control system water pump and lights that made the scenario more realistic to the teams, at the same time allowing them to see how even the smallest attacks could directly impact their physical infrastructure.
We also enforced rules preventing teams from purchasing their way to security – for example, from purchasing firewalls to place in front of a target. This leveled the playing field, as some schools may have had more resources than others. Teams had to work with the OS provided, which in many cases was vulnerable. They could only implement open source or free software or build ingenious solutions of their own design.
Teams also had to consider the user in their security strategy: if the interface isn’t usable, the strategy isn’t successful. In the security community, we often say the most secure computer is turned off and buried 10 feet under the ground but how does that impact the usability of it?”
The Winners: University of Illinois at Chicago
“By 6 pm Saturday, the team from University of Illinois at Chicago was declared the winner of the competition. As a returning team from last year, UIC remained as a top 3 competitor throughout the day. Kansas State University and Dakota State University tied for second place. The Red Team’s (attackers) analysis of the network infrastructure of the college teams was that the overall security implementations this year were better than the previous year. Post-competition, organizations and employers have reached out for more information about the Argonne CDC and to find out about students who participated.”
Some Perspective for Students Interested in Cyber
“Step outside of the ‘dollar value’ of security and think outside the box. It may take you weeks, months, years but you may discover something that is really unique – if it takes you a year to develop it, how long would it take another person to understand what you did? Technology is changing at such a rapid pace that we are currently just keeping up. There is an urgent need to get individuals into the field who are forward thinking, who go beyond current practices and methods, who make real discoveries. What will the future look like? What kinds of skills will we need to make our systems secure moving forward? It’s our goal that the Argonne CDCs prepare students for careers in cyber security where they can make unique and significant contributions.”
2017 Cyber Defense Competition Teams
Dakota State University
Governors State University
Indiana Tech University
Iowa State University
John A Logan College
Kansas State University
Southern Methodist University
St. John’s University
University of Central Florida
University of Illinois Chicago
University of Illinois Urbana-Champaign
University of Northern Iowa
Wright State University