The 2011 Collegiate Cyber Defense Competition (CCDC) has wrapped up, and this year's competition was more demanding and challenging than ever. I've had the distinct pleasure of facilitating the role of a "Red Cell Hacker" for the last four years, and I have been nothing short of amazed at the caliber and dedication of the competing teams in this two-day onslaught of attacks and defense against mock corporate networks. CCDC continues to raise the bar and complexity of challenges; whether it's taking on cutting-edge Power Grid systems or defending against internal-espionage threats, the CCDC students are in a constant struggle between security and managing corporate demands. In this article, we take an insider's look into the CCDC competition and the technology used to forge the next generation of cyber warriors.
What Is CCDC?
CCDC is a national cyber-defense competition that allows college students to test their IT security skills on mock corporate networks against attacks by professional hackers and security researchers. CCDC has grown considerably over the years, attracting new talent on both the attacker and defender sides. The CCDC event has a simple mission, says Casey O'Brien, Director of CyberWatch and six-year organizer of the Mid-Atlantic Regional CCDC event. "CCDC aims to develop the IT security professionals of tomorrow and prepare them for the realities of working in the field of information security." Higher education institutes that participate in this national competition are able to gauge their IT security program's effectiveness in developing the people and technical skills that organizations want for their employees. The CCDC events also have another goal: helping organizations to identify talent in the ever-growing field of information security.
The Mid-Atlantic Regional CCDC has always sent a strong team to the national competition and is known for integrating a wide range of cutting-edge technologies and security disciplines into the event. This year's Mid-Atlantic CCDC event was held March 10‒12 at the Applied Physics Laboratories (APL) at Johns Hopkins University in Laurel, Maryland.
Complexities of a High-Tech Corporate Network
CCDC aims to construct a challenging network that incorporates as many leading technologies as possible, while being intuitive enough to be managed by a small team. To pull off this feat, the Mid-Atlantic CCDC elicits the help of iSIGHT Partners, a leader in developing and running cyber exercises. "We strive to develop a network environment that rivals the reality of what students can expect in the real world," says Tim Rosenberg, Director of Cyber Exercises.
Each year, CyberWatch and iSIGHT develop a theme for the Mid-Atlantic CCDC event based on emerging technologies and trends in the security industry. In previous years, the event integrated technologies such as Supervisory Control and Data Acquisition (SCADA) systems and remote-management power control systems. In keeping with the emerging threat landscape in information security, this year's environment incorporated a "Smart Grid" power architecture that competing teams were required to defend and keep running, all while dealing with attacks from the Red Cell Hackers team.
Smart Grid technology has been a hot topic lately, as security experts continue to uncover the risks associated with attacks against the infrastructure and SCADA systems that run our nation's water, gas, and electrical delivery systems. Smart Grid technology is an emerging security field, and security researchers agree that it's a likely target for terrorism or state-sponsored cyber attacks. The integration of Smart Grid technology into the CCDC game play brings a realism that is unique to these events, demonstrating CCDC's commitment to keep up with cutting-edge technologies used by real organizations and governments.