Imagine if you just graduated with an IS degree and landed a job at a small business as their only IT staffer. You know your way around an operating system and understand some of the protocols and programs that keep data flowing, but for the most part your skills are untested in the real world. Regardless, you are the only thing separating the company's users and data from downtime. Sound like a tough situation? Oh, I forgot to mention there are four of the best hackers in the world trying to get into your digital domain and steal anything of value, including a database of 10,000 credit card numbers. This isn't something seasoned administrators would want to face, much less fresh graduates.
Well, this is exactly what several groups of college students faced recently at the Regional Collegiate Cyber Defense Competition, which was held at several locations around the US. I was able to attend this three day event, and this is my story. Get ready for some fun, shocks, and dohs! as you follow along with me, the Red Team, and the students.
Collegiate Cyber Defense Competition
Before we get into the actual details of the event, it is important to highlight the reason behind the competition. As per their website at http://utsa.edu/cias/CCDC, "Unlike traditional 'hack and defend' or 'capture the flag' contests, this competition tests each team’s ability to operate, secure, manage, and maintain a corporate network. This competition is the first to create, as closely as possible, a realistic corporate administration and security experience — giving the competitors a chance to compare their education and training against their peers and the real world challenges that await them."
In other words, the competition is about creating a practical experience from the classroom knowledge. Students simply take what they have learned and apply it in a simulated environment for educational purposes. However, the competition aspect helps schools know where they stand in relation to other schools that are teaching related content. It is important to note that the program is funded 'in part' by the National Science Foundation (Award ID 0501828 http://www.nsf.gov/awardsearch/showAward.do?AwardNumber=0501828) and has paid out a little over $1,000,000 so far to create "problem-based and case-based learning methodologies in order to provide students with activities that simulate real-life work experiences <with a focus on security>." I suggest you check out the above link to see the details of this award.
The contests are first held regionally, and the winner of each regional exercise competes against each other at the national finals in San Antonio, Texas. I attended the Mid-Atlantic Regional Collegiate Cyber Defense Competition, which was hosted in Lancaster, PA by White Wolf Security. The five schools where from the PA/VA/MD area and were a mix of two/four year degrees that range from networking to programming. The participating schools were:
- Anne Arundel Community College
- Community College of Baltimore County
- George Mason University
- Millersville University
- Towson University
White Wolf Security
The host and operator of the event (White Wolf Security) operates a training facility that serves as a working-training environment for hands on computer lab-based education. Everyone, from local colleges to the US Secret Service, use White Wolf's equipment as a hands-on lab for training events and other related activities. The owner, Tim Rosenberg, is well known in educational/government circles for both his lab (which is mobile) and for his training events.