Baker College of Flint, Mich., defeated defending champion Texas A&M University and four other regional winners from across the country to capture the third annual National Collegiate Cyber Defense Competition, which concluded in San Antonio, Texas, over the weekend. Texas A&M finished a close second, and the University of Louisville took third. Also competing for the championship were the Community College of Baltimore County, Mount San Antonio College of Los Angeles County, and the Rochester Institute of Technology.
Hosted by the Center for Infrastructure Assurance and Security (CIAS) at the University of Texas at San Antonio (UTSA), the event pits six regional winners, each given a similar small enterprise network to protect, against a team made up of experienced security professionals dubbed the Red Team, a.k.a. Team Hilarious.
Teams are scored on how well they protect their identical networks, made up a Cisco router and five servers: Windows 2003 running Internet Information Services, Windows 2000 running DNS, Solaris X86 running Apache and OpenSSL, Gentoo running MySQL and NFS, and BSD running Sendmail. Team workstations can run Vista, Windows, Fedora, or BSD, as the team prefers. Teams are required to provide SMTP, POP3, HTTP, HTTPS,and DNS services throughout the competition, and outages on any of those services result in deductions from their score. At specified times, the teams are also asked to bring up FTP, SSH, RDP, and VNC services, in accordance with the 2008 competition rules.
In addition to the attackers (the Red Team) and the defenders (the Blue Teams), there is also a White Team. The White Team acts as the overall network operations center, observers, and as communications center. All requests for information, assistance, and problem reporting by the competing teams go through the White Team; teams are not allowed direct communication with the outside world except for publicly available information and software available on the Internet. The White Team also delivers in-competition requests for new services and scores the teams' performance.
The entire event took place at the San Antonio Airport Hilton hotel, and each team (Red, White, and each competing Blue team) had its own private, closely guarded room. A White Team observer was present in each competing team's room for the entire competition.
Red Team captain Dave Cowen has a jovial face and a pirate's beard. When his laughter could be heard in the hall outside the Red Team room, collegians winced, because they knew that another server has just fallen prey to the Red Team's relentless attacks.
The other Red Team members (first names only) Luke, Ryan, Evan, Jacob, and Leon are all professionals in the security industry. On Friday, the first day of the competition, the Red Team had the adrenaline of the hunt, the chase, the pursuit of hapless quarry, in the air, as team members sat around the conference table, staring into the screens of their laptops, some using two laptops at once, and sharing information as they gleefully began probing the target networks for weaknesses and mapping IP addresses to specific configurations.
One of the first remarks heard after the competition began was, "Interesting, the Solaris exploit from last year still works." That was followed shortly by Dave Cowen announcing "OK, professionals, we need a local Solaris 5.10 exploit for privilege escalation."
In addition to a few members of the press, the Red Team room was also visited by various federal agents. A contingent from the Secret Service was present all weekend. Three black-suited gentlemen claiming to be from the FBI were present Friday. Defense Information Systems Agency agents were present as part of the competition infrastructure, and among their other duties, helped escort journalists from room to room during the event.
The mood in the Baltimore County Community College Blue Team room Friday afternoon was in stark contrast with the lightness and laughter heard in the Team Hilarious room. All seven team members were focused on the job at hand, which was to begin securing the network they found running at the start of the competition. Voices were muted, there was no idle chatter, and everyone was busy at whatever task they had been assigned.
Teams are allowed to modify the configurations as they see fit during the event, so long as they follow the rules and provide the required services. The configuration itself seems to have been a weak spot for defending the networks, and at the end of the competition on Sunday, Cowen said that you reach a point where the configuration is more important than the supply of exploits available to attackers. He made that remark not long after hacking a team's Web server so that it displayed their credit card database as its homepage during the last half hour of the competition.
A two-hour awards luncheon took place shortly after the end of competition Sunday morning. There were speeches by US Representative Ciro Rodriguez and Cornelius Tate, the brand-new Director of the DHS Cyber Security Division, prior to announcing the winners. This year's competition was the closest ever, with three teams in a virtual tie after the second day, and Baker edging defending champion Texas A&M by the slimmest of margins at the end. Whether they took home the gold or not, all the teams were made up of bright, skillful students, and given the presence of two community college teams in the final six, it's obvious that the size of the school is not as important as the skill of its students in the world of cyber defense.
Baltimore County Community College, the only team with a female competitor, and Mount San Antonio Community College in Los Angeles, proved that network security skills are not the exclusive domain of larger, better-known institutions. Their presence at this national competition is roughly the equivalent of a community college basketball team making it to the NCAA's Final Four, and both schools and students deserve kudos for going head to head against teams from much larger schools, especially since those schools may include two graduate students on their team.
Dr. Gregory White, director of the UTSA CIAS, one of the founders of the original competition when it was held on a regional basis rather than nationally, explained there is a large network and computer security population in San Antonio, primarily because the Air Intelligence Agency is located there. UTSA was a logical place to become an academic center for computer and network security. That led to it becoming the first Texas university to be designated as a "Center for Academic Excellence in Information Assurance Education" by both the DHS and the National Security Agency, and it currently offers bachelor and masters-level degrees in information security from several of its schools.
Sponsors for this year's event included the AT&T Foundation, DHS, Cisco Systems, Acronis, Northrop Grumman, Accenture, the Information Systems Security Association, Core Security, G-C Partners, our sister site ThinkGeek, Code Magazine, and Pepsi. White said that more sponsors are needed for future competitions in order to do all the things CIAS wants to accomplish.