This coming weekend, DSU’s Defensive Security club will be participating in a CCDC regional competition. A win at this event will mean participation in the national competition. These Collegiate Cyber Defense Competitions are held around the country among many colleges. Gaelin Shupe, a Cyber Operations major and Defensive Security club officer, met with me to explain how these competitions work, as well as how the DefSec club conducts their own mock competitions for practice.
Whether it’s a mock trial or an official competition the events have a similar layout. As Gaelin informed me, “Teams each get identical computers that we have to defend against a team attacking them.” He went on to add that, “we have to do a better job at defending them” than the other teams to get the most points and win. Regional and national competitions consist of two days of eight hours of competition, while mock competitions are typically a single day lasting between two to five hours. The mock competitions also consist of a smaller environment with not as many boxes. For those unfamiliar, box is the general term used to refer to a “server or computer connected to the internet.” No matter if it’s a mock competition or the nationals, it’s always a “simulated environment and simulated attack,” meaning that no actual systems or data are being compromised.
Previous years saw mock trials conducted in the Beacom Institute of Technology but this year everything will be conducted remotely. The DefSec club leadership advised teams to meet remotely as well and not in person as a team. These mock competitions are conducted through the DSU IA Lab which allows club officers to craft the environments and then save them as templates. They are then able to push them out to all the teams at the same time. The teams are made up of eight students of various computer science related majors. Most participants usually have either a Network Security, Cyber Operations, or Computer Science major. The club officer mentioned that typically there is “a spot for most computer science majors.”
The red team, the ones trying to gain access, is not scored, and is not competing. As the defense part of the name indicates, these competitions are focused on how teams can protect their networks. Shupe explained that the red team’s goal is “basically to make our day difficult.” The red team seeks to get in and stay in, even though the blue team is trying to kick them out. After the first half of the competition, the red team tries to exfiltrate data, break systems, and generally wreak havoc. Though it’s not just for the fun of playing the part of the bad guy – their goal is to help the blue teams to learn how to defend against actual attackers.
Right when the competition begins, the red team starts to gain access to all the boxes. “Every year red team takes less time to root every team,” said Gaelin, indicating that it’s generally easier to break into a system than it is to protect it. Teams are “scored based on how long the service is up.” This directly relates to service level agreements that companies have which penalizes them if their services are unavailable to customers for extended periods of time.
Students that compete get experience in incident response and learning about what information was stolen and how to protect against such theft. These events also offer experience working as a team solving problems while managing time constraints. As the Cyber Operations student said, the idea is to be “fast and efficient” in identifying the vulnerabilities and work quickly to resolve them. Students are able to utilize the learning they’ve gained from networking and defensive security classes during these competitions. Information Security Management and Web Applications classes can also provide skills that are helpful for competitors. Gaelin informed me that there’s a report writing aspect, indicating that it’s not only cyber skills that are being put to the test but writing and communication skills as well.
The Defensive Security club gives presentations every week and previous talks can be found on their YouTube channel. Currently they meet every Tuesday at 5:30 p.m. on their discord server. These competitions bring in a lot of attendance to computer club and give students a responsible place to practice simulating cyber-attacks. Gaelin expressed several times how much he learns with each competition showing yet again how much education is taking place outside of class. The club plans to continue to host mock competitions, so if you are interested in participating, keep an eye on their discord for future events.