On Saturday, April 1st, CSI's Capture the Flag team competed in Argonne National Laboratory's Cyber Defense Competition 2017. Six researchers and their team leader spent all of the previous day setting up and hardening a network with standard business services. Playing defense, the team's task was to defend their network against attacks made by industry experts. This was the CSI team's first competition.
Capture the Flag competitions are practical exercises in network administration and cyber security. As a learning tool, Cyber Defense Competitions present an active learning experience that teaches practical skills both technical and managerial as explained by The University of Texas at San Antonio's Art Conklin in Cyber Defense Competitions and Information Security Education: An Active Learning Solution for a Capstone Course:
Using a Cyber Defense Competition to provide a hands-on opportunity for students to test their skills and develop team based management skills in an operational business environment impacts many constituencies. Participating students learn in a true active learning environment. Instructors are able to evaluate the thoroughness of their curriculum in its intended setting. Other students learn as teams prepare for the competition. In the end, everyone feels they had learned important lessons.
CSI's team was made up of PH.D. students and researchers who specialize in a wide variety of subject matters from network security and structures to software and device penetration and exploitation. Their advisor, George Osterholt, is a support manager with a penchant for lock picking, both physical and virtual. Team members included Gianpaolo Russo, DongInn Kim, Omkar Bhide, Kaushik Srinivasan, and Matt Remmel.
Their challenge was to defend the fictional country of Pangea against attacks by neighboring countries. In particular they had to keep the power and water systems running and secure while also supporting and securing standard user services to their people. This required access and function while defending critical security systems. It was not a simple challenge.
Our team did a superb job defending their systems, only getting successfully attacked once and having to offline their system for a quick rebuild. Fully prepared for a variety of eventualities, our team had extra hardware on hand that allowed them to cut off access to the attacker and get their systems back on line. Quickly identifying the source of the breach, team members plugged the security hole and no second attack was successful.
CSI's team looks forward to future competitions and plans to use the experiences of their first event to carry them forward to increased skills, teamwork, and success on the virtual field. "We learned a great deal in both how scoring works and in how the hacking itself is done", reported team leader George Osterholt, "We'll do even better next time."
For more information check out CSI's twitter feed's posts from the event including additional pictures from the event as well as an interview of team member Gianpaolo Russo.