Students Get Challenges, Experience in Cyber Defense Contest
It was a rollercoaster kind of weekend for the 150 college students competing in the 2015 Northeast Collegiate Cyber Defense Competition.
Hosted this year by the School of Information Studies (iSchool), the regional event pits teams from 10 Northeastern colleges in a nearly non-stop cycle of cyber challenges. All weekend, students use their skills to offset staged hacks and cyberattacks designed to thwart their enterprise systems.
The exercises create frustration at many moments, and exhilaration at others, according to Bahram Attaie, assistant professor of practice at the iSchool and director of the 2015 competition. Nevertheless, this year’s participants came away very happy with their learning experience, he says.
The competition is based on recreating a real-life scenario where a new IT team is hired to replace one that’s just been fired because of system failures. Without prior knowledge, students must ramp up the systems, then find themselves facing hacking attempts, equipment failures and the demands of bosses.
“They go through frustration when they can’t get into their systems, then exhilaration when they figure it out and get in. The competition presents lots of failure and lots of exhilarating success when the teams meet their challenges. It’s all about not quitting, and keeping going through your training,” Attaie says.
iSchool team captain Brian Garber agrees. “It’s very stressful to be in charge of an IT department and critical services, then to look at its status and see that something’s down and you don’t know why. In an environment where you didn’t do the initial configuration, you don’t know what might have happened, so you have to do the investigation and detective work to see how you can get it back up,” he explains.
The team from Rochester Institute of Technology placed first; Northeastern University’s came in second and Alfred State College’s team placed third. The Syracuse iSchool team came in fourth; and Champlain College was fifth. The remaining schools all placed equally in sixth place: University of New Hampshire, University of Maine, University of Massachusetts Boston, University at Buffalo and SUNY Polytechnic Institute.
The 2015 Syracuse iSchool team consisted of master’s students Garber; Rio Maulana, who completes his program this year; and seniors Ross Lazerowitz, Anthony Herbert, William Kajos and Yicheng Shen, plus computer science engineering major Carter Yagemann. Also on the team is iSchool sophomore Linyue Zhang.
Attaie says he challenged this year’s team to finish in the top five places, so both he and the students were thrilled with their fourth-place outcome. “That is a major accomplishment for us, because it’s a first,” Attaie notes. “These are 10 warrior teams, 10 strong teams, and there is not a weak link among them. So to finish in the top five is really a tremendous accomplishment.”
This year, teams had to begin operations without login passwords, and worked with two elements new to the Northeast competition: virtualization and mobile devices. Garber says past contests used physical work stations and machine operating systems, but having two servers hosting six virtualized machines through Hypervisor servers presented additional challenges. “It was a little surprise to learn that all the critical services were virtual, because that also introduces another attack surface,” he says. Teams also had an overnight challenge: to develop a mobile device policy for a company executive who planned to travel internationally taking his mobile phone–and all the company’s secure data. After teams built a policy, they were surprised to learn the next challenge–immediately implement it physically on the device.
The iSchool team coped with the challenges by splitting into subsets, one doing instant response, another focused on penetration testing against their network and a third monitoring security operations centers, says Garber. “I’m really proud of our team’s performance. We’ve worked really hard to hone our technical skills, but perhaps more importantly, our teamwork is what really made the difference.” Garber says his second year of the contest was “extremely rewarding,” providing “the chance to apply everything we ever learned about info security all in one weekend.”
Praise for Setup
The iSchool teams had to implement the setup within extremely tight timeframes since the competition occurred during normal class schedules. That required deployment for 12 rooms of equipment, networks, 150 computers and devices within a less-than 24-hour timeframe. “It was a tremendous undertaking. James Powell, the iSchool’s Instructional Technology Analyst, and his iSchool student team just did a phenomenal job,” Attaie says. He also acknowledges the work of the judging team, led by Syracuse University’s information security officer, Christopher Croad. Judges added a new facet this year, a package of feedback reflecting observations on how each team handled its challenges.
Croad says leading the judging was an excellent professional exercise. “I got to meet a lot of good people in the security field who are really dedicated to making it a good competition and looking out for the students,” he says. “As a security professional, I was surprised by my interactions with the students at how advanced some of them were, and even though it was a game, they responded to these challenges very professionally. It says a lot about [them] that they were able to maintain composure.”
Attaie also acknowledges Sheila Clifford-Bova, the iSchool’s student services manager, who coordinated student accommodations and contest logistics, concluding that the weekend’s experiences “were just super. It was well received and the participating schools had a great time. We were complimented constantly on how well the hosting was done, and everyone went away super happy.”