The kinds of administrative and protective challenges that information technology professionals face at their jobs every day will comprise an exciting and intense weekend for nearly 200 students participating in a national cyber-skills competition taking place at the School of Information Studies (iSchool) in March.
This year’s Northeast Collegiate Cyber Defense Competition is being hosted by the iSchool the weekend of March 20-22. It is the regional qualifying run-up to the National Collegiate Cyber Defense Competition, where the winning teams from 10 regional contests from around the U.S. will face off in San Antonio at the end of April. Students from the iSchool who plan to be involved in the Northeast regional competition will get a little practice in before the big contest, since there is a qualifying round Jan. 31. That event will determine which top 10 teams are sent to the March competition.
To get ready for the event, the iSchool’s already-high tech Hinds Hall is being outfitted as a networked microcosm capable of supporting the large cyberhacking competition, according to Bahram Attaie, iSchool assistant professor of practice and faculty advisor for the iSchool’s competitive team. Apart from the school’s normal hardware and software operating needs, preparations require that autonomous networks and hardware systems be available to support the functions of 10 student teams, the contest-design group, a team of judges, a team of ethical hackers and an electronic scoring system. “We’ve had to rewire the school,” Attaie says, somewhat jokingly. “It’s almost like the Olympics.”
The University’s IT Services Department is assisting the iSchool’s IT personnel in configuring the complex accommodations. In addition, the iSchool has a committee of staff, faculty, students and volunteers who are working on advance arrangements, and who will support competition functions throughout the contest weekend. Also playing a large role is the school’s InfoSec Club, a student organization formed to learn about and hone information security skills.
Skills Hardening
The competition gives students a chance to apply their classroom studies and acquired skills in real-world scenarios, according to Attaie. It’s an activity that’s well worth the time to prepare and the intensity of the contest, he contends. “What really makes this competition so fulfilling from the participants’ point of view is that it’s not just about bits and bytes. It’s really real-world training, and everybody who comes out of it is so hardened. The learning the students go through during the course of the competition is equivalent to them taking six or seven classes in related topics. They mature so quickly because of the intense requirements of the competition.”
The opportunity to interface one-on-one with representatives of the event’s corporate sponsors also is a significant advantage. “That’s why the sponsors are here,” Attaie says. “They want to recruit the students because they [the students] have been tried and tested.”
Student Perspective
Brian Garber, an iSchool senior, participated in last year’s Northeast Region CCDC competition. This year, he’s helping to coordinate competition events and logistics, and to recruit student participants and volunteers.
Bahram Attaie
The competition is exciting, but also can be stressful for students because of its real-world edge, Garber adds. “It’s not just about technical issues, or fending off the red team (attackers),” he said. “It’s a real-world scenario where stuff happens.” In the heat of the activities, he says, the teams must assess, “How do you react to it; do you tell people about it; do you acknowledge you were hacked into; how do you remedy it.” As a student, “We take courses in security and we learn about how to harden systems. But it’s one thing to learn in the classroom, then actually apply it in a real-world scenario. This is really a prime opportunity to apply things you’ve read about and learned about to an actual scenario. You’re being attacked by industry-grade penetration testers, industry experts in security, and they are launching really interesting attacks against our computer systems.”
Although the work that’s going on behind the scenes—both for the cyber attackers and the network defenders—isn’t necessarily visible, a scoreboard with video feed will be tracking teams’ activities, responses and standings. The scoring will record whether the teams’ FTP, HTTP, HTTPS, DNS and SMTP systems are up and running. Another way teams compile points is to complete business challenges on time and throughout the event, while being cognizant of any cyberattacks being launched on their systems and networks.
That will make the competition activity and outcomes of interest to observers. Other weekend activities also are planned, and experts from the cyber defense community are being invited as keynote speakers and for a panel discussion on the state of cyber security today.
