Student cyber teams do battle

Student cyber teams from the military academies are doing battle with an NSA-led red cell trying to disable their networks in the NSA's annual Cyber Defense Exercise.

CDX 2017 - Photo Sean Carberry

Cyber squads match wits and exploits at an annual tournament for the U.S. service academies. (Photo credit: Sean Carberry/FCW)

Last fall, Army's football team broke a 14-year losing streak against Navy, and now Army's cyber cadets are looking to defeat Navy's midshipmen again in the 2017 Cyber Defense Exercise run by the National Security Agency.

The Coast Guard Academy, Merchant Marine Academy, and the Royal Military College of Canada are the other blue team contestants in the three-day competition, now in its 17th year.

Teams of up to two-dozen students at the academies are feverishly trying to defend their networks from a red team operating out of a "war room" at Parsons Corporation in Columbia, Md. that reporters were invited to visit on April 12.

A Jolly Roger flag hangs in the middle of the room. A rainbow of network cables snakes across tables into an armada of laptops. Snack food wrappers litter the tables along with empty cans of energy drinks.

Red cell members, mostly young, casually dressed NSA employees, some with shaggy beards and wearing hoodies, along with members of the Delaware Air National Guard and a few others, are feverishly typing away launching a variety of attacks on the student networks.

A monitor shows a 3-D rendering of the networks and the traffic going back and forth. Other video feeds show the student teams back at their academies scrambling to contain the attacks. Another monitor shows bar graphs with the real time scores of the teams – Army had a slight lead at the time of the press visit to CDX.

Adding to the challenge, a "grey team" designed to represent typical users -- from ignorant to malicious -- is surfing the web and clicking on links in spearphishing emails. Just as an employee at a government agency might, they are opening the door for malware and exploits the students have to contain on the simulated network.

In the corner of the room sit the "white cell" members who are keeping score and making sure the students are following the rules -- they just had to dock the Coast Guard team a significant number of points for a creative, but unapproved gambit. The student teams also monitor each other to make sure no one is pulling a Captain Kirk and gaming the system.

Since the participants are underclassmen with limited cyber education, the exercise is geared to their level with open source tools that are common in the real world. There are no proprietary NSA tools or exploits on the level of nation-state hackers they might be combatting in their future careers.

"We're using techniques that they would see in the wild," said Curtis Williams, who is charge of the red cell. "They have a real live competitor that's expert level, so if they do fairly well here, even if they don't win per se, that experience is going to be valuable."

The NSA's James Titcomb, who is the CDX technical lead, said that the exercise is getting more difficult to carry out each year because vendors like Microsoft and Cisco are continuing to harden their products.

"Basically by the second day, normally we've already compromised their systems, we've already moved through their networks," he said. "As of last night only three networks were compromised."

One of the new elements of the exercise this year is having students participate on the red teams. Typically, cadets and midshipmen focus on defense cyber studies, so this has been eye opening to Army Cadet Connor Eckert and Navy Midshipman Nick Co.

"I was surprised when on the first day the red cell guys were like, 'we got root on almost all the boxes, like, we got backdoors everywhere,'" said Eckert with a laugh and a slight blush. "I'm like, 'oh, it couldn't have been that easy. All of West Point's boxes have been owned already.'"

"The biggest thing I've found is that a lot of these people have such a passion for this stuff, it's like they eat, sleep breathe this stuff," said Co. "So to a degree there's like the technical knowledge but there's also like the art and skill that goes behind it."

Both said seeing how attackers work will deepen their understanding of defensive operations, but also they said they hope their academies will add more offensive training.

In addition to the core network defense exercise, students also have to complete challenge exercises such as reverse engineering, network forensics and an unmanned aerial vehicle mission where they have to defend their drones while attacking those of a virtual adversary.

This year's winner will be announced on April 14.