ORONO – Earlier this month, nine teams of student computer scientists tried to defend themselves against an experienced, cracking team of computer techies from the University of Maine System. This was the Northeast Collegiate Cyber Defense Competition, a regional competition to decide who would go to the nationals.
Hosted this year by the University of Maine at Orono, the competition tested teams from Northeastern University, the University of Maine, Rochester Institute of Technology, Alfred State College, Champlain College, Harvard University, the Polytechnic Institute of NYU, Stevens Institute of Technology, and SUNY Oswego. The top three placing schools were, from first to third, Northeastern University, the University of Maine, and Rochester Institute of Technology. Harvard University did not place.
The Collegiate Cyber Defense Competition is the result of students, educators, government officials, and industry professionals who first gathered in February of 2004 at San Antonio, Texas, to put together a standardized template of what a cyber security competition should look like. The overall goal of the competition is to train students to be more aware of cyber security, and more able to repel computer-based attacks on networks. Since then, there have been regional competitions every year, culminating in a national competition in San Antonio.
While normally a case of Mountain Dew and a few pizzas are all it takes to get access to college level programmers, at the competition internal security was tight. The nine competing teams were each identified as “blue teams,” and they had been warned that other blue teams might try to sneak in, which meant that they had to guard against their peers. Additionally, the attackers, known as Red Team, had members performing physical reconnaissance. The result was that any intrusion by outside personnel was met with suspicion and usually immediate ejection.
Overseeing the network was the Black Team, which made sure all players followed the rules and exclusively defended their assigned networks, rather than attacking the other blue teams electronically. In each room where the blue teams worked, two members of the White Team acted as liaisons for the competition organizers, passing new assignments to the team members.
In the 2010 NECCDC, the groups worked as if they were a group of systems administrators, defending a corporate network from attack and negligent downtime. They were provided with eight computers, each running a different operating system and connected to a central switcher. This network switch, allowing the computers to talk to each other, also connected to a Cisco router, which simulated an open connection to the internet. When Red Team deployed its attacks, they had to make it past the router first.
Despite the rampant paranoia of the various blue teams, the team at the Polytechnic University of NYU were willing to allow visitors. Julien, Luis, Nathan, and their teammates were welcoming and explained the premise of the competition, demonstrating how several of the exploits deployed by Red Team had crippled two of their computers, which were turned off to limit damage to the data on their hard drives.
In the end, Northeastern University was able to best defend its networks and most quickly implement the changes required by the fictional company for which the blue teams were working. That means that the NEU team will be going to San Antonio on April 16 to compete in the national competition. They will be competing against eight other teams to bring home the prize for the Northeast region.
