Military students defend networks from NSA, drone attacks

cover.jpg

Students from the U.S. and Canadian military service academies participated in the 17th annual Cyber Defense Exercise (CDX) last week. The week-long competition is hosted by NSA Cybersecurity Operations each year, designed to hone the cyber skills of the U.S. and U.S. allies’ future cyber warriors.

Months prior to the competition, undergraduate students from the U.S. Coast Guard Academy, U.S. Merchant Marine Academy, U.S. Military Academy, U.S. Naval Academy and Royal Military College of Canada begin building and securing their networks. During the competition, the students work to secure these networks from cyberattacks designed by experts in the CSO.

The CDX includes four groups known as “cells”:

  • Blue Cell: Made up of students from the service academies, the blue teams secure, operate and defend the networks they built from the Red Cell and complete scenario-based challenges.
  • Red Cell: Comprised of NSA and military experts to conduct adversarial activities against the Blue Cell
  • Gray Cell: Operated by NSA specialists acting as typical network users who mimic actions of untrained or careless users. Actions of the Gray Cell can sometimes facilitate Red Cell attacks.
  • White Cell: NSA specialists acting as referees. They interpret and enforce the rules of the competition, assign scores and issue penalties.

Several students participated in the Red Cell at CDX headquarters. Curtis W., Red Cell Lead, said this experience “provides [students] an opportunity to see how real-world adversaries try to attack networks and exploit vulnerabilities.”

“We get to learn about network penetration and pivoting,” said CDT Daniel T., a Red Cell student from the U.S. Air Force Academy who participated in the past, said of the exercise, “And how to limit the attacker to the borders of [the] network and push them out.”

A new component to the Blue Cell was the unmanned aerial vehicle challenge. Students from the U.S. Naval Academy and the Royal Military College of Canada (RMC) participated in the elective challenge. The week prior to the CDX, the students built their UAV and executed their mission to take down five targets under the protection of enemy UAV’s. Once the UAV’s launched on Tuesday morning, the students waited to see if their efforts were successful.

Graduate Students from the RMC participated in the UAV portion of events as part of an unmanned ground vehicle challenge. The Air Force Research Lab incorporated specialists on the Red Cell side to recover a UAV belonging to the graduate students. They then reverse-engineered the UAV’s software. The RMC graduate students were supplied with a UGV with an attached video camera and could be controlled with a Play Station 3 controller from their location in Canada. The students’ objective was to take down four targets, including two simulated surface-to-air missiles.

RMC graduate students also competed against NASA and NSA teams in the Space Cyber challenge (SCC). This portion of the exercise was added to encourage the students to think about cybersecurity in relation to space. The program will be offered to undergraduate students in the future.

“They seem to be grasping it well and working well with the hardware,” said one of the engineers heading the program.

U.S. Naval Academies Prevails

The U.S. Naval Academy Cyber Security team narrowly bested West Point to win their fourth CDX. They competed against the other service academies in reverse engineering/malware analysis, host/network forensics, offensive ethical hacking and the UAV challenge. Points were awarded for each successful step they accomplished.

“We’re here to cater to an educational exercise – not every school works at the same level, and that’s OK,” White Cell Lead Robert C. said. “Our job is to elevate them from students to professional network defenders.”