In late April, hackers attempted to penetrate the computer networks of several
These attacks weren’t real—but they could have been. In this case, the schools were participating in the 8th Annual Cyber Defense Exercise (CDX), held near
The event is an educational tool to train the next generation of network administrators and computer security personnel, explains Tony Sager, chief of the National Security Agency’s (NSA’s) Vulnerability Analysis and Operations Group. Sager explains that the NSA has hosted the CDX event since 2001. Besides providing important real-world experience, it also allows the schools to compete with each other. “It’s clearly a bragging-rights activity,” he says.
In this year’s exercise, each school was given a budget to design and defend a network. A red team of NSA analysts and Army personnel then attempted to hack into and compromise the networks. The schools all have several servers, e-mail services and workstations to defend and maintain. The workstations are “dirty” public-use devices full of malware. Student teams must locate and remove or negate the malware. Sager explains that this malicious software seriously challenges the security of the teams’ network defenses. A key part of the scenario is retaining service availability. The defensive nature of the exercise prevents the schools from attacking the red team.
The exercise emphasizes proper network resource allocation. Sager notes that one school devoted most of its resources to defending its network; however, once the red team breached it, the network quickly collapsed. In contrast, another school had a relatively simple defense that was more robust.
Although not eligible for the trophy, the two military graduate schools presented strong defenses. Sager credits this to the fact that these schools’ teams consist of experienced officers. He adds that the red team was unable to compromise the
Sager explains that the goal is to make the event as realistic as possible; every year, the scenario becomes more complex, he notes. For example, this year’s event featured a wrinkle: a general visiting the school wants to plug a laptop into the network, and the school teams and their security architectures must comply with the request.
A “white cell” of Army information specialists serves as an impartial judge for the event. Its job is to verify the various teams’ claims. However, the cell does not provide feedback during the event; it works independently to verify and grade various successful exploitations.
Each of the participating teams begins with 50,000 points. Every incident and hack deducts points from the team. This includes non-external events such as server outages. Sager says that the teams must keep all of their network services operating for the duration of the event.
Sager explains that the NSA tries to incorporate successful techniques into future exercises. In the event’s early years, he notes, the red cells ran rampant through school defenses, but over time, the networks have become more sophisticated. The exercise has also driven and enhanced the academies’ computer networking curriculum, he adds.