Cybersecurity Contest Challenges Teams to Think Like a Hacker
By William Weir
Computer hackers descended upon UConn this past week, and for their efforts, came away with more than $100,000 in prize money.
Teams from 43 colleges including UConn gathered at the Lewis B. Rome Commons Ballroom to take part in various challenges at CyberSEED, a two-day cybersecurity conference that also featured speakers and panel discussions. Rear Adm. David Simpson, chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau, gave a talk about the state of national and international cybersecurity.
The conference, which took place Oct. 21-22, was organized by the Center of Excellence for Security Innovation (CSI), a partnership between Comcast and UConn School of Engineering’s Center for Hardware Assurance, Security, and Engineering (CHASE). It was the first of what is planned to be an annual event.
The competitions featured both software and hardware challenges, but the most popular was Capture the Flag. Here, teams hacked away at classified files of the fictitious country Cyberia, acting on behalf of the small neighboring nation Sanctus Pirata. The files provided details of the country’s oil rigs, allowing the smaller nation to tap into them if successful.
Teams came from as far as Washington State and New Mexico. Some were veterans of hacking competitions, others complete novices. Coming to UConn for their first hacking competition, East Tennessee State University flew into Connecticut at 2 a.m. Energy drinks and coffee figured heavily in their strategy. Their coach, computer science professor Mike Lehrfeld, said the team members had spent much of the past few weeks discussing strategies and different scenarios they might encounter.
“The competition allows them to showcase what they’ve worked on all year long,” he said.
In the end, it was Brown University who took top honors based on speed and the number of documents uncovered. They won $15,000 for first place. Overall, more than $100,000 was awarded to winning teams. No one went away empty-handed: every participant received a Samsung tablet.
So how do you prepare for a hacking competition?
“Lots of YouTube video, lots of Googling,” said Andrew Rector, a senior with the team from Bloomsburg University in central Pennsylvania. Even though they were taking on the role of the bad guys, he said, “these kinds of efforts will pay off for the good guys. You need to know how a system is vulnerable before you can protect it.”
Indeed, conference speaker Cheri Caddy, director of cybersecurity policy integration and outreach at the White House, told the audience that security efforts have lagged because of a lack of training in the field.
Michael Garvin, senior manager of product management for Symantec, was one of the architects of the Capture the Flag competition. They devise their games partly by current events – who’s committing cyberattacks and why – and from feedback from companies who want to protect their security.
These competitions, he said, are a way of identifying vulnerabilities in a company’s computer system.
“We’ll ask companies ‘What is it that you’re worried about?’ Then we can prevent those things from happening, or lessen the amount of damage,” he said. “We’ve seen some interesting and novel methods in these competitions – all the better to help us prepare.”