Cybersecurity

DoD continues domination of President’s Cup competition


The Defense Department, once again, dominated the President’s Cup Cybersecurity Competition. Service members from the Army and Marines Corps and a team of DoD experts won the individual and team competitions at this 5th annual event run by the Cybersecurity and Infrastructure Security Agency.

But civilian agencies are starting to close the gap.

Michael Harpin, the competitions section chief for the President’s Cup Competition at CISA, said once again the competition let federal workers demonstrate their cyber skillsets and gain some recognition for their talents.

CISA completed the finals of the 5th annual competition on April 26 and the Office of the National Cyber Director will honor the winners at an award ceremony at the White House on May 20.

The results of Track A for defensive operations:

  • Army Maj. Nolan Miles,
  • Marine Corps Staff Sergeant Michael Torres
  • Air Force 1st Lt. Sears Schulz

“We primarily focused on cyber defense incident responder and the cyber defense forensic analyst positions,” Harpin said. “In that competition, we had some challenges, like recovering from a ransomware attack. You also had to explore some network traffic to find an eight digit code for flood gates in a dam system. So we wanted to try and create some of these real-world type situations within our competition.”

The results of Track B for offensive operations:

  1. Marine Corps Staff Sergeant Michael Torres
  2. Army Capt Brian Welch
  3. Jakob Kreuze of the Air Force

“Some of the challenges they had to go through for this year’s competition included one was exploiting SCADA systems on a spaceship. In that, our challenge server would constantly check the environment that you’re in and provide you a flag if you properly overheated the reactors of the spaceship,” he said. “That was actually one of my personal favorite challenges this year. In another one, the individuals had to analyze a public GitLab site, so they could compromise a continuous integration and continuous delivery pipeline.”

The results of the Team competition:

  1. Artificially Intelligent — whose team included members of the Army and the Air Force. Four of the members were also on the winning team in 2022.
  2. Touch grass.txt — whose team included members of the Department of Defense
  3. Cyber Warfare Extremists — whose team included members of the Navy

Harpin said the team competition was one of the closest ever with Artificially Intelligent winning by just 60 points over Touch grass.txt out of a total of more than 30,000 points.

“Our team’s competition is broken up over two days in the finals. The first day we incorporated an industrial control system escape room developed by the Idaho National Lab. That was something new that we incorporated this year to give them a different experience,” he said. “In the ICS escape room, they were actually hands on some hardware. It was a fictional story of insider threat of a chemical company being acquired by a new company. So these people weren’t very happy. They raised pandemonium, which was the name of our of the escape room, with within the company. The goal was to restore the systems and then validate that you can complete an automated batch and they had to find some programmable logic controllers. They had to restore some human machine interface displays and even some virtual reality goggles as well within the escape room, so that that was a good new experience.”

Harpin said this is one area where a civilian agency team stood out. He said the team called the “Justice League” from the FBI was the only team that managed to escape during the competition.

Harpin said CISA already is planning President’s Cup 6 for next year. He said there are three things that the planning committee will take from this year’s competition.

“One is in continuing to incorporate new environments like the industrial control system (ICS) escape room. How can we give the finalists a new experience that can contest maybe even some soft skills like communication that’s why I wanted to shout out the team from the FBI that during that escape room. You had to constantly communicate a puzzle you solved or a password you found, and they are the ones who are out there, putting it on a whiteboard more than the other teams,” he said. “We want to find some hardware challenges as well that give them some new experiences. Another is continuously taking feedback from our participants. Getting back to our finals in person has been really valuable for us that we can have these open conversations with the finalists afterwards. And that’s been great. That’s how we grow the competition every year.”

Another possible change for future competitions is how to recognize individual or team efforts outside of the winner’s circle, such as fastest time to solve a challenge or top performing “rookie” competitors.

Harpin said next year’s competition is scheduled to start in January and go through April.

In the meantime, he said CISA is putting this year’s puzzles and challenges on the President’s Cup website for everyone to try and gauge their skillsets.

“We’ll have, at this point, over 200 challenges and within the coming weeks, we’ll make sure all of the challenges we used in Presidents Cup 5 finals are available. We post all the solution guides for those challenges on CISA’s, GitHub repository for individuals that get stuck. I can all admit that’s me a lot of times when I’m playing through the challenges, and it’s a great learning tool,” Harpin said. “If you have that step-by-step guide, it’s still a learning process to understand how to how to do a lot of these tasks. Since we stood up that President’s Cup practice area in September of 2023, we’ve had over 8,000 attempts so far. We’re excited to see that grow and continue to get used, all of that material can be found through CISA’s website.”

Harpin said the practice area is open to federal employees, and the GitHub repository is open to the public.

“We’re getting out to do more workshops using our President’s Cup material will be at the NICCE conference in Dallas, Texas in June where we are hosting a workshop called using games to motivate train and retain a cybersecurity workforce that will give people an opportunity to play through a handful of challenges, and how we build them on some open source applications,” he said. “We want to be able to scale that out how can we how can we do that more for the public and more for state and local governments. We’re exploring different ways that we can use that do that with the content we build within the President’s Cup competition.”

Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.





Source

Related Articles

Back to top button