April 10, 2017 —
The Cyber Defense Exercise (CDX) is an annual, week-long competition hosted by NSA Cybersecurity Operations (CSO) designed to sharpen the skills of our Nation and Allies' next generation of cyber warriors. Months leading up to the event, students from the U.S. Coast Guard Academy, U.S. Merchant Marine Academy, U.S. Military Academy, U.S. Naval Academy, and Royal Military College of Canada build and secure their networks in preparation for CDX. During the event, they work to defend these networks from cyber-attacks illustrated by CSO experts. CDX involves four groups called "cells":
- Blue Cell: Student teams from each of the military Service academies make up the respective Blue Cells. The teams must secure, operate, and defend the networks that they built from adversarial activity simulated by the Red Cell, and complete scenario-based challenges representing real-world threats and intrusions with consequences. The team with the highest score at the end of the exercise - based on the CIA Triad: Confidentiality, Integrity, Availability; as well as usability and challenge results - wins the National Security Agency Cyber Defense Trophy.
- Red Cell: NSA specialists and military experts make up the aggressor team, Red Cell, which conducts adversarial activities against the networks built by the Service academies.
- Gray Cell: Operated by NSA specialists, the Gray Cell acts as typical network "users," who generate emails and other message traffic and mimic actions of untrained or careless users. Actions of the Gray Cell can sometimes facilitate Red Cell attacks.
- White Cell: NSA specialists also make up the White Cell, aka 'the referees.' They interpret and enforce ground rules, adjudicate the competition, assign scores, levy penalties, and determine relative standings for all Blue Cell teams.
Apart from raising awareness among future military leaders and cyber experts about cybersecurity challenges, CDX reinforces classroom instruction and cyber club experience, building experiences needed to secure and defend real networks. Robert C., White Cell Lead, said the experience is invaluable to participants. "Each individual student becomes quickly and acutely aware of the gaps in their knowledge base and how it relates to the education they've received in school," he said. "They inevitably realize that their academic training is only the beginning of a lifetime of learning in a rapidly changing field."
Undergraduate students will compete against each other in four challenges, with points given to each Blue Cell for each successful step they accomplish:
- Reverse Engineering/Malware Analysis: The students will be required to use a variety of tools and techniques in order to determine the function of the provided binaries along with any other information useful to the defined objective.
- Host/Network Forensics: This scenario requires the students to perform forensics on a host and its network traffic. Memory, network traffic and storage media will be forensics (analyzed) in order to find malicious software or behavior.
- Offensive Ethical Hacker: The students will perform adversarial emulation in order to penetration test a network. The objective would be to proactively discover vulnerabilities so they may be mitigated by the system owner.
- Unmanned Aerial Vehicle (UAV): A scenario that requires the demonstration and synthesis of a multi-domain environment, especially cyber and physical domains, and the use and protection of the command and control communications link. Students will be applying defensive cyber skills when they are challenged with protection of the command and control communication link of a simulated UAV. They will also be learning offensive skills when they hack into simulated enemy UAVs that enter their airspace.
Similar to last year's exercise, a number of students will have the opportunity to participate on the Red Cell to see the other side of the cyber network operations. Curtis W., Red Cell Lead, said this experience "provides [students] an opportunity to see how real-world adversaries try to attack networks and exploit vulnerabilities."
Graduate students from the Royal Military College of Canada will also participate in two new challenges for CDX 2017. The Space Cyber Challenge (SCC) will provide students with an opportunity to secure and defend a network-accessed ground station and satellite against an attack by an unknown adversary; perform daily satellite operations; and attack other space missions on the network. The SCC is made possible by an NSA space systems security engineering team with support from the National Aeronautics and Space Administration (NASA). The Unmanned Ground Vehicle (UGV) challenge, made possible thanks to our partners at the Air Force Research Lab (AFRL) in Rome, NY, consists of two parts. The first requires students to defend the communications of their unmanned vehicle and complete missions; the second requires students to attack and take control of an adversarial unmanned vehicle using advanced hacking techniques. Such enhancements to the exercise benefit students, Jim T. said, as it "prepares them for their future careers defending the Nation against cyber-attacks."