CDX 2017: The winner is …
On 14 April 2017, the U.S. Naval Academy were announced victorious in the 17th Cyber Defense Exercise (CDX). This is the fourth year that students from the U.S. Naval Academy have come out on top at CDX.
This year, students from the U.S. Coast Guard Academy, U.S. Merchant Marine Academy, U.S. Military Academy, U.S. Naval Academy (USNA), and Royal Military College of Canada (RMC), competed in the Blue Cells teams. For more background on the event, please visit this article released prior to the event.
The adversarial Red Cell began its engagement with the Blue Cell networks Tuesday morning, emulating attacks as would real adversaries, 24 hours per day. Lt Col Sam K., the Unix Team Lead on the Red Cell, said that the most common access method to Blue Cell Networks continue to be human error, targeted VIA spear-phishing, as it gives the adversary a foot hold into the network. From there, the Red Cell would survey other areas of the network and abuse credentials, run scripts to identify other users, and look to see if any software on the network can be exploited.
Targeted by the Red Cell activity, the Gray Cell participants acted as every day users, for example, clicking links in emails and falling prey to spear phishing attempts. Michael R., the Gray Cell Lead, said they attempted to create a small haste act of traffic and activity. "We've seen multiple schools who have implemented mitigation strategies to mitigate threats of malicious users," he said on Wednesday. "Some strategies have been good - some bad." The "bad" strategies typically prevent damage, but block usability for the everyday users on the network.
Working closely together, user feedback from the Gray Cell is then forwarded to the White Cell, who communicates to the Blue Cell that there is a user access issue on their network. Robert C., the White Cell Lead, said that there is a Directive that CDX participants in all Cells must follow, though it is not all-encompassing. Some methods used by any of the Cells may violate the spirit of the exercise and the White Cell has to decide upon penalties. However, Robert said that the students pay close attention to the Directive and do their best to abide by it. "They look at CDX as a contractual exercise of rules, constraints, boundaries, and penalties, and they try to push those boundaries and use it to the best of their advantage," he said.
This year, a number of cadets and midshipmen had the opportunity to participate in the Red Cell at CDX headquarters, where they experienced the other side of the challenge from their class mates back at the academies. MIDN Chad R., a Red Cell student of the U.S. Naval Academy, said that some of his friends are on the Navy Blue Cell team. "They all think the Red Cell was already in their system before [the exercise] began," he said.
The Red Cell student participants' academic focus is of or relating to cyber. CDT Daniel T., a Red Cell student from the U.S. Air Force Academy, has participated in other cyber-focused exercises and said that working in CDX has given him the opportunity to shadow professionals and learn what they do. "We get to learn about network penetration and pivoting," he said, "and how to limit the attacker to the borders of [the] network and push them out."
CDT Mason A., a Red Cell student from the U.S. Military Academy, is a computer science major, thinking about branching cyber. He said as of Wednesday the cadets and midshipmen were taking on a learning role. "We're just trying to learn from Red Cell members," he said, "looking over shoulders." The students were afforded the opportunity to explore the software that the Red Cell used and observe how it's used. They then worked to take over each other's systems in a controlled setting, connecting to each other's networks.
MIDN Chad R., a cyber-operations major, said that on Tuesday evening, the students sat with the Air Force reserves on the Red cell to observe activity on the Blue Cell networks. "They let us connect from our computers to see what was going on," he said. The Red Cell students first had to see if they could gain access to the Blue Cell networks and then looked for "tokens" that they could submit to the White Cell to deduct points from the Blue Cell teams.
New to the Blue Cell participants was the Unmanned Aerial Vehicle (UAV) challenge. Two of the Service academies chose to participate in the optional challenge: USNA and RMC. The students worked the week prior to CDX to build their UAV and execute their mission, which was to take down five targets protected by enemy UAVs. Their UAVs were then "launched" on Tuesday morning; once the UAVs launched, the students waited to see if their efforts were successful.
The RMC graduate students also participated in the UAV challenge as part of an Unmanned Ground Vehicle (UGV) Challenge. Sam A., from the Air Force Research Lab (AFRL), said that the UGV-working-into-UAV experience integrates cyber operations into physical effects. The AFRL brought specialists to work on the Red Cell for a scenario in which the specialists recover an UAV that belongs to the graduate students. They then perform reverse-engineering on the software associated with the UAV. The students' objective was to take down four targets, two of which were simulated surface-to-air missile sites, using their UGV and UAV resources.
At CDX headquarters, the AFRL supplied a UGV with an attached video camera with which the RMC grad students could see the vehicle's surroundings. Sam said the students could also move the vehicle with a Play Station 3 controller from their location in Canada.
The RMC graduate students also competed against NASA and NSA teams in the Space Cyber challenge (SCC). The SCC is designed to teach next generations to think about cyber security in relation to space. One of the engineers in charge of the program said that they plan to offer this to the undergraduate students in the future; this year, they are testing the challenge on the graduate students. "They seem to be grasping it well and working well with the hardware," he said on Wednesday during the event. By using a model satellite, mocked up ground station, and a representative plot of where in space the satellite is "located", the teams conducted simulated operations associated with the tools as they would use in real-world operations. In that context, the teams had to defend their satellites from each other while attacking the other teams' satellites. In the background, Red Cell members also emulated adversary activity.
CDX continues to put the student-experience at the highest priority of the event so that the Nation's next generation of cyber warriors are ready for future cyber challenges. "We're here to cater to an educational exercise - not every school works at the same level, and that's okay," White Cell Lead, Robert C., said. "Our job is to elevate them from students to professional network defenders."