Cyber defense competition coming to University of New Hampshire
DURHAM — The University of New Hampshire will host the Northeast Collegiate Cyber Defense Competition for the first time in the competition’s seven year history March 14-16.
The UNH Cyber Security Club “Wildhats” will host teams from Alfred State College, Champlain College, Northeastern University, Rochester Institute of Technology, SUNY IT, Syracuse University, University of Maine, University of Massachusetts – Boston and Worcester Polytechnic Institute.
Event organizer and former Wildhats coach Ken Graf said the UNH club has been meeting for about four years.
“It really is just an informal group where the students come together once a week and the bottom line is they really play with the things that they think are interesting,” Graf said, Topics of interest include Web hacking and Bitcoin, he said.
When he began teaching at UNH about four years ago, he felt there ought to be a club to let students do things which the normal academic program would not allow for.
“You shouldn’t be teaching people how to break things, right? It was all done informally in the club. We could find sites that wanted us to attack them with permission, we could discuss the tools that were available. So it was really starting in that vein as a way for students to get familiar with what was going on,” Graf said.
The students also participate in competitions both virtually and in person.
In this event, there is no attacking of other people’s systems, but that is not always the case. Sometimes the students do have permission to attack systems to help show what is working and what is not.
In this event, the students on each team are all on the defense being attacked by an independent “red” team.
Competitions are held in 10 regions and the winner from each region will travel to Texas in April for the national competition.
The winner of the Northeast region has won the national competition three out of eight years.
“We have a really good red team, so they get excellent practice,” Graf said.
Graf said the regional and national events are continuing to grow.
He said there are also a lot of career opportunities in this area, as represented by the long list of sponsors who will be recruiting at the event.
In UNH’s first year of competition five seniors on the team not only had job offers after the competition, but job offers with the companies they wanted to work for.
“It’s not unusual that the winner of the regional or national events, the entire team will have job offers by the end of the event. It is very competitive,” Graf said.
Blue chip firms and defense companies sponsor and recruit at the event.
Graf, who works as a software architect for Liberty Mutual, teaches an introduction to computer security class and a graduate level class on building secure software.
“The bad guys have a whole set of tools … and a range of motivations and they use different techniques based on how much money and time they have and as someone who is looking to be hired into IT or is looking to write secure software or write software period the students really need to have an understanding of how and why their things could be attacked,” Graf said. “So corporate America spends a lot of time trying to train employees on what’s the right way to do this. If, as a student, you can come in and have a reasonable conversation, you don’t have to be an expert, but can hold your own in a security discussion, that is a big step ahead.”
The competition will begin on Friday at 11 a.m. with keynote speaker U.S. Army Brigadier Gen. Ron Bouchard.
During the competition up to eight students on each team will go into a room and essentially serve as an IT department for a small firm.
“So you have to manage Web servers, email servers, Sharepoint, whatever you’d expect in a small firm. So those systems may or may not be working well, the owner of the company will be making requests to change this or try this new product or make the screen blue or whatever … and at the same time, they have a team taking their systems apart,” Graf said.
The people who do the attacking are the likes of Raphael Mudge and Silas Cutler with Dell’s security division.
“These are people who spend all day every day doing nothing but attacking Fortune 100 size companies and getting paid a lot of money to do it and they do this event so they can practice all their new attacks and new stuff on a new environment,” Graf said.
The red team has almost 200 different types of attacks planned.
The students will spend the vast majority of the weekend in competition.
“It really is a very grueling weekend. They don’t have a lot of time for fun, no hockey games for them,” Graf said.