Military Embedded Systems

National Collegiate Cyber Defense Competition highlights cybersecurity skills and opportunities


April 07, 2015

Sally Cole

Senior Editor

Military Embedded Systems

The U.S. military says that it wants?6,000 new ?cyberwarriors? by?2016; the Pentagon has requested?a $5.5 billion cybersecurity?budget for FY2016, and?the Obama administration is seeking $14 billion. Cybersecurity has clearly emerged as?a national imperative.

The escalating onslaught and sophistication of cyberattacks – especially ones sponsored by nation-states – targeting U.S. military and defense contractors, the U.S. government, as well as both public and private industries, has clearly demonstrated an urgent need to improve cybersecurity.

Although the U.S. Department of Defense (DoD) seeks to add 6,000 new cyberwarriors by 2016, it has run up against a severe shortage of information security (infosec) talent.

One program that’s helping highlight cybersecurity skills and careers at the collegiate level is the annual National Collegiate Cyber Defense Competition (NCCDC), most recently held April 24-26, 2015 in San Antonio, Texas.

Once a year, NCCDC brings together 2,000 students who compete in qualifying and regional events to earn a spot on the 10 regional teams that move on to compete for the national title. To win, teams must keep a mock business running while fending off a constant barrage of attacks.

“This is a defensive-only competition from the students’ perspective,” explains Dwayne Williams, director of the NCCDC. “The mock business networks involved are typically modeled around a commercial endeavor – including things like an online pharmacy, electrical utility company, or a hospital clinic.”

The networks are operational, but not secure, so the students must secure and defend them. What does this entail? “Maintaining critical services at all times,” says Williams. “Teams are scored based on their ability to keep services up and respond to typical business tasks like setting up a new service, doing risk assessments, or management tasks like adding or deleting users.”

Live “red” teams comprised of infosec experts attack the students to give them a concentrated taste of what real attackers might do, providing real-world experience.

“The sorts of things the red team is allowed to do here goes well beyond what’s allowed in commercial or government penetration tests – like locking out user accounts or wiping systems during certain points in the competition,” points out Williams.

Raytheon, a sponsor of NCCDC, works across a broad spectrum of cybersecurity and is actively searching for a “cyber workforce” with skills in three key areas: engineering, operations, and infrastructure.

“Raytheon needs security architects who can design advanced security solutions,” says Jeffery Jacoby, Raytheon’s program engineering director for Cybersecurity and Special Missions. “Cyberengineers who are experts at mission resiliency are critical if you’re representing the military community. These individuals understand how the systems we design and develop will operate in and around cyberspace, how they’re potentially vulnerable to attack, and, ultimately, how they provide mission or operational continuity in spite of an attack.”

Within the cyberengineering realm, Raytheon is also searching for computer scientists with a deep knowledge of computer science at the firmware, operating system, and binary levels. “Vulnerability researchers – experts at assessing vulnerabilities and identifying risks across a wide variety of platforms, processors, and operational environments – are also critical,” notes Jacoby.

For operations, Raytheon is on the lookout for talent with security operations center (SOC) experience. “These folks monitor and respond to threats, as well as maintain operational continuity, including intrusion detection and prevention,” Jacoby says. “This includes threat operations, which is similar to security operations, except that we anticipate and prepare for future threats. We also look for malware and forensics analysts to dissect and diagnose malicious software and operational anomalies, including traffic analysis.”

While the initial goal of NCCDC was to attract more talent and help get them into the workforce, another important goal is to improve the state of education by pushing universities to stay current by embracing new technologies and programming languages. “Teaching only theory to students doesn’t prepare them for a career in the military or anywhere else,” says Williams. “They need a more relevant, real-world technical education to be immediately useful when hired.”

Knowing that someone has gone through NCCDC sits well with Jacoby. He’s seen the pressure the students face and is quick to point out that they’re doing this on their own time, outside their regular curriculum. “This says a lot about their motivation,” he adds.

Mentoring opportunities – particularly from a military or industrial perspective – abound with local community schools and colleges. “Making a personal connection with a mentor working within the field truly helps to build that next generation of talent,” the NCCDC’s Williams says.