The Cyber Defense Exercise, the tenth such exercise to be carried out by the NSA, tasks participants with the creation of full-service IT systems providing email, web servers and other resources. A 'red team' then sets out to compromise the network over a series of days.
Network specialists tasked with securing the U.S. government’s most sensitive communication systems will challenge service academy teams in their ability to defend computer networks the students have designed, built and configured at their respective schools. The entire exercise was conducted on virtual private networks, providing a safe path for the exercise while preventing interference with real-world networks. A separate group of specialists will grade each team’s ability to effectively maintain network services while detecting, responding to, and recovering from network security intrusions or compromises."
Teams from seven US academic institutions are competing in the exercise: the Naval Postgraduate School, Air Force Institute of Tecnology, US Military Academy at West Point, and the US Naval, Coast Guard, Air Force, and Merchant Marine academies. The Royal Military College of Canada is also a participant.
Attacks by the red team are restricted to known vulnerabilities, but the defenders will also have to cope with a user injected into the process who opens unauthorized mail attachments and performs other dangerous activities, according to an interview conducted by CNet with Air Force Captain Mike Henson. Participants must 'fight through', learning how to deal with a compromise when it arises, said organizers. They are not allowed to hack back, but must be purely defensive in their responses. However, they will be given the chance to go on the offensive in a 'capture the flag' competition held on Friday.
The Cyber Defense Exercise, which started last Tuesday, is hosted by Lockheed Martin and ended on Friday.