CCDC 2008
3rd Mid-Atlantic CCDC
:: Qualifying Rounds: January 12 and 19, 2008 – Lancaster, PA
:: Final Regional: March 7-9, 2008 – Lancaster, PA
:: Date: March 7-9, 2008
:: Location: White Wolf Security – Lancaster, PA
Who participated?
In 2008, nine teams participated in two one-day regional qualifiers with the top two teams returning later for a three day national qualifier. Teams were responsible for 18 IP assets with more than 10 different operating systems. The competition involved nine teams with five-eight students each, representing four year universities and community colleges from Maryland, Pennsylvania, and Virginia. Participating teams included:
- Anne Arundel Community College
- Community College of Baltimore County
- George Mason University
- George Washington University
- James Madison University
- Millersville University
- Nothern Virginia Community College
- Towson University
- University of Pittsburgh
Final Standings
CCBC advanced to the 3rd annual National Collegiate Cyber Defense Competition, April 18-20, 2008 in San Antonio, TX.
- Community College of Baltimore County
- James Madison University
- George Washington University
- Towson University
The Nitty-Gritty
Previous Mid-Atlantic CCDC infrastructure was initially limited to only those assets defended by the Blue Cell. In 2008, we replicated entire segments of the real internet; thus simulating assets that are not controlled by the defending teams, but are required to maintain functionality and connectivity to the outside world. The area with the most dramatic improvement is with the scoring. In 2006 the scoring engine was a perl script that accepted minimal input and generated rough scores. In 2008, the scoring engine now supports mapping visualization, basic Red Cell tracking, and three dimensional modeling of the teams’ assets.
The growth and scalability of these exercises are the result of corporate partnership with academia. The Mid-Atlantic region benefits from corporate investment in cash and kind to help support a complex and real world environment. In addition, sponsors and supporters make this competition possible. Several Red Cell members got leave from their employers to participate and enrich the CCDC experience; and yet the list continues. Paul Currie a Principal in Action International (a leading business coaching firm inLancaster, PA) played the role of CEO. All in all; more than ten companies contributed time, person-power, software and hardware; all to the cause of creating a valuable and powerful educational experience. As we rest from the efforts of March 7 – 9, 2008; we are already designing 2009 and reaching back out to the business community to once again expand and grow the Mid-Atlantic Experience.
One primary change over the years has been the removal of network infrastructure from the team’s control. Few universities in the Mid-Atlantic region actively teach Cisco hardware. In 2006; the Red Cell compromised the teams’ routers almost immediately. The disparity of Cisco IOS knowledge between the attackers and the defenders was significant. With the head end routers compromised; it was possible for the Red Cell to stop traffic to all the systems; thus preventing the scoring engine from making contact. While a single point of failure like this is a real world risk, the teams lacked the knowledge and experience to adequately mitigate and manage the situation. The result was early frustration on the side of the defenders and an over-focus on the router by the attackers. The teams simply lacked the skill base to manage the equipment. Therefore; the routers were
removed for the 2007 Regionals and continue to remain out of play until such time as the participating universities feel comfortable in dealing with them again. Equipment donations by Cisco to several participating teams is
making this re-entry a very near term reality.
Special Thanks
Goes to the following for making the Qualifying rounds a huge success:
- National Science Foundation
- CyberWATCH Center
- Tim Rosenberg, Dwight Hobbs, and Joe DeCree – White Wolf Security
- Chuck Durham – Seisan Consulting
- Red Team: Robert Danford, Omar Fink, Seth Fogie, Scott Hazel, Michael LaSalvia, Chris Patterson, William Salusky, and Jerry Shenk
- Mick Walsh and the rest of the U.S. Secret Service agents
- Kerry McKay – George Washington University
- Michael Dougherty – Bogdan Computer Services, Inc.
- Student teams and faculty from Anne Arundel Community College, Community College of Baltimore County, George Mason University, George Washington University, James Madison University, Millersville University, Nothern Virginia Community College, Towson University, and the University of Pittsburgh
- The folks from the Lancaster Brewing Company
A special thanks goes to the following for making this year’s Regional CCDC one to remember:
- National Science Foundation (NSF)
- CyberWATCH Center
- White Wolf Security: Tim, Joe, Dwight, and Matt
- Chuck Durham: Seisan Consulting
- Kerry McKay: George Washington University
- Juan Botero: D’BLEND
- Lina Almansa: D’BLEND
- Ed Bogdan and Mike Dougherty: Bogdan Computer Services, Inc.
- Mike Yaffe : Core Security
- Bill Richardson: PROMIA, Inc.
- Stephen Lawton: Acronis
- U.S. Secret Service
- Red Team: Robert Danford, Omar Fink, Seth Fogie, Russell Handorf, Scott Hazel, Michael LaSalvia, William Salusky, and Jerry Shenk
- Shane and Heather Desguin
- Distinctive Affairs Catering
- Student teams and faculty