Academy teams do battle in cyber exercise
The Service Academy Cyber Stakes, hosted by DARPA, raises the skills of cadets and midshipmen.
One of the big challenges the Defense Department faces as it expands its cyber operations is manpower. The U.S. Cyber Command and the services plan to add thousands of cyber operators over the next few years, but cyber expertise is in short supply even in the private sector.
So with all the necessary skills unlikely to walk in off the street, DOD is focusing on training its operators, with programs at each of the services and at the National Defense University’s iCollege. The Defense Advanced Research Projects Agency also is assisting with training, recently hosting a pilot competition called the Service Academy Cyber Stakes.
The competition, held Jan.30-Feb. 2 in Pittsburgh, featured teams from the U.S. Military Academy, Naval Academy and Air Force Academy — 50 cadets and midshipmen in all — taking part in five events that led to a live capture-the-flag exercise, according to the American Forces Press Service. The teams defended the same infrastructure while attacking each other.
“Our primary thrust, because all the service academies are going to produce junior officers upon graduation, is to help [the graduates] develop skill sets necessary to be effective cyber warriors,” said Dr. Daniel "Rags" Ragsdale, DARPA program manager and a retired Army colonel whose research has included computer network operations, cyber deception and cybersecurity education.
Part of the program is teaching a full-spectrum approach, Ragsdale said, which includes skills such as reverse-engineering binary (machine-readable) code in search of vulnerabilities, and understanding how cryptography works within an infrastructure—and how it can be undermined. In one of the events, for example, teams worked through a large collection of Linux binaries, with the winning teams discovering more than 100 flaws.
“We fundamentally believe that you have to understand at a deep technical level the approaches, methods and techniques that adversaries take in trying to subvert the security of our systems,” Ragsdale said.
The teams had help, receiving training from a couple of cybersecurity heavyweights: David Brumley, technical director of Carnegie Mellon University’s CyLab, and Dan Guido, CEO of cybersecurity company Trail of Bits and hacker-in-residence at New York University Polytechnic School of Engineering.
In all, the team members “outperformed our expectations,” Ragsdale said, and he plans to recommend that DARPA continue the program, though that could depend on the agency’s other priorities.
If not from DARPA, training will have to come from somewhere. DOD has to train about 4,000 more cybersecurity experts by 2017, DARPA said.
NEXT STORY: When GPS falters, where will the military turn?