The National Cyber Range Complex (NCRC) Charleston, located at Naval Information Warfare Center (NIWC) Atlantic, recently hosted teams of cybersecurity professionals to compete and hone their cybersecurity skills in the NCRC Cyber Red Zone Capture the Flag (CTF) competition.
Based loosely on the outdoor “capture the flag” game, as well as the board game, “Battleship,” this year’s Cyber Red Zone CTF event was given a maritime twist. During CTF, 35 teams competed in 48-hour time slots to find hidden clues and virtual flags by hacking into mock computer systems. In order to accommodate all the teams of cybersecurity professionals from across the Department of Defense, as well as the three collegiate Reserve Officers’ Training Corps (ROTC) teams, the NCRC held 11 sessions from early October to mid-November with four teams competing concurrently in each session.
The NCRC Charleston hosted two teams in October with participants from The Citadel’s Cybersecurity Team, as well the Marine Corps Operational Test and Evaluation Activity (MCOTEA). Although NIWC Atlantic cybersecurity professionals have previously participated in past National Cyber Range CTFs, this was the first year NCRC Charleston hosted any teams.
“By learning how to thwart an attack, or better yet, seeing how an attacker attacks, it helps cybersecurity professionals design better defenses, which ultimately protects your information and mine,” said Jeff King, NCRC Charleston director.
For the CTF, the flags were assigned point values based on difficulty and each team worked under the pressure of time limits to accumulate points, said Scott West, NCRC Charleston lead event director. The teams with the most points won in their respective event.
During the NCRC Cyber Red Zone CTF, cadets from The Citadel used their offensive cybersecurity skills to compromise modern wireless networks, web applications, and Windows and Linux operating systems. During the event, cadets also researched specialized embedded Real Time Operating Systems (RTOS) and communications standards, to include the National Marine Electronics Association 2000 standard and Automatic Identification System. Both of these communications standards are commonly used on marine vessels for navigation and engine operations.
As part of the event, West said that the cadets learned new lessons and techniques while solving several of the competition’s more complex challenges.
“We had to learn a lot of protocols, a lot of new skills,” said Citadel Cadet Shiloh Smiles, The Citadel. “We had to apply things used in other areas here in ways that are difficult. I was just trying my best to get information and do some damage.”
Cadets that competed in the NCRC Cyber Red Zone CTF are also recipients of either the National Science Foundation (NSF) Scholarship for Service (SFS) or the DoD Cyber Scholarship Program (CySP).
“These cadets will go on to spend at least three years working for the United States government as cyber professionals, so CTF training really helps to prepare them for future tasks,” said West.
The Citadel cadets expressed their appreciation for participating in the CTF at NCRC Charleston as a chance to reinforce classroom training.
“I don’t think anywhere else could have provided an actual experience like this for us.” said Smiles. “I’m really thankful that I was able to have this opportunity.”
The NCRC CTF event offered a similar experience for Marine Corps cyber professionals to practice and sharpen skills in a realistic training environment.
“Members of the MCOTEA team use these types of events to maintain proficiency,” said King. “MCOTEA is the independent operational Test & Evaluation authority for the Marine Corps and is responsible for the operational and cyber testing of products that NIWC Atlantic builds prior to them going to warfighters.”
While the networks and systems in the CTF are simulated, the technology represented is common to many of the systems actively being developed, tested, and fielded across the DoD, said West.
“Serial-based protocols used in the CTF are actively used in U.S Navy vessels and Marine Corps vehicles,” said West. “These type of events provide those vulnerability assessment analysts with tools and realistic challenges needed to identify deployments and determine potential mission impact to assess risk to interconnected mission-critical systems.”
NCRCs conduct cyberspace testing, training and mission rehearsal/preparation events for the full spectrum of DoD customers including those involved in research, development, acquisition, testing, training and operations. The NCRC Charleston supports a wide variety of event types including science and technology demonstrations, developmental test & evaluation, operational test & evaluation, security controls assessments, cyberspace operations training, cyberspace tactics, techniques procedures development, forensics/malware analysis, and cyberspace operations mission rehearsal/preparation.
The Charleston facility is one of two OSD R&E resourced Navy cyber test and training range facilities, with NCRC Patuxent River as the second facility.
Story by Kris Patterson, Naval Information Warfare Systems Command (NAVWAR)
Photo by Joe Bullinger, US Navy