VOA Standard English
VOA Special English
VOA Videos
VOA English Learning

U.S. Cyber Challenge Training Hackers to Fight Criminals and Spies

By Meredith Hegg
Washington
14 August 2009

Computer security engineer Alan Paller recalls how the Soviet Union's 1957 launch of Sputnik, the world's first artificial satellite, spurred the U.S. government to accelerate its lagging space technology program. Now Paller, research director at an educational company called the SANS Institute, is leading the campaign to bring that kind of energy to defending cyberspace from assault by pranksters, thieves, spies and terrorists.

"The Cyber Challenge is a national program, not unlike the response to the Sputnik challenge in the late fifties, where the U.S. found itself no longer ahead," Paller says. "Now, it's no longer ahead in cyber security and this is the project to find the talent and nurture it so that we will surge back into the lead."

Students must work as a team to defend their computer network from attack
Students must work as a team to defend their computer network from attack
In addition to training camps, scholarships, and internships, the U.S. Cyber Challenge includes three talent-search competitions. Paller explains that the United States is not the first country to do this kind of thing.

"China, for example, has had an annual competition in every military district in the country for the last five years," he says. "The winner in Chengdu?for example, in 2005, turned out to be the person that the Department of Defense found deeply inside the Pentagon [computer network]."

Starting with high schoolers

The hunt for talented young Americans capable of preventing these kinds of cyber attacks began this year with a high school competition called CyberPatriot. In February, eight teams from the Orlando, Florida area competed in the initial round.

Sandy Schlitt of the Air Force Association, a nonprofit group that helped organize the CyberPatriot competition, says the event was a great success. "The excitement, the enthusiasm, was no different than you would see at a high school football game that was tied and [had gone] into overtime six times. It was absolutely huge."

Preparations for the second round of the contest begin in September. High school teams from around the country, connected via the Internet, will work to protect a computer network from unauthorized access over the course of a six-hour day.

Rick Smith is Principal Systems Security Engineer at Science Applications International Corporation (SAIC), one of the founding partners involved in the creation of CyberPatriot.

Rick Smith works both with and against the high school students competing in CyberPatriot
Rick Smith works both with and against the high school students competing in CyberPatriot
He demonstrates how he and other members of the attacking "red team" will probe the students' computer network for security weaknesses. "In this case," Smith explains, "we're going to?pick one of the known vulnerabilities for those systems and see if it actually works. If it works, that means as red team, I'm having fun, but it's bad for the students' score," Smith explains.

"And it looks like I did, so I'm sitting here and now I can do whatever I want?I'm going to turn off one of the [student network's] critical services." Students gain points by stopping the red team and keeping their computer network operational.

Internet competitions open to all

Another part of the Cyber Challenge talent search is an online competition called NetWars, which is open to anyone. Here, competitors work first to gain and then to maintain access to a computer system while keeping others out.

First round participant Josh Gimer says player attitudes changed over the course of the week-long game. "Initially it was kind of nice and we were really nice to each other, and it was, kind of, you know, 'Did you just do this?' And you'd say 'Yeah,' and they'd say, 'Okay, well, I'll leave that alone for now,'" Gimer explains.

But, says Gimer, "Towards the end it was all out brawling as we're going into it trying to compromise services that others had already compromised."

Actions that would be considered cheating in other kinds of competitions were legitimate in NetWars. According to primary designer, Jim Shewmaker, "The winner of the first round leveraged a vulnerability on the system that was doing the scoring and took advantage of that to score himself a huge amount of points, enough that he could relax the rest of the week."

Though the competition is challenging, Shewmaker thinks that's part of its appeal. "One of the most common feedback items we got was, I was frustrated with the game. I couldn't do what I wanted to. When can I play again?"

An important opportunity for hackers

Some might ask whether these competitions could create more criminal hackers than heroes. Paller counters, "If you're very good at hacking the only thing you can do to show how good you are is do negative things right now. So this program is the one program that lets you show that you're good and do positive things with your skills."

Two of the US Cyber Challenge competitions, NetWars and the US Department of Defense Cyber Crime Center Challenge, currently are open to international competitors. If you are interested, go to www.sans.org/uscc

Related Articles
  1. Lessons Learned from the 2008 War in Georgia (09/8/14)
  2. Remembering Record Industry Pioneer Les Paul (09/8/14)
  3. US Lawmaker Arrives in Burma to Meet Top Military Leader (09/8/14)
  4. India, Southeast Asian Nations Sign Free Trade Agreement (09/8/13)
  5. Report Warns of Greater Risk of Sexual Exploitation of Children (09/8/13)
  6. HRW Urges Israel to Investigate Gaza Civilian Killings (09/8/13)
  7. In Aceh, Indonesia Foreign Aid Creates Tensions Between Tsunami, Conflict Victims (09/8/13)
  8. Libyan Lockerbie Bomber Could be Released from British Prison (09/8/13)
  9. Kenya's Food Crisis Worsening (09/8/13)
  10. US Retail Sales Down, Jobless Claims Up (09/8/13)