The annual cybersecurity competition that pits teams from the nation's military academies against one from the National Security Agency began Monday at a facility of defense contractor Lockheed Martin.
Now in its eleventh year, the Cyber Defense Exercise (CDX) gives students from West Point, Annapolis and the Air Force Academy an opportunity to tackle the kind of daily challenges facing cybersecurity professionals.
They'll be detecting intruders, eradicating malware and adapting to increasingly sophisticated and dynamic adversaries.
Lockheed Martin coordinates CDX with the NSA. The defense contractor, which provides cybersecurity technology to the spy agency, sets up a private network for the exercise, which links all the academies with Lockheed's facility, in Hanover, Md.
The company also provides technical support for CDX preparation and execution.
Exercises like CDX allow students to get a feel for what it's like to be under attack, said Bill Stackpole, an associate professor who teaches network security at the Rochester Institute of Technology. He also coaches RIT's team that competes in the Collegiate Cyber Defense Competition (CCDC), which is an intercollegiate version of the CDX.
"If you were a boxer, and you never stepped into the ring before and Mohamed Ali or Mike Tyson gave you a couple of pops, it would be difficult for you to defend yourself had you never had any practice," he told CSO. "These competitions give you practice on the receiving end."
Cybersecurity competitions typically have a "red" team that act as adversaries for the students defending their networks.
In CDX, the NSA provides the red team. "The NSA is out there pretending to be the bad guys," CCDC Director Dwayne Williams said in an interview. "Their job is to break into each of the military academy's teams' network, steal information from them, shut down their services, degrade their capabilities -- that sort of thing."
Both the CCDC and CDX competitions focus on similar skills, he continued. They include working in a team, securing and defending a network and hands on practical experience that can't be had in a classroom or lab environment.
However, the attacker profile of the red team in CDX is a little different from the one on the collegiate level. "In the CDX, they're far more likely to concentrate on the attacker being an opposing nation-state or a terrorist organization," Williams said.
"Within CCDC, we don't put a face or name on the attackers. It's just the bad guys. They could be organized crime, a rival company or a rogue nation state," he said.
However, he added, the attack tools are the same -- probe the network, scan the network, break into the network, put in backdoors, steal information, set up dummy accounts and disrupt capabilities.
Sign up for CIO Asia eNewsletters.