Cyber Defenders – The Next Generation

By Bill Jenkins, Director, Coalfire

On March 2-3, the Rocky Mountain Regional Collegiate Cyber Defense Competition was held at the Regis University campus in Greenwood Village, Colorado.  I was fortunate to volunteer and participate as a member of the White Team.  Teams of undergraduates from the University of Colorado, Colorado State University, Kansas State, Regis University, the Air Force Academy, and Fort Hays State University competed.  A graduate team from the University of New Mexico participated as an educational opportunity.

The competition is part of a national program that has existed for several years. (  The event has good traction in much of the country, but is still establishing itself in the Rocky Mountains.

The basic scenario.  An online gaming company (something similar to Steam) was recently hit by a Katrina-like event wiping out their main location.  Through an agreement with Regis, the company stood up emergency operations at the campus.   The recovery team (Black Team) has just finished getting systems back up and now each team has to run operations for their copy of the corporate environment. 

The teams (6-8 students) were each placed in a classroom with three Windows and three Apple laptops, a white board, and a switch with an up link to their production environment.  They were given a basic topology map, addressing scheme, initial administrator accounts and passwords, and a DVD with Backtrack and a few other tools.  The network was basic but realistic and included ftp, mail, web, database and other common servers as well as a DMZ.  The environment also had a connection to the Internet.

The objective of the competition was to keep services up (Green) while dealing with business injects, improving their defenses, and reacting to Red Team (hacker) actions.  Service up times and scores were calculated by an automatic scorer which the teams could bring up and view.  The business injects involved memos from the CEO that would come periodically demanding items such as a password policy in an hour, new user account, changes in access controls, an assessment of a potential new permanent location, etc.  The CEO would also wander around checking on his staff, passing along user complaints, and generally providing obtuse responses to questions.  All in all, a nicely realistic scenario.

As a member of the White Team, I took turns sitting in with the teams to ensure they played by the rules, be a runner for questions, and to occasionally log into a laptop and gather data for additional scoring. 

The Red Team consisted of not only local players, but also remote participants (e.g. SPAWAR) who came in across a VPN to join in the fun.  Passing by the Red Team room, you could see quiet a chat session being projected on the screen.

While much of the two days was like watching paint dry as students typed away at their laptops, the event was very interesting, entertaining, and rewarding.  Each team had its own personality, talents, strengths and weakness.  All seemed to have good IT backgrounds, but with more of an ethical hacking tilt.  As a result when they hit the ground, each team generally set about the tasks of patching, malware prevention, and network monitoring.  The image of a bunch of soldiers landing on a beach and starting to dig fox holes came to mind.   Very few stopped to ask if this was a good place to dig in to begin with. 

As the competition progressed and the business injects came along, the focus shifted to running IT operations.  Improving defenses and detecting attacks became other duties as assigned.  Sound familiar?

The facility experienced problems with its own connection to the Internet, hindering the teams’ ability to download tools and search for solutions as well as limiting the resources for the Red Team.  This only added to the realism of the competition. 

In the end the Air Force Academy edged out the University of Colorado for the win.  The cadets will be provided an all expenses trip to San Antonio in April to compete in the national competition.  
The event was as great learning experience for all who participated – competitors and volunteers alike.  I plan to volunteer again and I would encourage all in the profession to support this activity in any way they can.   If you would like further information or would like to get on the list to be contacted for next year’s event, please reach out to