The University of Tulsa competed in the National Collegiate Cyber Defense Competition this past weekend. Having won regionals in March, the team was excited to show their strengths on the national level.
With their team of eight, the University of Tulsa CCDC set off for the University of Texas San Antonio to compete as one of the ten teams fighting for the title of National Champion. The CCDC is a defensive cybersecurity competition designed to challenge college students to protect and secure hypothetical systems. Each team has to defend a system from a team of professional security engineers, while also competing against the other student teams. The University of Tulsa has been competing in CCDC for 10 years now.
The competition was the same type as Regionals, but on a larger, more difficult scale. Each of the teams were still acting as an IT firm for a mock business. However, this time they were a multi-site retail company with 160 employees. The team had to manage new services that the students had never seen before, such as old cash register “Point of Sale” systems and inventory systems. As an additional challenge, the teams had to keep ten new services running, as well as two “offsite” locations.
The students were up against the Red Team, a group of penetration-testing professionals whose job was to gain unauthorized access into their systems. This year’s Red Team had many skilled security experts, including six security engineers from Uber. These professionals spend months before the competition developing custom malware and systems to use in their attacks against the students.
“The Red Team had a great time this year,” stated senior Michael Frolich. “They had gained access into every team’s servers within ten minutes of competition start.”
Once the Red Team gains access to the server, the student teams focus in on damage control, trying to limit the amount of information the Red Team has access to. The students learn incident response procedures and important strategies to keep businesses running despite malicious attacks.
The teams are scored based on keeping their required services running, controlling and preventing unauthorized access from the Red Team and completing various tasks for the business throughout the competition. Points would be subtracted for violations of service-level agreements, usage of recovery services and successful penetrations by the Red Team.
Apart from the actual competition, the NCCDC had other fun activities to recognize the student’s hard work. Many recruiters from big technology companies such as IBM were at the event, talking to the students about careers in cybersecurity.
“It was an amazing experience, and I’d love to be doing that work full time,” said CCDC team member Ashley Etter.
This year’s national champions were the University of Maryland, Baltimore County, with the University of Tulsa in second and Brigham Young University in third.
“It was a ton of work, but knowing we barely missed first makes it worth it,” stated Frolich.