Operational Component

Overview

The qualifier and assessments are designed to test each student team’s ability to secure a networked computer system while maintaining standard business functionality. The scenario involves team members simulating a group of employees from an IT service company that will initiate administration of an existing IT infrastructure. Each student team is expected to manage the computer network, keep it operational, prevent unauthorized access, and accurately identify compromises and compromise attempts. Each team will be expected to maintain and provide public services, including but not limited to: a web site, a secure web site, an email server, a database server, and a workstation used by simulated sales, marketing, and research staff as per provided company policy and mission. Each team will start the qualifier and assessment with a set of identically configured systems.
This is not just a technical assessment, but also one built upon the foundation of defensive response under a concept of business operations, policy, and procedures. A technical success by a network penetrator that adversely impacts the business operation will result in a lower score as will a business success which results in security weaknesses. Student teams will be scored on the basis of their ability to detect and respond to outside threats, including cyber-attack while maintaining availability of existing network services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security against varying business needs.

Qualifier and Assessment Goals

  1. To promote fair and equitable standards for cyber defense and technology based qualifiers and competitions that can be recognized by industry
  2. To evaluate the defensive and responsive skills of each team under identical hardware, software application, and operating system configurations
  3. To demonstrate the effectiveness of each participating institution’s academic security program
  4. To be executed by industry professionals
  5. To have industry recognition, participation and acceptance of each qualifier and assessment
  6. To provide a cooperative and competitive atmosphere among industry partners and academia in the area of cyber defense education
  7. To provide recognition for participating teams
  8. To increase public awareness of academic and industry efforts in the area of cyber defense education

Team Identifications

Blue Team – student team representing a specific academic institution participating in this qualifier and assessment.
Red Team – Professional network penetration testers from industry
White Team – Representatives from industry who serve as qualifier and assessment administrative support and room monitors
Administration Team – May be comprised of State CCDN Director, the host sites Chief Administrator, as well as other representatives approved by the CCDN state director, who make up the administration team both in planning and during the exercises.
Chief Judge – Serves as the final authority on scoring decisions or issues relating to equity or fairness of events or activities. Is part of the administration team.
Green Team – Tech support; assists with any technical needs necessary to maintain the integrity of the event.

Systems

  1. Each team will start the event with identically configured systems.
  2. Teams may not add or remove any computer, printer, or networking device from the designated Blue Team area.
  3. Teams will be provided the overall system architecture, network configuration, and initial set-up on the morning of the event.
  4. Blue Teams should not assume any participating qualifying system is properly functioning or secure.
  5. Throughout the qualifier and assessment, Green Team and White Team members will occasionally need access to a team’s systems for scoring, troubleshooting, etc. Blue Teams must allow Green Team and White Team member access when requested and validated. Teams may use discretion for admitting non-recognized or validated individuals.
  6. Network traffic generators may be used throughout the event to generate traffic on each team’s network. Traffic generators may generate typical user traffic as well as suspicious or potentially malicious traffic from random source IP addresses throughout the event.
  7. Teams must maintain specific services on the “public” IP addresses assigned to their team – for example if a team’s web service is provided to the “world” on 10.10.10.2, the web service must remain available at that IP address throughout the event. A list will be provided. Moving services from one public IP to another is not permitted unless directed to do so by an inject request. Likewise, teams are not permitted to change the internal addressing or VLAN scheme of the qualifier network unless directed to do so by an inject request.
  8. Teams are not permitted to alter the system names or IP address of their assigned systems unless directed by an inject; this may affect the results of the scoring mechanism.
  9. In the event of system lock or failure, Blue teams will be able to perform a complete operating system restoration. The number of system restorations must be identified and reported to the event administration. Impact. Teams should also consider that system restoration will take time.
  10. Systems designated as user workstations within the qualifier network are to be treated as user workstations and may not be re-tasked for any other purpose by teams.
  11. Teams may not modify the hardware configurations of workstations used to access the qualifier network.
  12. Servers and networking equipment may be re-tasked or reconfigured as needed.

Qualifier and Assessment Rules: Acknowledgement & Agreement

Each student team that participates in the Michigan 2013 Collegiate Cyber Defense Qualifier and Assessment must:
  1. Be supported and attended by a full time faculty member of their institution.
  2. Agree to follow all the written, verbal or otherwise stated rules.
  3. Not participate in hack back, system compromise or vulnerability assessment activities of any network outside of the student network for their respective team unless specifically instructed to do so in writing by the competition director or chief judge.
  4. Participating students must be a minimum of 1/2 time at their respective institution and not employed in an IT or IT Security related function.
Qualifier and assessment rules are applicable to all participants of the Michigan 2013 State Qualifier and Assessment. They provide structure for the makeup of student teams, permitted actions during the event, guidelines for scoring, and contingencies for handling disputes. They also document expectations for appropriate conduct during the entire time participants are guests at the host site. Team advisers and team captains are required to sign where indicated, signifying their acknowledgement of event rules and their commitment to abide by them.
Team advisers and team captains are responsible for deploying the event rules to the remaining members of their team. A Team Packet will be provided to each team upon start of the qualifier and assessment activities. Host sites reserve the right to stipulate additional rules conforming to local policies and guidelines.