ASU earns best finish ever in cybersecurity competition
Fulton Schools students look ahead after successful, short-handed year
Cybercriminals look to exploit gaps in intelligence and information security networks to steal what they are after. Their methods are continually evolving and so too must the efforts of cyber defense teams.
Each year the Collegiate Cyber Defense Competition, or CCDC, provides college students across the country an opportunity to flex their cyber skills in a competitive environment. It also highlights the students’ competency in managing the challenges that come with protecting corporate network infrastructure and business information systems.
The CCDC features a national competition preceded by nine regional competitions around the country. As part of the Western Regional CCDC event, students from the Ira A. Fulton Schools of Engineering at Arizona State University compete against teams from Arizona, California and Nevada.
The competition is meant to simulate what a security team within a business setting would experience while monitoring their environments and during live attacks. The scenarios enacted over the course of the event are a good example of what a high-stress environment could look like in cybersecurity, and they demonstrate the need for teamwork and collaboration.
This year, led by captain Leilani Sears, a computer science major in the School of Computing and Augmented Intelligence, one of the seven Fulton Schools, the ASU team had their best finish ever in the Western Regional. They won third place overall and first place in the defense category. ASU has competed annually in the competition since 2015.
“The competition is centered around a simulation of a business environment that is undergoing live attacks throughout the duration of the competition,” Sears says. “Ultimately, the purpose is incident response, cyber defense and monitoring a diverse infrastructure while completing business tasks such as configuring systems, providing comprehensive reports and risk analysis of vulnerable systems.”
Each year the teams are given scenarios with new themes to keep the competition fresh. A previous year featured a shipping company being attacked by hackers, and this year teams simulated working for a multi-service provider themed around clowns. CCDC is the first collegiate competition of its kind to specifically focus on the operational aspects of managing and protecting an existing “commercial” network infrastructure.
The scenarios highlight the unique challenges various infrastructure configurations will bring in terms of defense and hardening. In computing, hardening is the process of securing a system by reducing its surface of vulnerability; so, a single-function system is more secure than a multipurpose one.
For this year’s competition, ASU used the strategy of role-based task separation — an approach centered around roles and the delegation of tasks to each role.
The team’s main objectives were to harden what they could and ensure there was always at least one person working on the business tasks that were assigned throughout the competition.
“We trained students on different domains of the competition,” says Ankur Chowdhary, team coach and cybersecurity researcher at ASU. “The team understood the setup of the competition and used experience from previous years to segregate the overall competition into different areas of concern.”
The team’s computing infrastructure for their fictional multi-service provider was split into Windows-based and Linux-based operating system environments, so they dedicated members to admin roles to manage operations in each domain. Another key component of their strategy was a firewall defense of the infrastructure and another student was trained on the operation and management of the firewall.
“Communication was also key, and ensured we were able to coordinate successfully, especially when it got incredibly hectic all at once,” Sears says.
She says this year’s competition also posed a unique challenge: an understaffed team.
“Typically, there will be eight people active throughout the competition,” Sears says. “This season we had six people, so many of us had to jump around and serve as floaters to ensure tasks were being finished accordingly.”
Having competed in CCDC for several years, the team was able to draw upon past knowledge from Chowdhary as well as veteran members who would give insight into the competition very early into the season.
“As team captain, I was also able to implement strategies for coordinating and communication as I could pinpoint where we have struggled in past seasons and make it an initiative to fix,” Sears says. “Throughout training and practices that led up to invitationals, qualifiers and regionals, we were able to strengthen the skills we lacked, focus on further developing our defensive strategies and write scripts and practice with tools as necessary.”
Sears and Chowdhary say that ASU cybersecurity students from both ASU’s Tempe and Polytechnic campuses are encouraged to get involved for the upcoming 2022-2023 season.
“Every season our roster is formed through members from our cybersecurity club, DevilSec,” Sears says. “Interested members who display a willingness to learn and compete are welcomed warmly onto the team.”