Oak Ridge National Lab, in cooperation with six other National Labs, has now twice held a cyber security competition across the nation, involving 70 university teams, and 1000 volunteers. The most recent event was in December 2018. The competition expanded from one held at Argonne National Lab involving schools and resources local to the Chicago area. The Department of Energy now sponsors the competition and changed its name to CyberForce (tm) (cyberforcecompetition.com) in order to emphasize its goal of workforce development. A unique feature of this competition is each team receives a physical Industrial Control System that is part of what they have to defend. The remainder of their systems are in the cloud - the last two competitions have used Microsoft Azure. The Blue Teams are in the role of making sure their power plant remains operational in spite of attack by Red Team professionals. The hybrid of cloud and physical resources is part of the challenge the students face when competing in this competition. Another unique feature of the competition is the role of Green Teams who are non-specialists who come in on competition day, read the documentation, and operate the power plant. They do not have direct connection to the Blue Teams, except through whatever help desk system is specified and maintained by the Blue Teams. The teams have a month beforehand with their competition environment in order to prepare for the day of competition
This talk will describe the full competition environment and structure, the various ways that this competition helps with workforce development, datasets captured competition day, and the relationships between businesses, universities, military, and laboratories that are a part of this competition. In addition, for this B-Sides talk, we will describe the technical details behind the competition. Especially interesting to the audience will be:
- The role of the Red Team attackers. In the most recent competition the Red Teams operated as an inside threat.
- The technical details for how Azure was used to facilitate the hybrid structure of the competition.
- The preparation of the computer systems given to the students.
- The ICS devices and how SCADA protocols are implemented for the contest.
- Some overall story arcs of how vulnerabilities were built-in, found, and exploited.
The competition put the students into the scenario of being new employees in an unfamiliar environment, charged with supporting and protecting a vital business, using systems that they did not set up. This scenario describes what most security professionals face often in their careers.
The speakers are Jeff Nichols, Ph.D., Chris Craig, M.S., and Raymond Borges, M.S.. All are members of the National Security Sciences Directorate at Oak Ridge National Lab. Jeff is the lead at ORNL for the competition. Chris and Raymond led the Red Teams.