The Department of Homeland Security is throwing down the gauntlet to the government’s best cybersecurity minds.
DHS today launched the President’s Cup Cybersecurity Competition, daring individuals and teams across the military and civilian workforces to compete in a three-part challenge over the next three months. Registration for the competition is open through Sept. 27.
Insight by MFGS, Inc.: In this exclusive Federal News Network survey, cybersecurity experts from the military services and intelligence community offer insights into how their agencies are transforming their approaches to cybersecurity to address the ever-changing threats.
Rob Karas, the deputy director of vulnerability management at the Cybersecurity and Infrastructure Security Agency at the Homeland Security Department, said the President’s Cup Cybersecurity Competition is not just for federal cyber experts, but any government worker who thinks they have what it takes break the code.
“The President’s Cup Cybersecurity Competition is a competition aimed at identifying and recognizing the best cybersecurity talent in the federal workforce,” Karas said in an interview with Federal News Network. “We are sure there is some great technical talent out there and we want to identify them. It will give people who may not have a chance to show their skills on a daily basis against some of the best in the nation, so it will be a one-size-fits all competition.”
DHS developed the competition over the last four months after President Donald Trump signed a cyber workforce executive order in May. The President’s Cup includes three rounds. Contestants—both individuals and teams—take part in the first two rounds remotely to answer Jeopardy!-like questions that will require more than an answer, but will have to solve the challenge in a virtual environment.
“It might be a forensics question or an incident response question or a question that asks, ‘how do you exploit and break into this system?’” he said. “It will not be a yes/no or a fill in the blank type of question. They will have to dig around and solve a problem.”
Karas said each round will become more challenging than the previous one and the top 100 individuals will qualify for the second round, while one team from each agency that registered and the top 15% of the teams after that will move to round two.
The top five teams and top 10 individuals will qualify for the final round, which will happen in person in CISA’s facility in Arlington, Virginia.
Karas said the third round includes two competitions. The first is an escape room challenge for each team or individual, and then a capture the flag contest.
“It will all be based on the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education (NICE) framework and tied back to that,” he said. “One of the concepts we are building right now is a simulation of a nuclear facility. The teams will be put into a nuclear facility, something is malfunctioning and they have to figure out what is happening, diagnose it and work their way out of it.”
Karas added that finals scenario still is in development and may consist of a different setting. But either way, he said, it will be a scenario driven challenge encompassing skills from across the NICE framework, but the setting and story will be learned by the competitors when they arrive.
The competition lasts eight consecutive hours for the first two rounds, and Karas said DHS is encouraging agencies to think of this competition as part of their employees’ cyber training requirements.
Karas said he plans to let some of his team at CISA, who haven’t been involved in creating the competition, take part in the contest.
Karas said the competition is open to anyone who is interested whether or not they work in federal or military cybersecurity on a daily basis. But the President’s Cup is not open to contractors, academia or citizens in the first year. CISA, however, may provide separate competitions for communities of interest In future years such as Scholarship for Service participants, FFRDCs, academia and others.
“In my opinion, the best team would be a couple of individuals who have expertise in the NICE framework so whatever question comes up, they can turn to one of their team members to tackle the question,” he said. “It’s meant to recognize the top cyber people in the government, but it’s not limited to them. I work with a lot of various work groups and roles and there are a lot of technical people. As we move along, we have to think cybersecurity is everyone’s job and not just the 2210s.”
Karas said federal employees interested in competing should throw their hat in the ring no matter how much cyber experience they have.
“We want people to think CISA is the conduit to bring everyone together. When you think of cybersecurity, everyone has their own mission and they have to execute it. But everyone needs expert help and CISA is here to help,” he said. “CISA is setting the standard for people to follow and things like this competition brings people together because the more information we share and the more we can build relationships the stronger security we will have as a nation.”