Zero trust, top key exploited vulnerabilities part of 5th annual cyber cup challenge

Whether you are a chief information security officer, a cybersecurity analyst or have nothing to do with securing networks or systems in your day job, if you want to test your mettle against other federal experts, the 5^th annual President’s Cup Cybersecurity Competition is your opportunity.

The federal employee-only contest pits teams of federal employees and individuals from across the civilian, defense and intelligence communities against not just each other, but against the smart folks at Carnegie Mellon University’s Software Engineering Institute, which helps CISA develop the contest.

“Every year we start our challenge development cycles by looking at new vulnerabilities that have come out that year, looking at some relevant topics to the cybersecurity community. We take a look at CISA’s key exploited vulnerabilities catalog to see what we can put in there that’s testable within our infrastructure,” said Michael Harpin, the competitions section chief within the Cyber Defense Education and Training branch at the Cybersecurity and Infrastructure Security Agency in the Homeland Security Department, in an interview with Federal News Network. “We have some challenges this year that are focusing on zero trust architecture as well because that’s a highly relevant topic within the community. On top of that, we’re always looking to push the limits within our competitions. We’re going to incorporate some physical industrial control systems (ICS) escape room challenges into our teams finals that we host in person at CISA’s facilities the week of April 15. We’re really looking forward to incorporating these new wrinkles and giving new vulnerabilities out to our participants.”

The “capture the flag” competition also includes some aspects of artificial intelligence and large language models. Harpin said the real test is around a lot of the fundamental skills within the workforce CISA wants to continue to assess and test.

“Those are always key to see within not just the competition, but also to see within workforce development,” he said.

Teams of two-to-five must register by the end of Tuesday, while individuals have until Feb. 6.

“The competition gives individuals a task that they have to solve within a virtual regime. For us in the Presidents Cup, it’s very simple for all of our participants as all they need is access to the internet and a web browser. We make it very lightweight for our participants to play,” Harpin said. “We’re seeing a lot of mixed teams in the competition. We’ve seen the Postal Service join with some Department of Defense individuals. We’ve even seen some mixed teams of military branches, but still no teams that have Army and Navy individuals on the same group.”

The individuals competition is split into two tracks, with one focusing on defensive work roles and tasks, and the second track focusing on offensive work roles and tasks.

Harpin said in the past some individuals make it into the finals of both tracks.

The Army has won the teams competition every year, and teams or individuals from the Defense Department make it to the winner’s circle annually.

But other agencies such as the FBI are gaining ground, with an individual from the bureau placing within the defensive competition last year. Harpin said that was the first time the FBI advanced that far.

“This year we’re allowing individuals to register by their agency and not just their department as we’ve done in years past. We’re seeing a lot of growth within the competition around who’s been out there playing,” he said. “We think that’s also going to give some additional representation to these other agencies in the finals and in our winner’s circle that they can represent the agency that they work for, and not just at the high level department level.”

Harpin added that even if federal employees do not enter the competition, they can still take advantage of the practice area CISA set up with previous year’s challenges.

By posting puzzles from previous competitions, CISA hopes to not only attract new competitors but also give folks some motivation to see if they have the aptitude to work in the cybersecurity sector.

“It’s a community and we’re trying to get that encouragement from supervisors for employees to take part. Obviously, operational need comes first, but it’s a great opportunity to highlight some unique skill sets in the workforce,” Harpin said. “It’s also hard and everyday work to really verify that negative [that your cyber defenses are working]. Did you properly set up your network? Did you defend that threat? While the competition is a game and it’s a gaming environment, it still has those real world tasks within it and this gives them an opportunity to shine. We encourage everyone to play, get some hands-on experience.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.