The U.S. Naval Academy is the winner of the 15th Annual Cyber Defense Exercise (CDX). Teams from the service academies built cyber-networks and spent four days in fierce competition defending those networks from attacks by the National Security Agency. The Naval Academy received the highest score based on confidentiality and integrity of information and availability of services
“Our goal is to provide a simulated real world educational exercise for military academy students,” said CDX Project Lead Angela Norwood. CDX serves three purposes:
Showcase and test skills
Prepare leaders to think critically through challenges
With the trophy come bragging rights. CDX has been compared to the Army-Navy football game as a rivalry event. This year, eight teams from six schools participated:
U.S. Military Academy (2 teams)
U.S. Naval Academy
U.S. Air Force Academy
U.S. Coast Guard Academy
U.S. Merchant Marine Academy (participating only)
Royal Military College of Canada (2 teams)
Five teams competed for the trophy, with more than 160 students participating.
The core exercise is divided into cells. Each academy is a blue cell defending its network against the NSA’s red cell. CDX Tech Lead Capt. Jonathan Bristow of the Air Force said they must defend key technologies and keep them available while fighting through the attack.
The gray cell simulates a typical end-user on the network. They click on links around the simulated Internet and occasionally those links are malicious. Bristow said this adds a layer of realism that many other cyber exercises don’t have.
The white cell is the referee; it monitors compliance with the rules. It also provides technical support for the blue teams, which connect to the CDX infrastructure through a virtual private network from each school.
Forensic challenges give students another way to demonstrate their skills in addition to the core exercise. Last year’s forensic challenge was so popular it was expanded to three challenges for 2015: a network forensic, a host forensic and a malware analysis challenge.
An automated scoring system began tracking events on each network on Monday, at 10 p.m. Students physically monitored the networks from 9 a.m.-10 p.m. each day, but scoring continued overnight in a limited capacity. The system scored millions of events over the course of the exercise. Bristow said that the bulk of the points are divided, with half given for availability and the other half given for integrity and confidentiality.
“The students can completely shut down their network such that the red cell can’t get on there and attack, that’s where the availability scoring counters that,” said Al Estevez, an NSA Information Assurance Directorate official. “In the real world, you have to balance that, between too many layers of security such that it’s no longer functional and ensuring that you have the right amount of security, to ensure that you’re protecting against attacks.”
NSA’s red team set up CDX headquarters at Parsons Government Services Facility in Columbia, Maryland. Eight were deployed to schools for onsite support. Blue teams worked from their respective schools but had the option to build the networks on NSA servers.
“All the services have different requirements for how they’re plussing up,” said NSA Information Assurance Directorate Official Alex Gates, “and they’re all drawing on personnel from this exercise, not only from the academies but also from the participants that support, actually develop and execute the exercise itself.”