Students compete in national cyber defense contest
Future leaders of U.S. cybersecurity practice defending against threats to retail systems
Rochester Institute of Technology’s cyber defense team competed with the nation’s top cybersecurity colleges at the 2017 National Collegiate Cyber Defense Competition held April 13-15 in San Antonio. A team of RIT students also took third-place in the weekend’s Panoply event, a capture-the-flag-style network attack and defense competition.
During the two-day event, 10 of the best student teams in the nation worked to fend off cyber attacks from a team of industry professionals, known as the red team. University of Maryland, Baltimore County took home the first-place trophy, while University of Tulsa placed second and Brigham Young University placed third.
In this year’s real-world scenario, student teams defended against cyber attacks that could threaten to shut down a comic book retailer with 160 employees. Teams were scored based on their ability to detect and respond to outside threats. They were also tasked to maintain availability of existing services, including an ecommerce website, multiple point of sale systems, inventory systems and other systems you find in a typical retail company.
“I thought that this year’s competition was very challenging and put us out of our comfort zone in multiple different ways,” said Cameron Clark, a third-year computing security student and captain of the RIT team. “It also seemed like they were taking some steps to modernize the competition, as the injects seemed much more applicable to things we would see in the real world.”
The team said a few attacks were very unexpected. For example, a red team member was able to trojanize their ESXi virtual machines, something they didn’t even know was possible.
“Over the two days of national competition, there were likely more offensive attacks against them than many security practitioners might see over the course of a year,” said Bill Stackpole, professor of computing security and coach for the RIT team. “They were under immense pressure to secure their systems and to address attacks, all while continuing to keep their business systems running.”
Stackpole described the team’s performance in three words: Grace under pressure.
The RIT team also took third-place in the Panoply event, a capture-the-flag-style network attack and defense competition. In the optional Panoply event, a team of four members attacked multiple networks, scoring points for how many systems they could successfully secure and protect.
The competition also stands as an opportunity for students to meet industry professionals and sponsors in hopes of making connections and getting jobs.
“The best conversation I had was not one of working for Raytheon, but rather that we should follow our passions and make sure wherever we end up that we’re happy,” said Clark. “Representatives from Amazon also visited our room often, so we were able to talk to them about our mindset and strategies as they saw them unfold.”
The RIT student team is made up of Clark, who is from Saco, Maine; Kyle Carretto, a second-year computing security student from Batavia, N.Y.; Brandon Adler, a third-year computing security student from Pittsford, N.Y.; Joe Graham, a third-year computing security student from New Hampton, N.Y.; Ryan Whittier, a fourth-year computing security student from Rochester, N.Y.; Dave Kukfa, a fourth-year computing security student from Penfield, N.Y.; Ben Bornholm, a fourth-year computing security student from Royersford, Pa.; Micah Martin, a second-year computing security student from Fort Loudon, Pa.; Sean Sun, a second-year computing security student from Fresh Meadows, N.Y.; James Trimer, a computing security graduate student from Rochester, N.Y.; Kristen Tumacder, a third-year computing security student from Aiea, Hawaii; and Hans Johnson, a fourth-year computing security student from Middleport, N.Y.
In 2012, RIT broke the mold of traditional cybersecurity education by creating the Department of Computing Security in RIT’s B. Thomas Golisano College of Computing and Information Sciences, the first academic department with both undergraduate and graduate degrees devoted solely to computing security. Today, RIT is helping to fill a national need for qualified computing security professionals as a National Center of Academic Excellence in Information Assurance/Cybersecurity Education designated by National Security Agency and Department of Homeland Security.