Posts Tagged ‘Cyberwatch’

Cyber Security Is Put to the Test

Friday, January 21st, 2011

cyber security

You have just been hired as the network and security administrator at a small company and will be taking administrative control of all information systems. You know very little about the network, what security level has been maintained, or what software has been installed. You have a limited time frame to familiarize yourself with the network and systems – and a hacker has begun to actively attack your company. In the midst of this crisis, you still have to keep up with the needs of the business and user demands while maintaining service level agreements for all critical Internet services.

Does this sound like the ultimate nightmare for an Information Security professional? Well, it could be. But, in this case, it’s actually an opportunity. That’s because this scenario is part of the National Collegiate Cyber Defense Competition (CCDC), a sophisticated three-day long security challenge and training event that tests students’ abilities to manage and protect a “commercial” network infrastructure – like the thousands upon thousands of real networks across the U.S.

The competition was introduced in 2005 to provide students with a valuable chance to test – and improve – their cyber security skills. It has the added benefits of bolstering participants’ resumes and introducing them to networking contacts in the job market.

CCDC keeps pace with real-world cyber threats facing companies and organizations around the country. Last year, for example, the Cyberwatch Mid-Atlantic Regional CCDC qualifying competition tested students with a serious cyber threat that often goes unchecked: the inside attack or “the Invisible Intruder.”

As an article in informIt described, students in the competition came face-to-face with “the Intruder,” a “fellow student” who appeared during the competition under the guise that he was interviewing participants for a research paper he was writing. All of the competitors who were approached by the Intruder happily agreed to talk with him, and even agreed to be photographed. After all, he looked like them. He sounded like them. He shared their interests and was enthused about what they were doing. No one noticed that he wasn’t wearing the ID badge required of all competitors. And no one hesitated to answer his increasingly probing questions. The end result: 13 students from five defending teams revealed highly sensitive security information – enough to devastate a business in a real-world situation.

The point of this exercise is clear: While layers of security and policy can help to squelch external attackers attempting to gain access to a company’s internal systems, another threat may be looming in plain sight in the form of a company insider with full access to the organization’s systems and understanding of the environment.

What would you have done in this situation? If you’d like to test your Cyber Security skills or learn more about the growing demand for cyber security technicians, visit CyberWatch, the ATE Center based at Prince George’s Community College.