Cyber Endeavour 2012
cloud_computing

Cyber Endeavour 2012

Operations in Cloud and Cellular Networks

CE2012

Naval Postgraduate School / Monterey, California

June 26 - 28, 2012

Cyber X-Games

Cyber Endeavour 2012 provides an operational environment for exercising offensive and defensive cyber techniques and practices during its Cyber X-Games which consists of the following four cyber-attack and -defend competitions
     -  Targeted Response and Analysis Challenge - Network
     -  Black Box Penetration Testing
     -  Incident Detection and Reporting Challenge
     -  Preventative and Defensive Measures

Cyber X-Games, a cooperative United States Army Reserve Joint and Special Troops Support Command Army Reserve Information Operations Command (JSTSC/ARIOC) and Carnegie Mellon University (CMU) initiative, provides prospective participants a unique opportunity to demonstrate and assess their Cyber skill sets in an individual and team setting. Cyber X-Games will be conducted on a state-of-the-art cyber security training and simulation platform called Exercise Network, or XNET, a platform currently used in Department of Defense and Government Tactical Cyber Exercises such as the U.S .Cyber Command (USCYBERCOM) sponsored Cyber Flag.
090706161304-lg
XNET

XNET, created by the CERT Program at the Software Engineering Institute, provides Cyber X-Games participants with web access to real-time, real-world security challenges and scenarios just like those they would encounter against an adversary.  Using the XNET platform (xnet.cert.org), the JSTSC/CMU team will administer a competitive exercise designed to test network penetrations skills and defense tactics.  Competitors will square off against one another by trying to attack the others' network while simultaneously defending and hardening their own.  In addition to gaining points by attacking and losing points by being attacked, competitors will also be required to keep a number of services operational as any business or military entity is required to do so (i.e., web site availability).  All teams will be given the same vulnerability-ridden network and must race to prioritize their attack, defense, and hardening tasks throughout the duration of the exercise.  A live based scoring mechanism will be used to check for attack tokens as well as service availability.

Scenarios

Targeted Response and Analysis Challenge – Network

Targeted Response and Analysis Challenge – Network is a live, team-based exercise involving a fictitious shipping company that is being subjected to a series of cyber-security events and anomalies.  Cyber X-Games teams will detect, identify, and report on increasingly complex events.   Staged quizzes will be interspersed throughout this exercise to test the teams’ understanding of the activities.  Teams will detect incidents on the network and answer leading questions.

Black  Box Penetration Testing

Building on both mundane and complex weaknesses found in the Vulnerability Assessment session, Cyber X-Games teams will gain confidence in the assessment by learning to confirm the vulnerabilities by exploiting them.  With multiple pivot points throughout the exercise, teams will be called upon multiple times to reuse their assessment skills developed in the first session.

Incident Detection and Reporting Challenge

Assuming the role of a medium sized organization information security team, Cyber X-Games teams will receive a report that nefarious insider activity is occurring.  Teams have been charged with detecting and reporting the activity while it occurs.  Using a generalized report format, teams will be asked questions and given the chance to submit realistic reports based on information gathered from the series of attacks which occur throughout the exercise. 

Preventative and Defense Measures

Preventative and d Defense Measures is a team-based exercise oriented on network hardening and reassessment.  With the knowledge of specific vulnerabilities in place, Cyber X-Games teams will need to defend while maintaining access to a small corporate network that was recently updated.  Available tasks include detection, hardening, logging, and vulnerability assessments.  Teams have opportunities to use the predefined tasks and find a reasonable measure of success or venture out on their own to defend the network.