Monday, December 21, 2009

Cyber Challenge tests nation's top hackers


With the coolness of a card shark at the final table of the World Series of Poker, Matt Bergin pulls the hood of his brown sweatshirt over his head and concentrates on the task at hand.

The task: hacking into as many target computers as he can and then defending those computers from attacks by other skilled hackers.

Other skilled hackers like Michael Coppola, 17, a high school senior who, at this very moment, is hunched over a keyboard in his Connecticut home.

Or like Chris Benedict, 21, from the tiny town of Nauvoo, Illinois. Chris is sitting silently nearby, one of 15 "All Star" hackers who have taken over this spacious hotel conference room.

At days end, the moderator of this unusual computer challenge declares the best of the best: Benedict is the winner, king of the hacker hill, followed by Bergin and Coppola.

The trio -- a job seeker, a grape distributor for a vineyard and a student -- are precisely the type of people whom organizers of this event hoped to attract: young techies with perhaps little formal computer education who, nonetheless, could contribute to the defense of the nation's cybernetworks.

In many cases, organizers of the U.S. Cyber Challenge say, hackers' skills go unrecognized or unappreciated by those around them and sometimes even by themselves.

"I thought that I would get demolished," Benedict said. "I didn't think I would get anything at all."
Organizers say the competition is aimed at identifying young people with exceptional computer skills and inspiring them to join the country's woefully understaffed ranks of cybersecurity specialists needed to protect systems used by the military, industry and everyday people.

Hackers may see the U.S. Cyber Challenge as a game. But Alan Paller, director of research at the SANS Institute, an information security training institute, says it is really a national talent search.

And one that gives hackers an outlet not usually open to them.

"This is to capture kids that can be very good at this, whose only real option is to do illegal things with it because there's no place to do it in school; there's no place to do it legally," Paller said. "This creates an environment where they can show their skills and advance their skills and do it in the nation's interest rather than for other purposes."

A high-stakes game

Former Director of National Intelligence Mike McConnell says the United States "will suffer a major catastrophic event" in the cyber arena if it doesn't boost its ability to protect its computer infrastructure.

A terrorist or extremist group could attack the financial system in New York, destroying data to cause the loss of confidence in banking transactions, McConnell said. They could follow up with an attack on the power grid during a snowstorm. They could cause trains to collide and could release contaminants in the New York subway.

"I believe that [scenario] would have, in order of magnitude, greater economic impact on the globe and the United States than the tragedy of 9/11. All through a cyber attack," McConnell said.

But "if we have the talent ... and we have the organization structure to address this issue, it can be stopped, it can be prevented," he said.

The nation has called upon the technical abilities of young people in the past, McConnell and Paller both note. During the Apollo 17 mission, for example, the average age in Mission Control was 26.

"The cyber vulnerabilities of the nation are of such a magnitude that we need a similar effort today," McConnell said.
Now, other countries are taking the lead on boosting the technical expertise of their citizens.

"In far east China, they've put a concerted effort into finding the best talent and developing the best talent," McConnell said.
The goal of the U.S. Cyber Challenge is to find and develop 10,000 cybersecurity specialists to help the U.S. regain the lead in cyberspace. But McConnell feels that even more is needed. He suggests legislation to create a National Security Act for cybereducation.

Let the contest begin

Like computers themselves, the Cyber Challenge is simple on the outside and complicated on the inside. The first round of the game began in June, and winners of the earlier games were brought to Washington to compete in NetWars.
In its simplest form, NetWars is an online version of Capture the Flag, with competitors vying to penetrate and take control of target computer systems and then protect them from other intruders.

The game begins when a player downloads an image and must find a hidden key within the image. They use that key to enter an online environment and use their knowledge of security vulnerabilities to exploit its system, leaving their name or "handle" in various areas.

A moderator threw a series of computer hurdles and roadblocks to further challenge the hackers and test their knowledge about computer vulnerabilities.

NetWars differs from other Capture the Flag competitions in that it also rewards hackers for defending computers, said Josh Gimer, 22, a graduate student at Colorado Tech. He likens it more to King of the Hill.

"In the beginning days, we were kind of nice to each other," he said. "These later rounds have been more cutthroat.
"But these people know how the attacks work. They know how to defend against them. So it's definitely more difficult than, say, a real-world scenario," Gimer said.

And therein lies the premise and the promise of the U.S. Cyber Challenge, supporters say. "Who best to stop that kind of attack?" McConnell asked.

He calls the Cyber Challenge a good news/bad news story.

"The good news is that [the participants] have that inherent skill. ... I've met many youngsters who are really, really gifted with computers," he said. "The bad news is that we're not developing that talent to the Ph.D. level in things like computer science or electrical engineering, the things that are the foundation of this wonderful technology."

Contest sponsors say they do not fear that they are teaching skills that hackers can abuse.

"They already know how to do that," Paller said. "Our job is to catch them and give them a chance to work for the nation and for the good companies. That's the job of NetWars, to find the very best of them and get them great jobs so that they don't have to use their skills in ways that are unpleasant to the rest of us."

"I think we've done a great job on writing reports about security. Now it's time to get the kids who can actually do it and give them a chance to protect us," he said.

No comments:

Post a Comment