The 2009 IT-Olympics hosted the World's Largest Cyber Defense Competition with 36 teams showing up to play. That is the largest Cyber Defense Competition ever held in any division -- high school, community college or university!
The cyber defense competition is a capstone event for those high school students who have chosen to learn and experiment with information assurance and cyber defense. Each school's IT Club can field one team of three to ten students to compete. Additional teams per school can be admitted with the permission of the IT-Olympics Director.
The event allows students to practice what they have learned from their experimentation in their own cyber security labs. Approximately one month prior to the cyber defense competiton each team is given a network specification document that describes in detail the corporate environment and network services that are expected to be configured on the equipment in the ISEAGE facility. They are also given remote access to computers on which to setup services such as email, web, ftp, remote programming and domain name service. The teams may also be required to setup and/or provide support for an end user machine such as Windows XP or Windows Vista and potentially be asked to configure wireless access. They may also install any open source firewall software to help protect their network.
An example scenario from 2011 IT-Olympics and rules have been provided for those who have never competed in a cyber defense. Please do not expect the 2013 scenarios to be the same. This is provided as an example only.
As with each venue in the IT-Olympics, cyber defense has three components that the teams will be judged on: community service; the primary competition; the real-time competition. The venue document which describes scoring, as well as the scenario and rules, are available each January for the following April event.
As stated in the venue document, each team must complete a multimedia presentation that is judged during the IT-Olympics which demonstrates their community service project completed prior the the IT-Olympics. The points earned on the community service project contribute to the overall cyber defense competition scores.
Student teams are allowed physical access to their equipment 10 a.m. on the first day of the competition at which time they may finish any configuration necessary.
Penetration testing of the network performed by graduate students and IT professionals begins the second morning.
Additionally teams are required to constantly change and enhance their corporate networks to simulate a true network environment in which additional services and requirements are a reality. This is the real-time portion of the competition.
The teams that play in the cyber defense competition are:
Blue Team - Each team, consisting of three to ten high school students, has to set up a network running certain services and defend this network for an extended period of time against the red team. Over the competition duration, the team members will also be asked to participate in the anomalies introduced by the green team. By successfully completing each of the tasks they better their overall score for the competition.
Red Team - The red ream consists of industry leaders and graduate students in the area of information assurance. It is the job of the red team to evaluate the security of each team’s network and try to penetrate their networks using any means possible. At the end of the competition, the red team conducts a debriefing with the blue teams to let them know what the teams did particularly well or what they need to work on for future competitions.
Green Team - Students and professionals who volunteer their time to test the useability of systems and to make requests for changes. The changes range in simplicity from being as easy as changing a password to as hard as hosting a file on a secured ftp server. They also can include power outages, fire drills, hardware failures, software upgrades or any number of events that happen in a corporate environment.
White Team - The white team consists of faculty members and industry professionals who act as judges in the competition. They enforce the rules of the competition, as well as track the scoring of the event. They also have the honor of announcing the placings during the awards ceremony.