March 15, 2016 by Lt. Grant Wyman, Coast Guard Academy cyber team advisor – “We will ensure the security of our cyberspace, maintain superiority over our adversaries, and safeguard our Nation’s critical maritime infrastructure.” – U.S. Coast Guard Cyber Strategy
The quote above details the Coast Guard’s vision for operating in the cyber domain. With the release of the U.S. Coast Guard Cyber Strategy, the service has seen an increase in focus on cyber-related initiatives.
This increase in focus has trickled down to all levels – including to the U.S. Coast Guard Academy, where future leaders in cyber are being developed on a daily basis.
Recently, the U.S. Coast Guard Academy established a competitive cyber team to assist in educating and training the future cyber leaders of the service. The team allows cadets to get “hands on the keyboard” and go head-to-head with some of the best cyber operators in the world.
Lt. Grant Wyman, the Coast Guard Academy’s cyber team advisor, knows that the establishment and training of the team is crucial for the Service.
“Only with a pool of officers who are able to operate in the cyber domain at an extremely technical level, and with an eye towards both defense and offense, will we be able to fully realize the strategic priorities of defending cyberspace, enabling operations and protecting infrastructure as outlined in the U.S. Coast Guard Cyber Strategy,” Wyman said.
Recently, the team traveled to Pittsburgh to participate in the CyberStakes Live competition, competing against teams from each of the U.S. service academies, as well as the Army’s Cyber Protection Brigade.
In keeping with the tradition to “cyberize” team names, Wyman said, the two Coast Guard Academy teams were objEEdump (a mashup of the linux command objdump and Objee the bear) and cyBears.
The various events tested the competitors’ abilities in advanced hacking techniques such as Linux scripting, analyzing compiled computer programs in assembly code to find bugs, craft exploits and reverse engineer functionality. The competitive atmosphere was enhanced with a live scoreboard showing each team’s points as events unfolded over a number of hours with the final standings for several events not decided until the final seconds of an hours-long struggle.
The event that was widely considered to be the capstone of the entire competition was the Live Attack/Defense capture the flag scenario, in which each team was given a single computer, called a Machine Under Duress, MUD, which ran several vulnerable network services. Each team had to quickly identify and patch the vulnerabilities in its own MUD while simultaneously crafting exploits that would allow them to break into their opponents’ MUDs. Points were updated every five minutes over the seven-hour event so teams could track how well they were defending their own MUD while attacking their opponents.
“About halfway through the event, the objEEdump team crafted a particularly effective exploit that presented an especially tough challenge for the other teams to defend against,” said Wyman. “From that point, the team steadily rose into a very strong third place finish.”
The individual events were rapid fire hacking and lock picking. All 48 participants competed in both individual events. In rapid fire hacking, four competitors at a time were lined up head-to-head and given four short computer programs that they had to analyze and exploit to uncover a hidden flag.
Competitors had to operate under pressure since there were only 20 minutes on the clock and their screens were projected so the audience could observe. Cheers and gasps from the audience followed the entry of Linux commands by the participants. Among all competitors in the rapid fire hacking event, Cadet 1st Class Caleb Stewart came in third place only behind the top scorers from Navy and Army.
The second individual event, lock picking, is a traditional event at cyber competitions considering the connotations with security, vulnerability and exploitation. Cadet 2nd Class Trey Maxam returned after winning first place at last year’s Lock Picking competition to earn a second place finish this year.
Though competing with only eight cadets compared to the twelve cadets or midshipmen participating for each of the other three academies, the Coast Guard Academy team was not intimidated.
With a tally of 20 medals, the Coast Guard Academy placed second in the medal count to the U.S. Military Academy, which earned 35 medals. Air Force earned 19 and Navy earned 18. Considering that the Coast Guard Academy has a student body a quarter the size of the other academies and does not have a computer science major, the teams were thrilled with their accomplishments.
Although there was a strong competitive spirit and inter-service rivalry throughout the event, there was also a great deal of collaboration, bonding and morale.
“It was amazing how, after each of the various events finished, the teams would naturally come together to share strategies and compare how challenges were solved,” said Wyman. “Competitors at CyberStakes, the cadets and midshipmen see themselves as peers in the rapidly evolving cyber domain where joint operation is much more likely and inter-service boundaries are much less defined. The cadets and midshipmen appreciate that they will be at the forefront of officers who have the potential for an entirely cyber career path giving them the chance to shape operations in the newest domain. They are on fire to start!”