Towson students successfully fend off cyber attack
TU wins Mid-Atlantic Regional Cyber-Defense Competition, moves to national finals
TOWSON, Md. (March 16, 2010)—A team of Towson University students won the Mid-Atlantic Regional Cyber-Defense Competition held at the Science Applications International Corporation’s (SAIC) Conference Center in Columbia, Md. from March 11—March 13. They will advance to the National Collegiate Cyber-Defense Competition (NCCDC) finals, to be held in San Antonio from April 16–18.
The NCCDC is the world’s largest college-level cyber defense competition. It provides information technology students with opportunities to test their knowledge in an operational environment and to network with industry professionals. Fifteen teams from Maryland, Pennsylvania, New Jersey, Delaware, Virginia, West Virginia and the District of Columbia participated in the initial round of the Mid-Atlantic Regional Cyber-Defense Competition. Towson’s team was one of five that advanced to the regional’s three-day final competition.
Mike O’Leary, director of TU’s Center for Applied Information Technology and professor in the department of mathematics and the department of computer and information sciences, coaches the TU team, which includes: junior Madeline Pelkey (team captain); graduate student Brian Haar; senior Shane Lester; graduate student Felix A. Mercado; senior Brian Namovicz; senior Finn Ramsland; senior Bryan Sizemore; and
senior Jonathan Wiseman.
O’Leary says during the regional finals, each of the student teams had to operate and maintain the IT infrastructure of the fictional town of Avalon. Teams had to run and support a range of technologies including email, multiple web sites, multiple databases and a disaster management system—all while under constant attack from a "Red Team." The Red Team consisted of a mix of professional penetration testers and students of offensive network warfare who attempted to attack the students’ systems in a variety of ways, from launching network attacks to wireless attacks to surreptitiously using microphones and camera equipment aimed at the student teams.
While this was going on, students were given “business injects” requiring them to complete various tasks. As an example, the students were told a (fictional) earthquake had damaged one of their servers which had to be replaced during the competition. To win the competition, student teams needed to keep their systems up and running, keep the Red Team hackers out of their systems and simultaneously respond to all of the business injects over the course of the competition—over two full days of attacks.
This was the fifth year O’Leary took a team to the competition and the first time they’ve won. “After last year's team was bounced out of the competition short of the regional finals,” says O’Leary, “Brian Namovicz and I organized a cyber-security student club that met weekly, beginning in February 2009, to begin preparing for this year's competition. We ramped up preparation during the fall term, with student team meetings twice each week.
“Our extra preparation and hard work during the past year paid off.”