Cyber Games Prep for Real-World Threats

SAIC Powers the UK Cyber Security Challenge

On March 28, 2012, a team of SAIC cyber engineers brought their expertise and cyber-gaming software to London to stage a "battle of the bytes" in a live cyber-gaming competition for students and professionals from around the world.

Powered by SAIC's CyberNEXS™, a live cyber-gaming environment used as a platform for training and competitions around the globe, cyber warriors hone their skills to effectively defend their systems against daily attack, giving them a real-world experience.

"Whether it is exercising to reinforce instruction or an actual competition, people are working in the real environment of Windows® and UNIX® servers, routers and switches, firewalls and instruction detection systems," said Carleton "Duke" Ayers, CyberNEXS lead and a chief systems engineer for SAIC. "For many, it is a simple puzzle or game that they are solving, with action-reaction consequences."

The Final Challenge: The Tower of London

Using CyberNEXS as the underlying game engine, the UK Cyber Challenge finale took place in London at an event called "The Tower of London." This live, in person, cyber game was the culmination of a series of online penetration testing games that ended with the ultimate cyber game called Capture the Flag (CTF). CTF tests defensive, offensive, and forensic skills.

The CTF game, using a variant known as King of the Hill, is won by those who can most effectively compromise target hosts, much like a white-hat hacker would do during a security assessment of a company. They must harden (protect, as with a firewall) those systems to lock down any vulnerable means by which another competitor might break in and steal control of their target.

According to Ayers, the CTF game tests precisely what is expected in the real world. "Determine the degree to which they can be exploited, and then harden so that hackers cannot break in."

King of the Hill ratchets up the pressure on all of the participants by periodically adding in more systems. As more systems are added, this increases the size of the security problem. The four hours of exertion during the competition leaves contestants tired yet filled with excitement about a game that tests their skills.

"All of the cyber skills in which we train — cyber defense, forensics, and penetration testing — require analytical thinking, but the culmination of understanding how to defend and forensically analyze a system is complete once you successfully break in," Ayers said.

Sharpening Cyber Security Skills and Nurturing Talent

SAIC offers four cyber games powered by CyberNEXS — cyber network defense, forensics, penetration testing, and CTF — used for competitions and instruction to support workforce development within the federal government and information security skills training for diverse segments of customers. Cyber defense games are also designed to promote interests in science, technology, engineering, and math.

SAIC is one of the founders of Cyber Patriot, the Air Force Association's National High School cyber defense competition that uses CyberNEXS as its only technology for multiple rounds. SAIC also was one of the founders of the Maryland Cyber Challenge and Conference, which reaches high school and college student participants, and sponsors various cyber games around the world.

Looking Ahead to the CyberLympics

Working with the International Council of E-Commerce Consultants, SAIC is a Technical Sponsor of the CyberLympics, a series of cyber-defense, forensics, and penetration testing games powered by CyberNEXS. The CyberLympics will involve 200 six-person teams from Africa, Asia, Australia, Europe, and North and South America. The teams' skills will be tested online and in a final competition this October at the Hacker Halted Conference in Miami, Fla.

Winning Against Cyber Threats is More Than an Illusion

"As the risk of cyber threats and security breaches continue to escalate, there is a growing and immediate need for a strategic global initiative to train and educate the next generation of cyber leaders to protect the critical infrastructure of governments, healthcare, finance, and energy providers," said Charles Beard, SAIC chief information officer and general manager of the company's Cybersecurity Business Unit.