West Point, N.Y. (Nov. 7, 2018) -- The cyber world isn't dark and foreboding, or an alternate reality, as in the movie, "The Matrix," but with the perpetual fights against cyberattacks, the challenge is being adaptable enough in an ever-changing environment to keep sensitive materials safe from getting into the hands of the enemy.

With cyber developing into a high priority in the future of Army and military operations, the importance of having great young minds at the forefront of the fight is a critical piece to future success.

At the U.S. Military Academy, the Cadet Competitive Cyber Team (C3T) gets into the inner workings of the cyber domain and participates in about 10 competitions a year. During Army-Air Force Week, the team hosted its first head-to-head competition with the U.S. Air Force Academy in a Capture the Flag Cyber Competition Nov. 2 in the Cyber Lab in Thayer Hall.

The competition is about developing and demonstrating skills in a competitive exercise environment that challenges cadets to conduct all aspects of cyberspace operations. Capture the Flag is a type of computer security competition that presents competitors with authentic software flaws in an increasingly difficult, challenge-based setting.

"In the competition, both teams have a vulnerable server that is running some custom programs and their task is to find bugs in those programs," Capt. Roy Ragsdale, research scientist, Army Cyber Institute, said. "Once they do, they need to patch their bugs in their system, develop exploits against those vulnerabilities to steal flags and also maintain their services availability."

A flag, which they are trying to steal, is a string of characters, such as 'ACI{hack_on_A7B554},' which demonstrate a competitor has successfully exploited a bug. This, in turn, provides an objective measure of success, so if the team gets a flag, the team's method is correct.

"The flag in this format (of competition) is just a way to prove that you have control of their system," Ragsdale, who is also an instructor in the Department of Electrical Engineering and Computer Science, said. "It's secret information that demonstrates that you were able to compromise their system and (steal) some data that would represent, in real life, any sensitive information that would be on a system."

The CTF competition between Army and Air Force involved 12 cadets on each side with each team trying to find vulnerabilities, develop patches to protect their flags (defense), develop exploits to steal flags (offense) and keep their services running (availability).

"(This competition) is a phenomenal opportunity to get exposed to new skills and be challenged in a competitive environment," Ragsdale said.

The challenge was created by five developers, including U.S. Military Academy 2014 graduate, Capt. Christian Sharpsten, who is stationed at Fort Meade, Maryland.

Sharpsten helped establish the Cadet Competitive Cyber Team in 2013 as a cadet, and said, "We led the team through its initial stages."

"It's exciting to see how it's grown from something very informal with a few cadets with faculty support, to something formalized and supported by leadership," Sharpsten said.

All challenge developers, except for the Air Force contributions, were previous members of the C3T.
Sharpsten explained that the competition was launched with an unknown quantity with the vulnerable box that the teams had to secure. He said the first steps were trying to identify which services were running, where the source code was located, and from there, doing vulnerability analysis to try to find the vulnerabilities and patch them and then exploit the other team.

"The cyber domain is all about code," Ragsdale said. "The systems that we're using and protecting, we rely on code, and the systems that we're exploiting and taking advantage of there are flaws in that code. It is about understanding the system where its expected behavior defers from its actual behavior."

Ragsdale articulated that the toughest part of the competition was getting exposed to an unfamiliar scenario and having to rapidly gain the new knowledge and integrate that with existing knowledge so that the team could make progress.

The Cadet-in-Charge of C3T, Class of 2019 Cadet Ryan Brunner, agreed with Ragsdale's assessment in dealing with the exotic, ever-changing scenario.

"Adapting to new problems (is tough)," Brunner said. "You always have an understanding of things beforehand, but no one is ever going to show you the same thing twice. So you always have to be integrating new knowledge and learning on the fly and then understanding that well enough to use it effectively. It's just knowledge integration."

Brunner described the first head-to-head competition with Air Force, although there is an all-military competition called the NSA Cyber Exercise (NCX), as a great opportunity to battle against their fellow military members and build future relationships.

"Like MacArthur says, on the fields of friendly strife, sowing the seeds, so on and so forth, it is a great opportunity to build a relationship with another academy with the cyber force in general," Brunner said. "It's more than just a team exercise, I think it's a great experience for the department and institution as well."

Brunner is only a week away from knowing what his Army branch will be, his first choice is the Cyber branch. His hope is reaching that goal, but he is enthusiastic to get in the early stages of Cyber Operations, which is a burgeoning component in the Army and military as a whole.

"I love the idea that it's a new branch, the culture is still forming," Brunner said. "As an officer, I would have a chance to get in the ground floor and shape the culture and be a positive influence on it for years to come."

He said the curriculum in the EECS department has prepared him well for his future, and although the cyber environment is ever-changing that it is not nearly as dark as the world of "The Matrix."

"It's so pervasive that you can't see it as any one thing. I like to think standing here, I have my phone in my pocket, I've got my laptop on my desk, it's so ingrained in my life and everyone's life, it's just everywhere," Brunner said. "So that makes it exciting, but also terrifying because everyone has that fear someone is looking through their webcam, and that's absolutely a real thing that happens.

"That means it's all the more important that we take care and have a good understanding of how to defend and protect the country, but also the American people from this ever present danger," he added. "I don't see it as dark or scary, it's here and here to stay."

When the six-hour competition was all said and done, the USAFA team took home the "Shell" trophy and Star for winning the competition. Not winning didn't help set the precedent that Brunner and his teammates were expecting, however, Brunner is excited about the future of the event and the hope of future Army victories.

"It would mean what we are doing here is right, the training plan we have and everything we're doing to prepare is going well," Brunner concluded about the future. "It would really motivate the team. It would motivate me, too. Even though I won't be here, it would be a great thing to look forward to."