By Devon L. Suits, Army News ServiceDecember 19, 2019
WASHINGTON -- Loud music blared throughout the crowded hall of the Washington Hilton as cyber professionals from the military, industry and academia launched into the final day of the NetWars Tournament of Champions, Monday.
NetWars is a suite of interactive learning scenarios designed to provide training and assess the cyber proficiencies of personnel, according to the SANS Institute, the organization responsible for the competition. Individual and team competitors that won other NetWars event over the past two years were invited to the final tournament in Washington, D.C.
"We have organized the NetWars Tournament of Champions for about six years now," said Ed Skoudis, the creator of NetWars. "The idea was to bring together the 'best of the best,' and have them compete in a fun … but competitive [environment.] This year is our biggest Tournament of Champions ever," he said.
The Army was represented well during this year's NetWars competition, said Matthew O'Rouke, an intelligence specialist with the 782nd Military Intelligence Battalion (Cyber) at Fort Gordon, Georgia.
As the team captain of "Nation_State_Alchemy," O'Rouke was joined by Sgt. Andrew Beat, a cyber-operations specialist assigned to the 782nd MI Bn., and Carl Peterson, Chris Maloney, and Neil Klissus, Department of Defense civilians within the U.S. Cyber Command community.
During the competition, O'Rouke and his team huddled over their laptops as they launched a series of attacks or bolstered their defenses during the "castle versus castle," part of the competition, also known as "level five." Teams had three hours to increase their scores from the previous day of competition.
The day prior, Nation_State_Alchemy quickly sailed thought the first four levels of the competition to be amongst the first to reach level five. The initial stages included a series of cyber-related exercises that increased in difficulty and corresponded with a fictional-based scenario, O'Rouke said.
At level five, participants set up and managed their "castle" -- a virtual server -- during a capture-the-flag-type competition, O'Rouke said. In each castle, teams managed four Linux- and four Windows-based services, which included a "digital-text string," known as their flag.
After they set up their castle, teams could then attack another team's services and take down an enemy's flag, put up their flag, or even take down a team's services altogether.
"Ideally you want to automate as much as possible and get your services set up and automatically defended," Peterson said. "Then you want to get your attacks set up and get them firing automatically against another team's systems."
NetWars scoring servers periodically check the status of each castle. Teams are awarded points based on their uptime or the number of flags the team has across the online play space.
Ultimately, Beat said, NetWars turns into this giant "cyber-knife fight." Teams try to maintain a 100% uptime by defending their castle, as they branch off to try and take over another team's services.
"There is certainly a potential upside to aggressive play; however, defense is easier to maintain," Peterson said.
In this competition, understanding how a team exploited a system can provide an ample opportunity to build a proper defense, O'Rouke added. Further, a team can leverage a known weakness to breach another team's system.
"Attribution is a challenge, just like in the operational environment," Peterson said. "Based on the types of attacks we are seeing and the data they leave behind --- their flag -- we can start to associate each of these attacks with different threat actors."
Through it all, NetWars provided teams an opportunity to practice their techniques, tactics, and procedures in an open-source competition against a real and thinking adversary, Beat said.
"Ten years ago, we started NetWars -- and no offense, the U.S. military personnel just did OK," Skoudis said. "This is U.S. military, and we face some significant adversaries -- OK is just not good enough.
"Now, whenever we run a NetWars event, whether it's the Tournament of Champions or anything else, the U.S. military is well represented among the winners," he added. "I do think that shows the investment in those skills is paying off, and cyberspace is a dangerous place, and we need our military forces to be ready to defend the country."
In total, around 500 people participated in this year's tournament, in varying levels of competition. Nation_State_Alchemy placed third in the event and is planning to apply the lessons learned in future contests. A second joint-Army team, Whiskey_Business, placed fourth in the tournament.
"One big takeaway: no matter how hard you defend, the attackers will go after the weakest link," Peterson said. "The teams we were up against didn't focus on us. They focused on the less prepared teams in the play space."
As Nation_State_Alchemy and Whiskey_Business competed in the Tournament of Champions division, the team "Crabby_Patties," led by Capt. Michael Milbank, represented the overall Army in the 2019 NetWars Services Cup competition.
Milbank joined other members of the U.S. Army Cyber Command's Cyber Protection Brigade out of either Fort Gordon or Fort Meade, Maryland, including Capt. Braxton Musgrove, Chief Warrant Officers 2 Michael Edie and Michael Shue, Warrant Officer Christopher Watson, and Staff Sgt. Buffye Battle.
"Being placed in a contested environment with actual adversaries offers us a chance to test new strategies, enhance our tactics, and rehearse our procedures so that we are more effective and adaptive in real-world scenarios," Milbank said. "Our team is incredibly thankful to SANS for putting together this competition and thankful to the Army for providing the training and opportunity to allow us to be successful."
Teams representing the Navy, Air Force, the Marine Corps, Coast Guard and National Guard also participated in this year's competition. The Air Force was the overall winner, followed by the Coast Guard and Navy, respectively.
"The [services] are always competing with each other for fun, so we decided to have a commander's cup for cyber," said Daryl Gilbertson, SANS Director Federal Sales "The cup travels with the winning team … and it gives the [cyber team] some notoriety. Their names are actually engraved on it … it's a big deal."
Cadets from the Army Cyber Institute at West Point, New York, also participated in this year's Tournament of Champions. Joining the cadets was their instructor, Capt. Daniel Hawthore, an assistant professor and deputy at the Cyber Research Center, who placed third overall as a first-time solo player.
West Point qualified for this year's event by beating the other academies during a SANS training event and tournament last spring, Hawthorne said. The team pressed hard and broke into level four before the close of the competition.
"Anybody who sat in one of my classes will tell you I'm very passionate about the field," Hawthorne said. "I'm watching these cadets take off. They're going to go further than I have."