All-Army CyberStakes is more than just Army

By CourtesyMay 6, 2020

By Maj. Lisa Beum

Army Cyber Institute

The Army Cyber Institute at West Point hosted its fourth and largest All-Army CyberStakes from April 24-May 3. All-Army CyberStakes is a 10-day “Capture-the-Flag” style competition that tests individual cybersecurity skills and is open to all civilian and military U.S. government employees, as well as cadets and midshipmen from all service academies and ROTC.

“Despite the many challenges of the current COVID-19 environment, we realized that we could still execute a high-quality online training event that would allow members of the cyber force to train and refine their skills remotely,” said Col. Jeffrey Erickson, Army Cyber Institute’s chief of staff. “We believe this model will continue to have immense value in the future.”

CyberStakes doubled its number of participants from the previous iteration to 2,049 and almost quadrupled the number of solves: 38,663.

Although the competition lasts 10 days in total, participants did not need to dedicate a majority of their time to participate in the competition. It is intended to be accessible to everyone from those with a few minutes a day to cybersecurity professionals who want to measure their skills against others in the community.

“All-Army CyberStakes continues to grow each year with competitors, challenges and quality of training, and we were fortunate this year to expand CyberStakes internationally with participation from the United Kingdom’s Ministry of Defence,” Erickson said. “The whole purpose of CyberStakes is to challenge and recognize the best in our force, and to provide high quality, deeply technical individual training for all skill levels.”

While CyberStakes is a competition, it is also an excellent training opportunity for cyber units and personnel to get hands-on experience solving challenges that directly address core concepts in the field from forensics and exploitation to understanding the underlying vulnerabilities in software.

The length of the competition is deliberately longer than other competitions so that it incorporates two weekends and is readily available to the total Army including the reserve and guard components.

Additionally, the challenges are designed to span the range of skillsets allowing personnel who are not technical experts to participate and learn something new. This year, AACS supported over 115 units, which was five times as many as previous years.

Maj. Roy Ragsdale, research scientist at ACI and an instructor within the Electrical Engineering and Computer Science Department, is the technical director for All-Army CyberStakes 4. His research investigates the use of Capture-the-Flag competitions for training and assessment purposes. Outside of the classroom he has served as the officer-in-charge of the Cadet Competitive Cyber Team (C3T), West Point’s hacking team.

“The most significant change this year was a focus on crafting the challenge progression to be more accessible to beginners,” said Ragsdale. “This year Capt. John Rollinson, the lead ACI challenge developer, crafted a phenomenal series of 22 introductory challenge which resulted in more competitors solving more challenges than ever before.”

Ragsdale continued to say that the training value goes far beyond the rote replication of a typical training course and provides competitors with the ability to deal with technical uncertainty. In order to be successful, they must leverage their existing skills, rapidly learn new concepts and actually put them into practice.

“I’m on the Cadet Competitive Cyber Team (C3T) at school and have developed a love for cyber security and the many competitions that come with it,” said Class of 2020 Cadet Aidan McCarthy, a computer science major who placed in the top five in the cadet category. “I saw it as a good way to sum up my time at school and a way to see how I stack up against the rest of the Army.” McCarthy branched cyber and hopes to apply what he learned in CyberStakes throughout his career.

“Almost every challenge I worked on introduced a new concept I had not explored before or interacted with a service in a new way. Sometimes it can feel like there is way too much to learn, but that’s what I love about CTFs and CyberStakes in particular,” said McCarthy.

An interesting aspect about CyberStakes is the ability for participants to do write-ups after solving a challenge, which permits others who may not have solved a challenge yet to see how to approach the problem.

“Explaining your thought process to someone else helps you understand it better, and gives you notes to reference the next time you encounter a similar problem,” McCarthy said.

Out of the 2,049 participants, one hacked his way to the top of All-Army CyberStakes. This year’s winner was 1st Lt. Brian Welch, a mission commander and cyberspace capability developer from the 780th Military Intelligence Brigade.

Welch had participated in past CyberStakes competitions and said he was drawn back to compete again by the high quality of the challenges and the friendly competition among other members in his unit. Although CyberStakes was mentally strenuous for him, Welch recognized the value of the competition and how it could help identify those Soldiers with abilities and talents needed within the cyber community.

“CyberStakes is the single greatest technical training event available to the DOD cyber community. Capture-the-Flags, in general, are also a great culminating event for any kind of long pipeline training and give participants an opportunity to compete and showcase their technical skillset,” Welch said.

People participating in events like CyberStakes tend to band together, a characteristic that Welch appreciates, especially for those who may find CyberStakes daunting.

“The community surrounding the event, to include the ACI staff and competition participants, are extremely friendly and want you to succeed. You will learn a ton by playing,” he said.