Overview
Michigan CCDN Qualifiers and Assessments are invitational events. Each invitational provides both a competitive component and a team assessment of skill, knowledge, performance and interaction. Each qualifier and assessments is designed to test each student team’s ability to secure and maintain standard business functionality of a computer network while under cyber attack. The qualifier and assessments are designed to test each student team’s ability to secure a networked computer system while maintaining standard business functionality. The scenario involves team members simulating a group of employees from an IT service company that will initiate administration of an existing IT infrastructure. Each student team is expected to manage the computer network, keep it operational, prevent unauthorized access, and accurately identify compromises and compromise attempts. Each team will be expected to maintain and provide public services, including but not limited to: a web site, a secure web site, an email server, a database server, and a workstation used by simulated sales, marketing, and research staff as per provided company policy and mission. Each team will start the qualifier and assessment with a set of identically configured systems.
Qualifier and Assessment Goals
- To promote fair and equitable standards for cyber defense and technology based qualifiers and competitions that can be recognized by industry
- To evaluate the defensive and responsive skills of each team under identical hardware, software application, and operating system configurations
- To demonstrate the effectiveness of each participating institution’s academic security program
- To be executed by industry professionals
- To have industry recognition, participation and acceptance of each qualifier and assessment
- To provide a cooperative and competitive atmosphere among industry partners and academia in the area of cyber defense education
- To provide recognition for participating teams
- To increase public awareness of academic and industry efforts in the area of cyber defense education
Team Identifications
Systems
- Each team will start the event with identically configured systems.
- Teams may not add or remove any computer, printer, or networking device from the designated Blue Team area.
- Teams will be provided the overall system architecture, network configuration, and initial set-up on the morning of the event.
- Blue Teams should not assume any participating qualifying system is properly functioning or secure.
- Throughout the qualifier and assessment, Green Team and White Team members will occasionally need access to a team’s systems for scoring, troubleshooting, etc. Blue Teams must allow Green Team and White Team member access when requested and validated. Teams may use discretion for admitting non-recognized or validated individuals.
- Network traffic generators may be used throughout the event to generate traffic on each team’s network. Traffic generators may generate typical user traffic as well as suspicious or potentially malicious traffic from random source IP addresses throughout the event.
- Teams must maintain specific services on the “public” IP addresses assigned to their team – for example if a team’s web service is provided to the “world” on 10.10.10.2, the web service must remain available at that IP address throughout the event. A list will be provided. Moving services from one public IP to another is not permitted unless directed to do so by an inject request. Likewise, teams are not permitted to change the internal addressing or VLAN scheme of the qualifier network unless directed to do so by an inject request.
- Teams are not permitted to alter the system names or IP address of their assigned systems unless directed by an inject; this may affect the results of the scoring mechanism.
- In the event of system lock or failure, Blue teams will be able to perform a complete operating system restoration. The number of system restorations must be identified and reported to the event administration. Impact. Teams should also consider that system restoration will take time.
- Systems designated as user workstations within the qualifier network are to be treated as user workstations and may not be re-tasked for any other purpose by teams.
- Teams may not modify the hardware configurations of workstations used to access the qualifier network.
- Servers and networking equipment may be re-tasked or reconfigured as needed.
Qualifier and Assessment Rules: Acknowledgement & Agreement
- Be supported and attended by a full time faculty member of their institution.
- Agree to follow all the written, verbal or otherwise stated rules.
- Not participate in hack back, system compromise or vulnerability assessment activities of any network outside of the student network for their respective team unless specifically instructed to do so in writing by the competition director or chief judge.
- Participating students must be a minimum of 1/2 time at their respective institution and not employed in an IT or IT Security related function.