But in last weekends National Collegiate Cyber Defense Competition in San Antonio the UW team captured the trophy now on display in the Allen Center atrium.
“When they announced third place, we said, ‘Oh, bummer, we were hoping to place third,” said faculty adviser Melody Kadenko, a program manager in the Department of Computer Science and Engineering. “And I said, ‘Well, theres always next year.”
And then came the announcement that the UW team had won the top overall prize.
The UW-CSE team was started four years ago by doctoral students Alexei Czeskis and Karl Koscher and others. It has won the regional contest every year but never prepared enough to claim a national title. Just before leaving for Texas, Czeskis joked to a Seattle Times reporter that the team was more organized this year, writing things down for the first time.
Other teams competing in nationals have budgets, uniforms and strict training programs. One school reportedly gives prospective recruits a coding task in a climate-controlled room and then gradually turns up the thermometer to see if they can, literally, take the heat. The UW team took a lighter approach. They recruited students informally. Czeskis and Koscher coached. Playing jokes during the competition was encouraged.
“A couple of times tempers flared where some members might have gotten angry, but for the most part it was very fun,” said Czeskis. “When we got something right we would sing a song, or make a noise from a YouTube video that we had all seen.”
Koscher agreed: “When things got a little heated in our team room, one of us would start singing and things would calm down.”
The competition consists of a nonstop barrage of security threats to a fictional computer network.
For example in the regional competition, held in Seattle in March, the fictional employer was VaprGamz, which had recently been bought out by Blotto Corp. The companys IT staff had decided to cash out their stock options and took off for a tropical island, leaving the network in shambles.
In this years national event, teams worked at an online pharmaceutical company called KwikeCare and KwikePills, which had abruptly fired its previous IT department. Mayhem ruled on the first day of the contest. Requests streamed in as team members tried to figure out what was going on with the system.
Scenarios evolve to include new technologies. This year, for the first time, students were also faced with securing remote machines that were not behind the companys firewall.
Like any good caper story, each team member has a specialty. Some of the UW students had better knowledge of certain types of systems, or of some attacks. One UW team member knew an arcane fact about printers that helped avert a crisis.
“The competition requires a broad set of skills,” Czeskis said. “You have to know networking, you have to know about file stuff that is specific to Windows, you have to know about attacks that have to do with network configurations on particular systems.”
Unlike other teams at the national level, the UW-CSE team had no funding or formal coaching. They finagled a practice room in Sieg Hall. One member brought old equipment from his basement to campus and the team set up a network to run tests. Kadenko agreed at the last minute to travel to San Antonio to fulfill the new requirement that each team bring a university representative.
Teams can include up to two graduate students and six undergraduates. Other team members are Baron Oldenburg and Ian Finder, juniors in computer engineering; Mark Jordan, a senior in computer engineering; and Conrad Meyer, Maria Pimenova and Cullen Walsh, seniors majoring in computer science.
Czeskis and Koscher are doing their graduate research with Yoshi Kohno, a UW assistant professor of computer science and engineering. The Security and Privacy Research Lab addresses a range of current or future security issues. Creativity is encouraged – the lab has lock and pick sets that lab members and classes have the chance to play around with.
“All the team members are superstars when it comes to computers and computer security,” Kohno commented. “Every year Alexei and Karl push the team to new heights, and it’s wonderful to see that all their hard work has culminated in a national title this year.”
Most of the team will still be at the UW next year and plan to compete again, this time as defending champions in both the national and regional contests.
The Pacific Rim Regional Cyber Defense Competition was founded in 2008 by Barbara Endicott-Popovsky, research associate professor in the iSchool and director of the UWs Center for Information Assurance and Cybersecurity, a federally designated Center of Academic Excellence that supports security-related research and teaching across campus.
The regional competition grew out of a one-day exercise Endicott-Popovsky originally held for her students. With an initial grant from Microsoft and sponsorship from several other companies, it is now a two-day regional effort that enlists a small army of volunteers, over 100 people from several regional universities and community colleges. (See a UWTV video, “Geeks Under Attack,” about the first regional contest in 2008.)
This years regional event was held at Highline Community College. Students at DeVry University set up the initial, poorly protected networks. Idaho State University students devised the tasks, or injects, that teams had to complete at the same time as they were trying to secure their systems. Security professionals, mainly from Boeing and the U.S. Navys Space and Naval Warfare Systems Command, formed the “red team” that tried to hack into the systems.
Eight teams competed in regionals this year. Afterward, former rivals at UW Tacoma allowed the CSE team to visit and practice on its Cisco networks, which the team said greatly helped prepare them for the national showdown.
Endicott-Popovsky hopes the UW-CSE teams victory will inspire more UW students to form their own teams. Interested s
tudents and faculty should contact her for more information.
“Weve carefully mirrored what happens at nationals to prepare students to compete, but were also looking at the educational component,” Endicott-Popovsky said. “Our goal is raising the bar for all the people who compete, and contributing to the cyber security literacy in this region.”