Cadets finish sixth among 32 teams at U.S. Cyber Command’s Hack the Port 22 challenge in Florida
‘I will try” works by land, air, sea and, apparently, circuits.
Team persistence and savvy sleuthing helped Norwich University place sixth among 32 college teams at Hack the Port 22, a national maritime and control systems cybersecurity conference held March 21 to March 25 in Fort Lauderdale, Florida.
The National Security Agency paid for Norwich’s team, dubbed Redacted, to travel and compete in person, said Dr. Jeremy Hansen, an associate professor of computer science.
The U.S. Cyber Command and DreamPort, a cyber innovation nonprofit, hosted Hack the Port, which ran at the Broward County Convention Center. The convention complemented its cyber challenges with government- and industry-leader lectures on cyberdefense infrastructure and priorities.
“You are all making us very proud!”Norwich University President Mark Anarumo, congratulating the Hack the Port team, dubbed Redacted
Speakers included Homeland Security Secretary Alejandro Mayorkas, National Cyber Director Chris Inglis, Cybersecurity and Infrastructure Security Agency Director Jen Easterly and U.S. Air Force Lt. Gen. Charles Moore, the U.S. Cyber Command’s deputy commander.
Hack the Port involved students from the U.S. Senior Military Colleges, National Centers of Academic Excellence and U.S. Cyber Command’s Academic Engagement Network schools competing in cyber challenges such as detecting signatureless anomalies; developing network security methodologies; and acting as cyberincident responders during a fictional electric company cyberattack.
Norwich’s team, all undergraduates, included seniors Melinda Beuchelt, Conrad Franke, Israel Lira and Aaron Poulin along with freshman Johannes Meyer.
Top-performing teams from the first two competition days advanced to a capture-the-flag-style challenge against professional industry and government cybersecurity experts.
Hansen, the Norwich adviser, said his team was “red,” or attackers, in the competition; a “blue” team played defenders. (Hansen said Norwich uses the same roles, sometimes adding a monitoring-and-recording white team, in its IA456: Cyber Defense Practicum.)
Meyer, a freshman computer security and information assurance major, earned a special Hack the Port mention for infiltrating a security camera and fending off invaders. He said analyzing the camera’s network traffic, and noticing a specific date and time request, ushered him inside.
“By modifying this request, and sending my own I was then able to launch a new instance of the telnet server on the camera, which I then connected to,” Meyer, the vice president of Norwich University’s Cyber Rangers Club, wrote in an email. “Once I connected, I figured out the password for the root account and then stayed on there for the rest of the time.”
The thrill of competition
Meyer said it was thrilling to compete against doctoral and master’s students, some with years in cybersecurity jobs.
“Being able to beat most of them and in general keep up with them showed me that I was a lot more prepared for the industry than I thought I was,” Meyer wrote.
contestants move cranes, activate water pumps, and turn on lights.
Franke, a senior computer science and information assurance major, and the Norwich Cyber Rangers president, said he enjoyed learning about the programmable logic controllers — tiny computers that can receive data through inputs and send operating instructions through outputs — involved in the Hack the Port’s challenges. In the challenges, Hansen said, these controllers let
Franke said he wasn’t at all surprised that Meyer exploited the camera’s vulnerability.
“Johannes is very advanced compared to a lot of students. His ability is absolutely phenomenal,” said Franke, who’s also a U.S. Army second lieutenant. “That he was able to get in there before anyone else, and watching live as he kicked graduate students off of that camera, that was the part that surprised us.”
Hansen reported that Norwich led all teams after first-day competition, amassing 555 points, 150 more than the second-closest team. Norwich University President Mark Anarumo hailed the performance by email.
“Really amazing work by the team. Conrad, Israel, Aaron, Melinda, and Johannes, please accept my congratulations and gratitude for representing Norwich so beautifully!” he wrote. “And THANK YOU, Dr. Hansen for providing such remarkable leadership and guidance. You are all making us very proud!”
Lynne Clark, acting chief of the National Security Agency’s Center for Education, Innovation and Outreach, said Hack the Port let students showcase skills the marketplace needs. TecCrunch has reported, citing research company Cybersecurity Ventures’ data, that 3.5 million cybersecurity jobs are unfilled in the United States.
“This competition will allow the students to perform, in real time, the critical tasks that the future cybersecurity workforce needs,” Clark said in a statement. “It is an opportunity for the students to show off their education in a real-world context.”
Easterly, the keynote speaker, suggested that Hack the Port’s skills practices are particularly timely, given that Russia has increasingly intensified cyberattacks against maritime transportation.
“Protecting the industry from cyberthreats is really becoming increasingly complex, as connected and often unsecure control systems make maritime organizations a prime target for malicious actors,” she said. “We expect these types of threat tactics to actually become increasingly prevalent over the next few years.”
Hansen said the Hack the Port experience will pay off, especially as some of Norwich’s competitors compete in the National Security Agency's Cyber Exercise, which runs Thursday through Sunday.
“Though (Norwich’s team) did well, it was one of those experiences where they learned how little they actually know,” Hansen said, describing findings from a post-competition analysis. “A common sentiment was that even given as much prep as they did, they didn’t feel prepared at all. So, now they know a little more (about) what they don’t know. They also learned that Fort Lauderdale is the correct place to be in March.”
Join the conversation on Twitter @NorwichNews #NorwichTogether #NorwichForever #NorwichServes
- Cybersecurity study on campus at Norwich University
- Master’s degree programs in cybersecurity at Norwich University
- Computer science study at Norwich University
READ MORE ON CYBERSECURITY AT NORWICH UNIVERSITY:
- Cybersecurity consortium bill passed in House, sent to Senate
- Papers deadline portends new cybersecurity research conference's debut
- Norwich University cybersecurity students mentor local high school students in computer-building exercise