Tuesday, April 24, 2012 

Talk: Cyber Exercises: Interactive Training for an Interactive Field
Speaker:
Justin Wray, ICF International 

Facts:
Cyber attacks are on the rise.
Cyber war fighters are in high demand, and the demand is sure to rise.
How do we train our cyber fighters? We spend a lot of $$ on training, but --
  • Training is often an afterthought.
  • Training often focuses on the theoretical.
  • Is usually dull, heavy with Powerpoint slides and light of hands on experience.
  • Non-interactive.
  • Either too narrow or too broad.

Suggestion here is that Cyber warriors train by being involved in real cyber exercises. 
After all, when a cyber attack occurs what is required is on-your-toes, 

Cyber Training Types:

  • Red vs. Blue
    This is a game modeled after actual environment
    Companies can set up the training exercises by outsourcing components.
    CCDC has a college event with 8 students per team. Lasts 2.5 days.
  • Capture the Flag Event
    Small agile teams of 6-8 members, need 4-6 teams to make the event work
    This is the closest environment to the real world. 
    For this event, best to send teams to a location so that overall participation is large.
  • King of the Hill
    Attackers fight through the defense, then have to defend.
    This is geared to defensive training
    Everyone gets experience with offense and defense
Usually companies want to use some combination of the types listed above.

An example of an event that trains Cyber Warriors (limited to inhabitants of Maryland):
Maryland Cyber Challenge and Conference
Separate ladders for professional/collegiate/high school
Phase based: 
      * First is defense competition, which whittles number of teams from 40 to 20. 
      * Second is Forensics, which reduces teams to 8. Last is offense. 

A global event is the Global Cyberlympics. ICF competes in this event. 6 members are allowed. ICF arranges the team as 2 defense experts, 2 offense people, and two floaters. This is a Capture The Flag type of competition. Tools available from teamsploit.sf.net. Justin is the leader of the ICF team, which placed 1st in North America and 2nd in International.