Éditoriaux Défense Sécurité Terrorisme Zones de conflits Logistique Livres de référence Liens
Terre Air Mer Gendarmerie Renseignement Infoguerre Cyber Recherche

DARPA Helps Cadets

DARPA Helps Cadets, Midshipmen Prep for Cyber Mission

By Cheryl Pellerin, American Forces Press Service.

Washington D.C. – (AFPS) – February 14, 2014 – During a winter weekend in Pittsburgh, more than 50 cadets and midshipmen from three service academies sat elbow to elbow at nine round tables in a packed room. They’d been training since November to compete in a pilot program of the Defense Advanced Research Projects Agency called the Service Academy Cyber Stakes.

Competitors at the Jan. 30-Feb. 2 event ranged from freshmen to seniors, 18 to 24 years old, from the U.S. Military Academy in West Point, N.Y., the U.S. Naval Academy in Annapolis, Md., and the U.S. Air Force Academy in Colorado Springs, Colo.

DARPA officials said the Defense Department must train 4,000 cybersecurity experts by 2017. Meeting that goal requires building a pipeline for training and education, especially for future officers who will oversee protection of the cyber domain. DARPA had two requirements for the competition: impact to the warfighter and innovation.

Leading the competition was DARPA Program Manager Dr. Daniel "Rags" Ragsdale, a retired Army colonel who served for more than a decade at West Point and whose research interests include computer network operations, cyber deception and cybersecurity education and training.

Two world-class experts helped to train the teams: David Brumley, technical director of CyLab, Carnegie Mellon University’s campuswide collaborative cybersecurity organization in Pittsburgh, and Dan Guido, CEO at Trail of Bits engineering and hacker in residence at New York University Polytechnic School of Engineering.

Brumley is a founding member of the Plaid Parliament of Pwning, a CMU cybersecurity team ranked No. 1 overall in world-competition hacking and winner of the DefCon 2013 Capture-the-Flag cybersecurity tournament.

Guido proposed and developed a centralized threat-intelligence function for the Federal Reserve System, and also for the Federal Reserve formed a team that used its expert knowledge of attacks in the wild to develop sophisticated enterprise strategies to mitigate them.

During a recent DARPA teleconference with media members, Ragsdale said the competition arose because DARPA Director Dr. Arati Prabhakar had expressed interest a year earlier in engaging more directly with the DOD service academies. “Our primary thrust, because all the service academies are going to produce junior officers upon graduation, is to help [the graduates] develop skill sets necessary to be effective cyber warriors,” the program manager explained.

An effective cyber warrior must protect and defend the system using a full-spectrum approach, Ragsdale added, and then expanded on the meaning of full spectrum. “We fundamentally believe that you have to understand at a deep technical level the approaches, methods and techniques that adversaries take in trying to subvert the security of our systems,” he said. This involves skills such as being able to reverse engineer binary, or machine-readable, files and, Ragsdale said, finding source-code-level vulnerabilities that could be exploited, and doing so with software source-level analysis and with automated tools that perform functions such as fuzzing, the informal name for automatic bug finding.

Cyber warriors also must be able to identify potentially exploitable vulnerabilities in binaries that adversaries can and often do exploit, he added. They also must understand the many ways cryptography is implemented across the infrastructure and identify the approaches adversaries may use to try to subvert crypto system security.

The competition consisted of five events leading up to a full-spectrum capture-the-flag live exercise, Ragsdale said, adding, “They were given the same infrastructure to defend while simultaneously attacking their adversaries.”

In one of the five events, he said, the competitors were given a large-scale collection of Linux binaries and challenged to find vulnerabilities across the distribution. Raggsdale said an amazing outcome was that the first-place team identified more than 100 new bugs. Between them, the second- and third-place teams found 83 more new bugs. “The bugs are not necessarily exploitable vulnerabilities,” Ragsdale said, “but they do indicate a bug that needs to be addressed by the open-source community.”

Other events among the five included a race to identify and create an exploitable vulnerability in a binary file, a cracking-crypto challenge, a reverse-engineering challenge and a lock-picking challenge -- a traditional event at cyber gatherings.

As for the winners, Ragsdale said, “it was kind of Olympics-style, where over the course of the six events, gold and silver medals were awarded to 18 different individuals in teams over the weekend, and we felt that absolutely met our purposes.”

About the candidates themselves, he said, “they outperformed our expectations.”

Ragsdale added, “I felt like I had a pretty good working understanding of the knowledge they would bring to bear by virtue of the fact that a little over two years ago I was in that environment. … So I had a good idea what was going on at West Point.”

He’d also visited the Air Force and Naval academies while he was still in uniform and after he’d joined DARPA in 2011, “so on the whole,” Ragsdale said, “I felt like going in we had a decent understanding” of student capabilities. But still, there were surprises, he said.

The cadets and midshipmen were competitive and motivated to win, the program manager said, “but because they were in such close proximity, one of the amazing things was that the event turned into a team-building exercise across this community of future cyber warriors.”

The competitors were operating elbow to elbow in the competitive events, he added, “and there was a lot of sharing of information and friendships that developed, and I think all of them at least in part acknowledged that … in a very short period of time they were going to find themselves in cyber units operating side by side.”

Ragsdale said he expected to see only juniors and seniors on the teams, but freshmen and sophomores also joined the competition. And some students lacked lower-level skills that might have helped them prepare for the competition.

The service academies wouldn’t necessarily have lots of courses appropriate to computer science majors, he said, “but there were a few instances where we were a little surprised, like the ability to do shell scripting, for example.” “It’s kind of a block-and-tackle kind of technique that some of the cadets and midshipmen didn’t have and didn’t have to have,” he said. “But I’m certain the teams they send next year will have much more well-refined skills, because now they know.”

What’s next for the competition depends on several things, Ragsdale said. “The director approved this as a one-year pilot and, as with any pilot, a variety of things could result,” he added.

Ragsdale said his team is likely to recommend to Prabhakar some continuation of DARPA’s involvement, but that will have to compete with DARPA’s other priorities. The team also intends to reach out to Army and DOD units and other organizations to investigate sponsorships for future competitions.

At the academies themselves, Ragsdale said, all three schools now have competitive cyber teams and all are beginning to put stronger academic focus on cyber majors or cyber topics in various majors. “We’re certainly not the first [developer of] cyber exercises. I was involved in developing a cyber defense exercise way back in the 2000 timeframe that is a defensively oriented, winner-take-all exercise among the service academies that continues to this day,” Ragsdale said.

“We wanted to bring in a different approach involving looking at it from a more full-spectrum capability,” he added, “so what eventually developed is a series of training opportunities onsite and online … culminating in a very amazing and very uplifting competitive exercise.”

(Follow Cheryl Pellerin on Twitter @PellerinAFPS) : Contact Author

Related Sites:
Special Report: The Cyber Domain: Security and Operations
Defense Advanced Research Projects Agency

Related Articles:
Rogers Tabbed as Next Cyber Command Chief
Cyber Command Adapts to Understand Cyber Battlespace


Derniers articles

Verdun 2016 : La légende de la « tranchée des baïonnettes »
Eyes in the Dark: Navy Dive Helmet Display Emerges as Game-Changer
OIR Official: Captured Info Describes ISIL Operations in Manbij
Cyber, Space, Middle East Join Nuclear Triad Topics at Deterrence Meeting
Carter Opens Second DoD Innovation Hub in Boston
Triomphe de St-Cyr : le Vietnam sur les rangs
Dwight D. Eisenhower Conducts First OIR Missions from Arabian Gulf
L’amiral Prazuck prend la manœuvre de la Marine
Airmen Practice Rescuing Downed Pilots in Pacific Thunder 16-2
On ne lutte pas contre les moustiques avec une Kalachnikov...
Enemy Mine: Underwater Drones Hunt Buried Targets, Save Lives
Daesh Publications Are Translated Into Eleven Languages
Opération Chammal : 10 000 heures de vol en opération pour les Mirage 2000 basés en Jordanie
Le Drian : Daech : une réponse à plusieurs niveaux
Carter: Defense Ministers Agree on Next Steps in Counter-ISIL Fight
Carter Convenes Counter-ISIL Coalition Meeting at Andrews
Carter Welcomes France’s Increased Counter-ISIL Support
100-Plus Aircraft Fly in for Exercise Red Flag 16-3
Growlers Soar With B-1s Around Ellsworth AFB
A-10s Deploy to Slovakia for Cross-Border Training
We Don’t Fight Against Mosquitoes With a Kalashnikov
Bug-Hunting Computers to Compete in DARPA Cyber Grand Challenge
Chiefs of US and Chinese Navies Agree on Need for Cooperation
DoD Cyber Strategy Defines How Officials Discern Cyber Incidents from Armed Attacks
Vice Adm. Tighe Takes Charge of Information Warfare, Naval Intelligence
Truman Strike Group Completes Eight-Month Deployment
KC-46 Completes Milestone by Refueling Fighter Jet, Cargo Plane
Air Dominance and the Critical Role of Fifth Generation Fighters
Une nation est une âme
The Challenges of Ungoverned Spaces
Carter Salutes Iraqi Forces, Announces 560 U.S. Troops to Deploy to Iraq
Obama: U.S. Commitment to European Security is Unwavering in Pivotal Time for NATO
International Court to Decide Sovereignty Issue in South China Sea
La SPA 75 est centenaire !
U.S. to Deploy THAAD Missile Battery to South Korea
Maintien en condition des matériels : reprendre l’initiative
La veste « léopard », premier uniforme militaire de camouflage
Océan Indien 2016 : Opérations & Coopération
Truman Transits Strait of Gibraltar
Navy Unveils National Museum of the American Sailor
New Navy, Old Tar
Marcel Dassault parrain de la nouvelle promotion d’officiers de l’École de l’Air
RIMPAC 2016 : Ravitaillement à la mer pour le Prairial avant l’arrivée à Hawaii
Bataille de la Somme, l’oubliée
U.S., Iceland Sign Security Cooperation Agreement
Cléopatra : la frégate Jean Bart entre dans l’histoire du BPC Gamal Abdel Nasser
Surveiller l’espace maritime français aussi par satellite
America's Navy-Marine Corps Team Fuse for RIMPAC 2016
Stratégie France : Plaidoyer pour une véritable coopération franco-allemande
La lumière du Droit rayonne au bout du chemin

Directeur de la publication : Joël-François Dumont
Comité de rédaction : Jacques de Lestapis, Hugues Dumont, François de Vries (Bruxelles), Hans-Ulrich Helfer (Suisse), Michael Hellerforth (Allemagne).
Comité militaire : VAE Guy Labouérie (†), GAA François Mermet (2S), CF Patrice Théry (Asie).