The 2019 Inter-Services Cyber Network Defence Challenge (ISCNDC) pitted four teams – Royal Navy, Army, Royal Air Force and Civil Service, – against each other to compete for the coveted ISCNDC Challenge Champion award at QA’s Cyber Lab in London.
When these representatives from the MOD met to take part in the challenge, it was not only their cyber security technical skills that got put through their paces.
The need for precise communications, rapid decision making and above all, teamwork was paramount for the winners to be crowned the Cyber Defender Capture The Flag Champions (CTF).
The Challenge
The Cyber Defence Inter-Services event has been designed to test and develop those responsible for detecting and defending against advanced cyber attacks.
QA’s state-of-the-art Cyber Lab enables the teams to learn in a way that no other training does. Through collaboration, competition and simulation, those that attend experience real time cyber-attacks in a safe, controlled environment.
The delegates worked together in teams using the complementary skills to compete against the clock in CTF scenarios; where they were awarded flags for completing technical tasks.
The challenges in each round varied widely in difficulty but with constant guidance from QA’s expert Cyber instructors, the teams were supported throughout the experience to ensure their learning was maximised.
Four days of Cyber Security challenges
Run over four days, the teams experienced a series of carefully constructed challenges. Each task required talented individuals working in isolation or as part of a team. They had to step up and demonstrate their cyber defence skills, in QA’s unique state of the art cyber lab; a fully immersive learning experience to win the coveted Inter-Services CTF!
Day 1
The first day began with the Cyber War Game by QA’s partner, Cyber-Fish.
The participants first undertook the Cyber Attitudes Assessment (CAA), a trait based screening diagnostics tool that reduces human risk at organisations by analysing personality traits that can potentially expose individuals to cyber security risk. The goal of the diagnostics tests is to enable organisations to fortify the human, membrane, of their cyber security defences in a targeted way. This was followed by a two-part wargame. The first stage focused on a Cyber Attack Simulation which saw the participants working in teams to deal with a simulated cyber attack. A gamified incident that enfolds gradually, putting participants under pressure and prompting them to work together to deal with the scenario. The fictional scenario and injects were specifically designed to demonstrate the technical backgrounds and TTP’s of typical attackers in the sector.
In the second part of the wargame, the participants were observed by facilitators while they adopted new approaches to their teamwork based on how they could adopt new behaviours into their team work based on the insight and assessment reports provided. Each participant was challenged based on their relative strengths and development areas highlighted in the CAA.
"This was an amazing opportunity to represent my team and understand my own skills, leadership and personal capability for Cyber…"
Day 2
The second day focused on threat hunting and was designed to test the various cyber disciplines of CTF participants as part of a time-bound event.
The tiered threat hunting challenges test even the most experienced Cyber Defenders through a variety of challenges incorporating web application security, network security, cryptography, reverse engineering and malware. QA’s advanced labs offer a complex labyrinth of different end-to-end and standalone systems to manoeuvre.
Day 3
Day three saw participants introduced to QA’s ‘King of the Hill’ session. A highly technical experiential learning experience, the session focused on developing ‘hands-on’ cyber defenders through exposure to a wide spectrum of attacks while also training team leaders how to manage and coordinate their teams.
The session required the defenders to dynamically assign resources based on the changing nature of the attack and provide periodic high level reports to senior management. Protecting their assets against attackers, the participants were monitored by a central platform that keeps track of which machines have been compromised, allocating points every five seconds. The more machines that the participants managed to maintain control over, the faster the points accumulated.
Day 4
The final day culminated with the participants being subjected to an intensive series of real-time Simulated Defence Challenges Working in teams, the participants were given a compromised network of machines.
Each team needed to correctly analyse and identify any vulnerabilities exploited by an attacker as well as any malware or other types of back doors installed. They were then required to implement patches and firewall (IDS/IPS), utilising defensive monitoring to detect any future attacks. Points were earned by the teams correctly identifying and managing vulnerabilities during their analysis, as well as maintaining the security and up time of their servers. ‘Money’ was lost for down time caused by an attack.