Months of preparation paid off for a group of students in the Department of Computer Science at California State University, Dominguez Hills, who began their Spring Break as the third place winners in the 2012 Western Regional Collegiate Cyber Defense Competition.
“When they called us up to present our team with the third place medals, I don’t think anyone on the team expected it,” said senior computer technology major John Harwell, who served as team captain. “This was a very tough competition… . So needless to say, we were extremely happy with the results. It more than made up for all the effort that everyone on the team put forth.”
Host by Cal Poly Pomona from March 23 to 25, the Western Regional Collegiate Cyber Defense Competition brought together teams from Cal Poly Pomona; CSU Dominguez Hills; University of California, Santa Cruz; CSU San Bernardino; DeVry University; Westwood University; University of Advancing Technology; Mt. San Antonio College; Chaffey College; and San Bernardino Valley College to test their skills at protecting a computer network against attack. It is part of a larger national competition intended to provide a platform where college students can experience how what they learn in the classroom translates into the real world.
Placed in small work stations equipped with identical computer network setups, the teams spent long hours over the two-and-a-half day competition – 8 a.m. to midnight Friday and Saturday, and until noon on Sunday – working toward a common objective: to be the best team to protect their system from harm.
“Each one of us is going to be focused on a particular task when we get in there,” said senior computer science major Thomas Wade leading up to the competition, “We have to really know these systems inside and out, because the team that’s attacking us know them even better than probably all of us combined. So we have to anticipate every move they could possibly make. This is going to be one heck of a trial.”
They were given one hour to evaluate their set-up and do some initial preparations, after which a team of professionals who currently work in the cyber security field would begin their attempts to infiltrate, or hack, their systems. The teams were then scored based on how well they detected and protected their system from the hackers, managed the operational needs of the system, such as mail or web access for “employees,” as well as responded to typical interruptions they might experience in the real world, such as last-minute reports and meetings.
On the Wednesday before the competition, nearly all of the primary team members gathered for one final meeting, where they gave a presentation to computer science department chair Mohsen Beheshti and computer science lecturer Mehradad Sharbaf, who was their faculty coach. They presented their game plan for the first 60 minutes of the competition, which included verifying sites and downloading tools, setting up firewalls and rearranging the setup, among other things.
“That should at least set up some perimeter, some kind of buffer zone, where we’re forcing them down a path we determine, and not some back door they can get in,” explained senior computer technology major Tim Krugh, who served as the team’s network manager.
The CSU Dominguez Hills team included the primary team of Harwell, Krugh, Wade, Felipe Baes (senior, computer technology), Diego Conti (junior, computer technology), Emi Morioka (graduate, computer science), and Christian Mergliano (senior, computer technology). Alternates included Danny Mercer (junior, computer science), Vannath Vanna (senior, computer technology), Danny Garay (junior, computer technology), Kenneth Rapplee (sophomore, computer science), Albert Alarcon (junior, computer science).
The team had been meeting on a regular basis since last semester in preparation for the competition. Setting up a network of computers, all running different operating systems – from Linux to Windows – into a configuration they likely would encounter in the competition, for months they strategized and practiced various scenarios of how networks are compromised and how to secure them. In many ways the preparation, as well as the competition itself, served to pull together what they have been learning in the computer technology program.
“It’s a great opportunity for students because they get hands-on experience,” Beheshti said, explaining that students majoring in computer science, which is more mathematics and programming based, also learn from the experience and are welcome to participate.
CSU Dominguez Hills is one of few universities on the west coast to offer a bachelor’s degree in computer technology, which focuses on management of computer networks, systems, and software. It’s a relatively new program at the university, having only been offered for less than four years. Offering three different concentrations, the program’s most popular is the homeland security concentration, as it provides, according to Beheshti, a foundation in a field that will only continue to grow.
“Any company you think of, they have computers and they need somebody to manage them and keep them secure,” he said.
The Western Regional Collegiate Cyber Defense Competition and its national counterpart, further illustrate Beheshti’s point. Each year teams are given a real world scenario which serves as the reason why they must secure their systems. In 2011, the scenario was that the U.S. Securities and Exchange Commission’s emergency data center had been attacked by cyber terrorists.
This year, teams played out a scenario in which they were hired by a medical company to oversee their network. With the rise of online medical records, providing a safe and secure system that follows all governmental guidelines on patient confidentiality is essential in today’s health care field. The scenario served to illustrate not only the importance of knowing how to keep computer systems secure, but understanding the various regulations for which the systems within certain industries must operate.
“We have to also protect their Mirth, which is a database system for healthcare, and you have to follow standards like HL7 [Health Level Seven, a global authority on standards for health information technology] and HIPAA [Health Insurance Portability and Accountability Act], which says all information of a patient that is transferred over a network has to be encrypted, otherwise if you violate that, you could be prosecuted,” Wade explained.
Several members of the team have worked, or currently work in IT departments as computer technicians, or have years of experience working with computers. Despite that experience, they agreed that the degree has expanded their knowledge and will give them the edge they need to advance in the field. And they also agree that the Western Regional Collegiate Cyber Defense Competition is a great way to put that knowledge to the test.
“We’re real excited, because Friday’s the day,” Krugh said during their final practice. “I get to test all these theories I’ve had for a couple of years.”