CANSec Invitational Cyber-Defense Competition
CANSec Final Rankings
- 1st Place – Iowa State University
- 2nd Place – Kansas State University
- 3rd Place – University of Missouri – St. Louis
The CANSec Invitational Cyber-Defense Competition will be hosted at the 14th Central Area Networking and Security Workshop on Nov. 14, 2021.
The competition is designed to test each student team’s ability to secure a networked computer system while maintaining standard business functionality. The scenario involves team members simulating a group of employees from an IT service company that will initiate administration of an IT infrastructure. The teams are expected to manage the computer network, keep it operational, and prevent unauthorized access. Each team will be expected to maintain and provide public services: a web site, a secure web site, an email server, a database server, an online curriculum server, and workstations used by simulated sales, marketing, and research staff as per company policy and mission. Each team will start the competition with a set of identically configured systems.
The objective of the competition is to measure a team’s ability to maintain secure computer network operations in a simulated business environment. This is not just a technical competition, but also one built upon the foundation of business operations, policy, and procedures. A technical success that adversely impacts the business operation will result in a lower score as will a business success which results in security weaknesses.
Student teams will be scored on the basis of their ability to detect and respond to outside threats, including cyber-attack while maintaining availability of existing network services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security against varying business needs.
The Cyber Defense Competition is only open to student teams and faculty coaches. We also welcome faculty members who are interested in coaching in future competitions to join the white team as observers. Please send an email to email@example.com.
Please read the format and FAQs of the competition below.
Each team will be responsible for a variety of tasks before, during, and after the competition. The following is a non-inclusive list of key tasks that each team must perform:
- Blue Team
- Manage services (provided as a set of virtual machines)
- Report intrusions
- Complete challenges that are issued throughout the competition, called injects
- Maintain physical security in their designated areas
- White Team
- Enforce rules
- Setup and maintain competition infrastructure (virtual machines, networking, etc.)
- Support blue and red teams with connectivity and usability issues
- Issue and score injects
- Red Team
- Enumerate and exploit vulnerabilities in Blue Team services for the purpose of disrupting normal operation
- Perform social engineering attacks against Blue Teams to gain credentials or access
- Gold Team: Comprised of the Competition Manager, the host site Chief Administrator, as well as representatives from industry and academia who make up the administration team both in planning and during the exercises. Responsibilities include, but are not limited to,
- Administration and staffing of the cyber defense competition
- Works with industry partners to orchestrate the event
- Along with Industry White Team approves the Chief Judge
- Has the authority to dismiss any team, team member, or visitor for violation of competition rules, inappropriate or unprofessional conduct
- Makes provision for awards and recognition
- Manages debrief to teams subsequent to the conclusion of the competition
- Each team may have no more than 8 student members and at least one faculty coach
- Team members must be currently enrolled in a university that is attending CANSEC
- Once the competition has begun, no more members may be added to the team
- Each team will designate a team captain
- The captain will be the point of contact for the competition staff before and after the competition
- In the event of the team captain’s absence, teams must designate an alternate captain
- White team
- White team members will remain neutral
- White team will only assist with the following (this list is non-inclusive):
- Competition Infrastructure
- Access to competition infrastructure from client machines
- Blue teams
- Blue teams must allow the White Team access to competition resources upon request
- Blue teams must compete without “outside assistance” from nonteam members
- Members may conduct penetration tests (such as port or vulnerability scans) against only their own resources. No such activity is permitted against other Blue Teams, the Red Team or competition infrastructure
- The team’s captain will be responsible for contesting any potential rule violations
- Red teams may not perform the following attacks:
- Volumetric denial of service attacks (flooding, etc.)
- Attacks against competition infrastructure (scoring engine, OpenStack, networking resources, etc.)
- Port scans, exploits, etc. against personal machines (unattended machines are fair game for access by the red team)
- Blue Team members can user their own computers in the competition. However, Blue Team members may not leverage any paid resources. All resources must be accessible and free to all blue teams. Examples include paid commercial software, hired assistance, paid rulesets, etc. Evaluation versions of commercial software are allowed.
- Blue Team members may not leverage outside assistance. Shared storage (such as FTP or Google Drive) and instant messaging (IRC, HipChat, Skype, etc.) are permitted, but only with fellow team members.
- All network activity that takes place on the competition network may be logged and subject to release. Competition officials and the Competition Hosts are not responsible for the security of any information, including but not limited to:
- login credentials
- emails or other communications
- personal data (SSN, credit card information, etc)
which competitors place on the competition network.
- All participants, including competitors, coaches, White Team, and Red Team members are expected to behave professionally at all times during the entire event.
- Participants are expected to follow the rules set forth by the facility that is hosting the competition.
- Competitors behaving in an unprofessional manner may receive a warning from the White Team for their first offense. For egregious actions or for subsequent violations following a warning, competitors may have a penalty assessed against their team, be disqualified, and/or expelled from the competition site. White Team may also consider a ban from future competitions on a case by case basis.
- Spectators must also obey professional conduct rules. Individuals that violate these rules may be asked to leave by the White Team if violations continue.
Team score is based on the following factors: service uptime and Injects.
- Service Uptime (60%)
- Uptime is tracked by a scoring engine that performs checks every minute during the attack phase of the competition.
- For each minutes a service is up it earns 1 point.
- Injects (40%)
- Injects are challenges given to the team throughout the competition.
- Each inject will have a time limit for completion. Upon completion, injects will be submitted to the White Team for scoring. Each inject is completely optional.
Score posting: A preliminary score will be posted at the end of the day of the competition. Final scores will be posted one week after the end of the competition to allow for teams to file any discrepancies.
Grievances: Grievances during the competition will be posted through the ticketing system and will be dealt with in the order they are received. Scoring grievances should be filed within 3 days from the end of the competition, and will be resolved within the next 4 days.
Do I need to assemble my own team?
Yes, you are expected to form the team of up to 8 students and at least 1 faculty coach.
Do I need to register for the main workshop to attend the competition?
Competition Organizers (point of contact for competition-related question)