DSU team wins regional cyber competition
Knowing your enemy is just as important in cyber war as in other battles. A team of Dakota State University cyber students recently proved they know the mind of cyber enemies by winning first place in the Central Region Collegiate Penetration Testing Competition (CPTC).
Hackers are the enemy in cyber security, those sometimes referred to as the “black hats.” To help university cyber security students understand hackers, they practice black hat offense in addition to white hat defense. This is called pen testing, or penetration testing.
“When students play the role of a hacker, they are put in the mindset of a potential black hat operative,” said Dr. Austin O’Brien, assistant professor in the Beacom College of Computer and Cyber Sciences.
By playing the role of a black hat, “you can better understand how an attacker may think,” said Logan Sampson, a Dakota State University cyber operations major, so that when working as a white hat, “you know what to expect when you are defending your network against the very same kinds of hackers.”
Sampson is the captain of the CPTC team who participated in the CPTC, which was held at Missouri University of Science and Technology in Rolla, Missouri; other team members include cyber operations majors Dylan Johnson, Jacob Williams and Brian Vertullo. This is the first time a Dakota State team has participated in the CPTC. The win qualifies them for the national CPTC competition in Rochester, New York, on November 3 – 5. Hosts are the Rochester Institute of Technology (RIT) and Computing Security, RIT’s computing security department.
“The thing that our team as a whole enjoyed about this competition is the fact that we actually got to attack a simulated real network,” Sampson said. “Instead of defending from attackers we got to pretend we were the attackers in order to strengthen the security of the company we were attacking.”
That is the purpose of the CPTC competitions. According to the national CPTC website, the competition “provides a vehicle for up-and-coming cybersecurity student teams to build and hone the skills required to effectively discover, triage and mitigate critical security vulnerabilities.”
The seven-hour-long competition was challenging, Sampson said, because they needed to attack many different machines at once, “but as a team we dispersed the boxes evenly between the four of us to limit the amount of work each person had to do.”
Teamwork can also breed new ideas. “By actively attempting to penetrate a system, different avenues of thought open up that might not be apparent when only ‘playing defense’," O’Brien explained. “Working as a team, more options are brought to light and discussed, options which will help them complete their goal of gaining full access to the system.”
Sponsors of the competition include several businesses which need workers with knowledge of offensive and defensive strategies, including IBM, Crowe Horwath (a public accounting, consulting and technology firm), Uber (a transport company), Hurricane Labs (a managed security services provider), Eaton (a power management company), Indeed (an employment search engine company) and IEEE (an international technical professional organization).