CyberPatriot IX The National Finals Competition

Competitors’ Guide

Presenting Sponsor:

April 2 – April 6, 2017 Baltimore, Maryland

Securing Networks, Securing Futures

2

The Air Force Association CyberPatriot Program Office thanks all of our generous sponsors. Without their support, CyberPatriot could not exist. Please note them all as shown on the back cover of this guide.

We especially acknowledge the following sponsors who are providing scored events at the CyberPatriot IX National Finals Competition:

3

Table of Contents

Page National Commissioner’s Letter 4 Section A. Logistics and Planning 5 Section B. Competition Organization & Administration 13 Section C. Network Security Master Challenge including the AT&T Mobile Device Component 29 Section D. Leidos Digital Forensics Event 35 Section E. Facebook Challenge 37 Section F. Cisco Networking Challenge 41

4

Air Force Association 1501 Lee Highway

Virginia 22209-1198

February 27, 2017 Dear CyberPatriot National Finalist Teams, Congratulations! From a field of over four thousand teams, only a few remain among the elite field competing for National Championships in the Open Division, the All Service Division, and the Middle School Division of the National Youth Cyber Defense Competition. And yours is one! You have worked hard, your team has shown determination and you have shown that you have what it takes to win in one of the most technically challenging youth events in the world. But so have several other teams, and now the road to a National Championship reaches its most difficult section. Over a few days we will identify the very best teams in each division through a challenging series of events. What follows are instructions you need to understand regarding your visit to the Baltimore, MD area, as well as the technical and administrative aspects of the competition. I encourage you to read this document as a team page-by-page to ensure every member of your team has a complete understanding of what you can expect and what will be expected of you during your visit and on the competition floor. Some of it you will have seen before, but you need to understand all of it, so please read this document carefully. We have done everything we can to provide clear guidance and to ensure a fair competition. If anything is unclear, please let us know immediately. Contact our Senior Director of CyberPatriot Operations, Frank Zaborowski, at 703-247-5840 or via email: f.zaborowski@uscyberpatriot.org with any concerns or requests for clarification. I look forward to greeting you personally on your arrival. Best of luck. Sincerely,

Bernie Skoch CyberPatriot National Commissioner Air Force Association

5

SECTION A. Logistics and Planning

Table of Contents Paragraph 1. Protocol 2. Travel 3. Check-In and Arrival 4. Commissioner’s Greeting 5. Lodging Expenses 6. Checked Baggage 7. Meals 8. Attire 9. Media Information 10. Competition Space 11. If Your Team Places in Your Division 12. Schedule 13. Coaches’ Forum and Discussion Topics 14. CyberPatriot Program Office Staff 15. Competitor Protection

POC: Rachel Zimmerman (unless otherwise specified) r.zimmerman@uscyberpatriot.org, 703-247-5834

6

The following items should be reviewed with team members, Coaches, chaperones, and any other members of your team's traveling party. Questions may be directed to the points of contact indicated. 1. Protocol Open and Middle School Division Teams. Though members of the Open and Middle School Divisions are not expected to observe military courtesies, we ask that all Competitors conduct themselves in a respectful and deferential manner when distinguished visitors are present in the Competition Area. The Green Team and CyberPatriot Program Office will ensure that visitors to the Competition Area do not distract Competitors. All Service Division Teams. General officers, government officials, and executives from industry may visit the competition. When not in competition, cadets should extend all appropriate military courtesies. While competing, cadets should continue their work as if the visitors are not present. All visitors will be asked to avoid distracting Competitors and will be advised that cadets in competition periods will not be called to attention. Cadets may expect distinguished visitors to greet and engage with them. Cadets should reply directly and respectfully. Green Team members and CyberPatriot Program Office staff will monitor these visits and respectfully remind visitors of the non-interference policy as necessary. Point of Contact (POC): Bernie Skoch, b.skoch@uscyberpatriot.org, cell: 479-530-8568. 2. Travel. Individual ground transportation will be arranged and emailed to Coaches before travel. Driving and Parking: For teams that are driving to the competition, the destination is the Hyatt Regency Baltimore Inner Harbor, 300 Light Street, Baltimore, Maryland 21202. Complete driving directions can be found here: http://baltimore.regency.hyatt.com/en/hotel/our-hotel/map-and-directions.html?icamp=propMapDirections You will need to park your vehicle in the Hyatt’s self-parking garage. Upon check-in, tell the front desk agent that you have a vehicle. Please make sure that the vehicle charges are placed on the Coach’s (and Chaperone’s if there are two vehicles) sleeping room so that they are covered appropriately. 3. Check-in and Arrival. Your team’s first stop at the Hyatt Regency should be the hotel registration desk where you will receive room assignments and keys. Teams are pre-registered with the hotel. If your rooms are not sufficiently close to each other, please go back to the front desk immediately to request a change. A member of the CyberPatriot Program Office will be present near the hotel registration desk to greet and assist you. Arriving teams are asked to make the distinctive CyberPatriot luggage tags prominently visible to better facilitate recognition of the teams by CyberPatriot staff greeting arriving teams. If your team is delayed en route, please advise the CyberPatriot Program Office as soon as possible by calling Bernie Skoch, cell: 479-530-8568. 4. Commissioner’s Greeting. As soon as your team members are settled into their hotel rooms, please come to Harborview for the Commissioner’s Greeting. There, the CyberPatriot National Commissioner, Bernie Skoch, will formally greet your team and provide them with their CyberPatriot Welcome Packet containing each team’s meal vouchers, badges, and T-shirts. Competitors and chaperones receive two short-sleeved and one long-sleeved T-shirt. Coaches receive two polo shirts.

7

5. Lodging Expenses. At check-in, the hotel will request a credit card from each team’s Coach against which to charge incidental expenses (in-room telephone calls, in-room Internet use, movies, etc.). Coaches are responsible for any incidental charges and room damages for all of their team’s hotel rooms. 6. Checked Baggage. If AFA is funding your team’s travel, the cost of one piece of checked baggage per team member on the flights to and from Baltimore, MD, will be reimbursed (six students and two adults, for a total of eight pieces of checked baggage per team). Please save your receipts. If your Headquarters is funding your travel, please check with them as to how baggage will be handled. 7. Meals. AFA provides all meals (either in-kind or by voucher) between Sunday evening and Thursday morning for the six Competitors and two adults of each team.* Complete information on the locations and times of meals will be supplied upon arrival. * Please note: Any additional team personnel (outside of the six Competitors and two adults) who wish to attend the Wednesday awards banquet must register and purchase tickets from AFA. Guidelines for guests and information on registration were provided in the preliminary logistics e-mail sent from Rachel Zimmerman shortly after the announcement of National Finalists. 8. Attire. Appropriate attire for the days and events is listed below:

Monday. Competitors should wear their short-sleeved CyberPatriot National Finalist t-shirts* with slacks (jeans are discouraged). We ask that Coaches please wear their National Finals Competition issued Coach polo shirt on Monday. During the Competitors’ Dinner the Competitors should wear their short-sleeved CyberPatriot National Finalist t-shirts* with slacks and Coaches should wear their National Finals Competition issued Coach polo shirt. Tuesday. During competition, All Service Division teams should wear their short-sleeved duty uniform without a tie; Open and Middle School Division teams should wear their short-sleeved CyberPatriot National Finalist T-shirts* with slacks (jeans are discouraged). Wednesday. For the tour, all Competitors should wear their long-sleeved CyberPatriot National Finalist T-shirts.* During the CyberPatriot Awards Ceremony, All Service Division teams should wear their Service Dress (Class “A”) uniform or equivalent business attire for Coaches and other adults. Open and Middle School Division male Competitors should wear coat and tie. Female Competitors should wear a knee-length (or greater) skirt or slacks, and blouse. Coaches and other adults should wear equivalent business attire.

* Please only wear the CyberPatriot-issued National Finals Competition T-shirts. Some teams may have made their own CyberPatriot T-shirts, but these should not be worn in lieu of the CyberPatriot National Finalist T-shirts. Coaches will receive National Finals Competition T-shirts for their Competitors, as well as a Coach’s polo shirt, at the Commissioner’s Greeting. Competitors in each division will receive three National Finalist T-shirts. 9. Media Information. Media coverage is important to the growth of CyberPatriot and a great opportunity to showcase the success of your teams. Before speaking with reporters, please review the CyberPatriot Media Guidelines at the following URL:

8

https://www.uscyberpatriot.org/Documents/CyberPatriot%20Media%20Guidelines.pdf Advise your team that there will be photographers and a camera crew present during the competition. The photographers and camera crew have been briefed on the competition’s non-interference policy. If Coaches or Team Captains believe photographers and/or camera crew are creating a distraction, they should advise a member of the Green Team or a member of the CyberPatriot Program Office Staff immediately. If an interview is requested by the media:

First, notify the CyberPatriot media coordinator, McKinnon Pearse. She can be reached before the competition at 703-247-5847 (office) or during the competition at 630-335-9601 (cell).

Articulate to all members of your team that this is a “friendly” competition and that no disparaging remarks will be made about other teams. Keep language clean.

Mention in all interviews appreciation for our Presenting Sponsor, the Northrop Grumman Foundation, and make mention of the Air Force Association as the program’s creator.

Refer to the Media Guidelines linked above. Official Announcements. There will be an official press release announcing the winners of each division following the awards banquet. We will also provide Coaches with a template press release to be forwarded to hometown publications during that week. 10. Competition Space. If your team would like to bring anything to display in your team’s competition space, please submit a written request to r.zimmerman@uscyberpatriot.org stating what you would like to bring, the dimensions of the item, and how you would like it displayed. Only approved items will be allowed in the Competition Area. Please note that, due to agreements with CyberPatriot National Sponsors, only National Sponsors’ logos (no local commercial sponsors) may be displayed in the Competition Area.

While teams are allowed to bring printed reference materials for use during competition, CyberPatriot does not provide printers for attendees of the National Finals Competition. The Hyatt Regency has a business center onsite for minor printing needs, but teams are responsible for associated costs.

Entry into the competition spaces and the Competition Area is not allowed except for activities specifically designated for your division in the schedule.

11. If Your Team Places First in Your Division

CyberPatriot interviews will be conducted with the National Championship team from each division immediately following the Awards Banquet on Wednesday, April 5. A camera crew will be filming the Finals round, and CyberPatriot will use this footage to produce materials illustrating the impact of the program.

The National Championship Team from each division (and their Coaches) should report to the Columbia Room for an interview following the Awards Banquet.

12. Schedule. The schedule below is tentative. A finalized schedule will be emailed to Coaches one week

prior to the event. It is essential that your team be on time for all events. Your team is one of 28 that will be

competing at the National Finals Competition. We cannot delay any events for a team that is late in arriving.

9

CyberPatriot-IX National Finals Competition Schedule DRAFT Schedule as of 2/23/2017

(Hyatt Regency, Inner Harbor, Baltimore, MD)

Sunday, April 2, 2017

Time Activity Location

All Day Competition Set Up Constellation A

All Day Team’s Arrive N/A

All Day Commissioner’s Welcome Harborview

Dinner Voucher TBD

Monday, April 3, 2017

Time Activity Who Location

Breakfast Voucher All Divisions Foyer Concessions/ Bistro 300

8:15-8:25 Team Captain Orientation Team Captains Constellation F

8:30-9:00 Opening Ceremony All Divisions Constellation F

9:15 am – 10:45 am TCP/IP: The Career Portal/ Industry Perspective

All Divisions Constellation F & Constellation Foyer

9:15 am – 10:00 am Coaches Forum All Coaches Frederick

11:00 am – 12:15 pm

Competition Orientation All Divisions Constellation F

12:15 pm -1:45 pm Lunch

All Divisions Foyer Concessions/ Bistro 300

1:45 pm – 2:45 pm System Familiarization Open Division & Middle School

Constellation A

2:45 pm - 3:15 pm Reset

3:15 pm – 4:15 pm System Familiarization All Service Division Constellation A

4:15 pm - 4:45 pm Reset

4:45 pm – 5:30 pm Facebook Challenge

Open Division Constellation A

5:30 pm - 6:00 pm Reset

6:00 pm – 6:45 pm Facebook Challenge

All Service Division Constellation A

7:00 pm – 8:00 pm Competitors’ Dinner with Northrop Grumman Mentors

All Divisions Constellation F

8:00 pm – 9:00 pm Dessert Social All Divisions Harborview and Atrium

Tuesday, April 4, 2017

Time Activity Who Location

Breakfast Voucher All Divisions Foyer Concessions/ Bistro 300

7:30 am – 8:00 pm Riverside Research CIP Exhibition

All Divisions Constellation Foyer

10

7:30 am – 11:00 am Network Security Master Challenge

Open Division & Middle School

Constellation A

7:30 am – 11:00 am Leidos Digital Forensics Event* All Service Division Baltimore/Annapolis

11:00 am – 12:30 pm

Lunch All Divisions Foyer Concessions/ Bistro 300

12:30 pm – 4:00 pm Network Security Master Challenge

All Service Division Constellation A

12:30 pm – 4:00 pm Leidos Digital Forensics Event* Open Division Baltimore/Annapolis 4:00 pm – 4:30 pm

Reset

Dinner Voucher All Divisions

4:30 pm – 6:00 pm Cisco Networking Challenge Open Division & Middle School

Division

Constellation A

6:00 pm – 7:00 pm Reset

7:00 pm – 8:30 pm Cisco Networking Challenge All Service Division Constellation A

* Independently Scored Event.

Wednesday, April 5, 2017

Time Activity Who Location

Breakfast Voucher All Divisions

8:00 am – 9:00 am Optional: Red Team Debrief All Divisions Constellation F

TBD Northrop Grumman Tour All Divisions TBD

Lunch TBD All Divisions

6:30 pm CyberPatriot National Finals Competition Awards Banquet

All Divisions Constellation Ballroom

Note: Teams with Competitors who were absent from or did not participate in a scheduled activity may

have a penalty applied to their final scores. Only the National Commissioner may excuse an absence.

Thursday, April 6, 2017

Teams depart

13. Coaches’ Forum and Discussion Topics. The CyberPatriot Program Office staff will host a Coaches’ Forum on Monday, April 3 from 9:15 – 10:00 am in the Columbia Room for Coaches and Mentors. Coach and Mentor agenda items will have first priority. The time is limited and Coaches, Mentors, and the CyberPatriot Program Office staff should have time to review the discussion topics before the National Finals Competition so that meaningful discussions can take place. Coaches and Mentors are asked to submit discussion topics no later than March 28, 2017. Discussion topics may include, but are not limited to: - Proposed Rules Changes (e.g., A Coach’s teams must compete on the same day) - Improvement of the Competition Software (e.g., Vulnerability Types, Scoring Feedback, etc.) - CyberPatriot IX Online Competition Design Recommendations (e.g., Changes, New Events, Awards, etc.)

11

Please submit discussion topics to the Senior Director, CyberPatriot Operations, Frank Zaborowski, at cpoc@uscyberpatriot.org, Subject: Coaches’ Meeting Discussion Topics 14. CyberPatriot Program Office Staff. During your stay at The National Finals Competition, the CyberPatriot Program Office staff will be ready to assist you. The members of the staff are: Rebecca Dalton Senior Manager, Sponsorship and Outreach Gamail Mohammed Competition Operations Coordinator Lisa O’Loughlin Competition Systems Coordinator Emily Rauer Manager, Cyber Education Bernie Skoch CyberPatriot National Commissioner Melissa Thayer Program Administration Coordinator Frank Zaborowski Senior Director, CyberPatriot Operations Rachel Zimmerman Director, Business Operations 15. Competitor Protection. The safety of our Competitors is a top priority for the CyberPatriot program. Coaches and chaperones are expected to account for their team members at all times. If a Competitor-- even if they are 18 years of age -- is missing, injured, hospitalized, or a victim of a crime, the Coach or chaperone shall notify the CyberPatriot Program Office staff immediately.

12

This page is intentionally blank.

13

SECTION B. Competition Organization & Administration

Table of Contents

Paragraph 1. Competition Overview 2. Competition Organization 3. Competition Area 4. General Competition Rules and Penalties 5. Scoring 6. Blue Team Substitution Procedures 7. National Commissioner’s Critical Information Requirements

POC: Frank Zaborowski f.zaborowski@uscyberpatriot.org, 703-247-5840

14

1. Competition Overview

The CyberPatriot IX National Finals Competition consists of 25 high school teams competing in the following challenges. Three U.S. middle school teams compete only in the competition challenges indicated with an asterisk (*). a. Competition Challenges and Event. Teams will compete in the following challenges provided by the Air Force Association’s CyberPatriot and its sponsors.

(1) Network Security Master Challenge (3.5-hour competition period)*– conducted by the Center for Infrastructure Assurance and Security (CIAS) of the University of Texas at San Antonio.

(2) AT&T Mobile Device Component (Component of the Network Security Master Challenge)* - conducted by the Center for Infrastructure Assurance and Security (CIAS) of the University of Texas at San Antonio, and supported by AT&T. (3) Cisco Networking Challenge (1.5-hour competition period)* - conducted by Cisco Systems (4) Facebook Challenge (45 minute competition period) – conducted by Facebook (5) **Leidos Digital Forensics Event (45 minute competition period) – powered by Leidos’ Cyber Network Exercise System (CyberNEXS) **Note. The Leidos Digital Forensics Event is a mandatory, but independently scored challenge for the Leidos Digital Forensics Award. Its score will not be factored into the National Finals Competition scores except as the final tiebreaker in the event of a tie for the top three awards in the Open and All Service Divisions. High school teams will compete against each other within the All Service or Open Divisions. Middle school teams will compete within the Middle School Division. The Middle School Division competes during the Open Division competition periods. b. Competition Periods. Each team is assigned four competition periods in the schedule. The competition periods consist of the following competition challenges.

(1) Network Security Master Challenge (2) Leidos Digital Forensics Event (3) Facebook Challenge (4) Cisco Networking Challenge

15

2. Competition Organization

The CyberPatriot IX National Finals Competition organization consists of the CyberPatriot Program Office, Blue Teams, Competition Administration Teams, and Support Staff. The following are the groupings, roles, and responsibilities of these organizations. (See Figure B-1.)

a. Competition Staff. The CyberPatriot Program Office staff, members of the Competition Administration Teams, and the Support Staff are collectively known as the Competition Staff.

b. CyberPatriot Program Office. The CyberPatriot Program Office staff is responsible for the administration, logistics, and conduct of the CyberPatriot IX National Finals Competition. The key members responsible for the conduct and administration of the competition are: (1) CyberPatriot National Commissioner. The National Commissioner has overall responsibility and is the final decision authority for the National Finals Competition. Any issue not delegated to another authority, to include scoring issues, is exclusively within the scope of National Commissioner’s decision authority. (2) Senior Director, CyberPatriot Operations. The Senior Director, CyberPatriot Operations is responsible to the National Commissioner for the conduct and oversight of the competition and is the direct interface between the Competition Administration Teams and the National Commissioner. Based on the advice of the appropriate Competition Administration Teams, the Senior Director, CyberPatriot Operations makes recommendations to the National Commissioner. c. Blue Teams (Competitor Teams). The Blue Teams are the Competitor Teams. No more than five team members may compete in any one competition period. Blue Teams do not include Coaches, Mentors, Team Assistants, or chaperones. (1) Team Captain. A Coach shall designate a single Team Captain for the duration of the competition. During the competition periods, the Team Captain is the team’s single representative and liaison with the competition staff, primarily through the Green Team. A Coach shall appoint another Team Captain and notify the Green Team if the Team Captain leaves the competition.

(2) Alternate Team Member (Alternate). If a Blue Team has six team members on its roster, the Coach shall designate one of the team members as an Alternate for each competition period with an Alternate Card. The Alternate Card will be given to the Green Team Leader by the Team Captain at the beginning of the competition period. The Alternate does not need to be the same team member for each competition period. The designated Alternate for a competition period shall not assist, compete, or communicate with the team unless one of the team members leaves the competition for the whole day and the Alternate is formally substituted per substitution procedures. The Team Captain shall not be a designated Alternate.

(3) The Coach, Mentor, chaperone, or any other person who is not a Competitor on the same Blue Team may not assist or advise the team during the competition or System Familiarization period.

16

(4) Competitors shall wear badges identifying them and their team at all times during the competition and System Familiarization.

d. Competition Administration Teams. Competition Administration Teams facilitate and administer competition events. Green, White, and Red Teams, and the Cisco Networking Challenge Team are Competition Administration Teams. A Team Leader leads them, and they wear color-coded shirts.

(1) Green Team (Referees) Duties

(a) Monitoring and Coordination. The Green Team monitors Blue Team performance and conduct. It ensures that the competition is run fairly per the rules of competition. Team Captains contact the Green Team with questions or issues during the Network Security Master Challenge and Networking Challenge. Green Team members then either resolve the issues or escalate them as necessary to the Senior Director, CyberPatriot Operations. Green Team members wear green shirts.

(b) Visitor Control. The Green Team monitors guest/VIP visits to competition spaces.

(c) Competitor Lists. The Green Team maintains the official lists of Competitors, Coaches, and chaperones, as well as contact information for the competition staff.

(d) Competitor Movement Control. The Green Team controls the movement of Competitors in and out of the Competition Area and maintains a sign in/sign out sheet to track Competitors who leave and reenter the Competition Area.

(e) Presence in the Competition Spaces. The Green Team maintains a presence in the Competition Area through frequent visits to competition spaces and direct observation of Competitor actions.

(f) Password Control. The Green Team Leader hands out password cards to each team at the beginning of their competition period.

(g) Coordination. The Green Team Leader and Assistant Green Team Leader coordinate solutions to technical issues with the White Team within guidance from the Senior Director, CyberPatriot Operations.

(2) White Team (Competition System Administrators) Duties (a) Competition System Management. The White Team conducts the Network Security Master Challenge and manages competition scenarios and injects. The White Team ensures that each Blue Team is monitored, supported, and scored within the rules of the competition. White Team members wear polo shirts. (b) Maintenance. White Team members are responsible for maintaining the competition system. (c) Coordination. White Team members are responsible for reporting rules and technical issues to the Green Team and assisting the Green Team Leader in advising the Senior Director, CyberPatriot Operations on scoring issues, Competitor conduct, and other issues.

17

(3) Red Team (Attackers). The Red Team conducts planned and controlled attacks on Competitor systems during the Network Security Master Challenge. Red Team activity subjects Competitors to real-world attacks that thwart efforts to implement security, meet best practices, and maintain services in a timely and efficient manner. Red Team members wear red polo shirts.

(4) Facebook Challenge. The Green Team will referee the Facebook Challenge (5) Cisco Networking Challenge Team. The Networking Challenge Team acts as the White and Green Teams for the Networking Challenge. The team ensures that it is run fairly by monitoring, supporting, and scoring the challenge and is responsible for maintaining and troubleshooting systems. The team members wear blue polo shirts. e. Support Staff. The support staff is the Air Force Association staff and others responsible for non-competition duties such as lodging, meals, media, and facilities. f. Coaches, Chaperones, and Mentors. The primary duties of Coaches and chaperones are the accountability and protection of their team members. Coaches and chaperones are not permitted in the competition spaces at any time unless explicitly approved by the Green Team. Coaches, Mentors, and chaperones must avoid conversations with Blue Team members about the competition during the challenges in all locations, including hallways, restrooms, and the Competitors’ Lounge. Mentors not in the role of chaperones are considered guests.

18

Figure B-1. Competition Administration Relationships

3. Competition Area Spaces designated for the competition are located in the Competition Area. No one except Competitors and competition staff may enter them without permission of the Green Team. The following is a breakdown of the Competition Area (See Figure B-2.) Leidos Digital Forensics Event competition spaces are not located in the main Competition Area. a. Competition Spaces (1) Main Competition Area. Fifteen competition spaces are designated in the main Competition Area for the Network Security Master Challenge, Facebook Challenge, and Networking Challenge. Teams are assigned to specific competition spaces during System Familiarization. Each competition space contains:

19

- Tables - 5 laptop computers - 8 port hub - Easel with large pad of paper and markers - 5 Chairs - 32-inch monitor - Cat-5 Cable - 1 iPad - Cisco Networking Challenge equipment (switch, router, etc.) (2) Leidos Digital Forensics Event. Competition spaces are designated for the Leidos Digital Forensics Event in a room separate from the main Competition Area. Teams shall not enter the competition spaces at any time until directed by the Green Team on the day of the competition. Each team is designated a competition window for the challenge, which is distributed to teams at the Commissioner’s Greeting. b. Competition Administration Spaces. The competition administration spaces are the areas for the Red, White, and Green Teams. With the exception of the Green Team area, these spaces are off-limits to everyone except the competition staff. c. Competitors’ Lounge. The Competitors’ Lounge is a break area designated for Competitors, Coaches, Mentors, chaperones, and the competition staff. Team guests and other spectators are not permitted in the Competitors’ Lounge. Competitors may not bring their refreshments from the lounge back to the Competition Area. d. Spectator Area. The spectator area is designated for individuals to view the competition spaces. Spectators may not communicate (including cheering and words of encouragement) with Competitors during competition. The spectator area is a quiet zone. e. No Liquids or Food in the Competition Area. Liquids, including water, and food are not permitted in the Competition Area. Competitors may use the Competitors’ Lounge to eat and drink. f. Bags. Small personal bags (e.g., purse, satchel bag, small backpack, etc.) are permitted in the competition spaces; however, they cannot contain any electronic devices, including storage devices and cell phones. Bags must be stored under the tables in the competition space and not under chairs.

20

Figure B-2. Competition Area (Leidos Digital Forensics competition spaces not shown)

4. General Competition Rules and Penalties

a. Purpose and Rules. CyberPatriot operates under the premise that all Competitors and Coaches conduct themselves with the highest integrity. To prevent the perception of misconduct that would jeopardize the integrity of the competition and to avoid friction between teams, the following rules have been established for the National Finals Competition. The rules apply to all competition activities, including System Familiarization. Violators of any of the rules listed in this section are subject to appropriate penalties up to and including disqualification. (1) No Outside Assistance or Communication. Blue Teams shall compete with no outside assistance or communication with Coaches, chaperones, Mentors, Alternates, Team Assistants, other non-competitors, or Competitors on other teams. In no case shall competition information be shared outside the competition space until all competition periods are complete and the competition is finished.

21

(a) Except in an emergency, the prohibition on communication includes when a Competitor leaves the Competition Area for any non-emergency reason, including use of the restroom or Competitors’ Lounge. (b) Coaches, Mentors, chaperones, observers, Alternates, and non-Competitors are prohibited from assisting Competitors through direct advice, “suggestions,” or hands-on assistance. (c) Any unauthorized persons who assist a competing team will be asked to leave the Competition Area. A penalty may be assessed against the competing team. (d) Contacting or attempting to contact non-Competitors or Competitors on other teams through email, chat, social media, or other electronic or physical means is prohibited during the competition, regardless of the content of the communication. (e) Briefing or otherwise informing teams that have not competed in a challenge about information or lessons learned from the challenge is not permitted. (3) Unauthorized Personnel in the Competition Area and Spaces. All Competitors shall wear their badges when in the Competition Area and during all competition periods and events. Below are rules governing entry into the Competition Area and competition spaces. (a) Except when specifically designated in the competition schedule, entry into the Competition Area by anyone other than the Competition Staff is prohibited. The prohibition includes Competitors, Coaches, Mentors, chaperones, and others associated with the team and is in force before, during, and after the competition. (b) Only Competitors and Alternates are permitted in their designated competition spaces during System Familiarization. Alternates are not permitted in the competition spaces at any other time except as substitutes. (c) During competition periods only competing team members, Competition Staff, and Green Team-authorized personnel are permitted in the competition spaces. Coaches, Mentors, chaperones, and other non-team members are not permitted in the competition spaces before, during, or after a competition period or System Familiarization unless specifically approved by the Green Team. (d) Team members may not enter another team’s competition space. (e) Team members and Alternates shall not visit or otherwise observe the Competition Area or competition spaces when other divisions are competing. (4) Electronics. Competitors shall not bring electronic devices, electronic media, storage devices, or communication devices into the competition spaces even if they are turned off. This rule applies to System Familiarization. Prohibited devices include, but are not limited to: - USB Drives - PDAs - Digital Cameras - Tablet Computers - External Hard Drives of any type - Laptops

22

- Memory Sticks - Smart Phones - CD-ROMs - DVDs - Audio Devices (Radios, iPods, etc.) - Televisions - Multimedia Devices - Recording Equipment of any type - Cell Phones - Smart Glasses - Smart Watches - Fitness Monitors - Devices that use Bluetooth, Wi-Fi, wireless communications, or other telecommunications means - Wearable photographic, communication, or storage devices (5) Cell Phone Use. Cell phone use is prohibited in the Competition Area.

(6) Photography. Competitors are not permitted to have cameras in the competition spaces or to take photographs in the Competition Area and competition spaces before, during, or after their challenges. This rule applies to System Familiarization. Coaches and non-Competitors may take photographs that do not compromise the integrity of the competition. Unobscured, direct shots of competition screens are specifically prohibited.

(7) Offensive Activity. Competitors shall not conduct offensive activity against the Red or White Teams, other Blue Teams, or competition or non-competition systems.

(8) Printed Reference Materials. Books, magazines, checklists, and other printed or hand-written materials are permitted in competition spaces. Teams may bring printed reference materials to the competition at their own expense provided they are compiled by the Competitors themselves. No printer is available onsite for Blue Team use.

(9) Pre-Staged Materials, Documents, or Tools. Competitors may not use pre-staged materials, documents, or tools on the Internet, other networks, sites or storage devices. Email -- other than the account that is provided to teams -- and FTP/SFTP sites are not allowed.

(10) Internet Resources and Software Tools. Internet access is limited during the National Finals Competition on all laptops and virtual machines. During the Network Security Master Challenge, Facebook Challenge, and System Familiarization, teams will be limited to accessing only sites on a default whitelist created by competition administrators and sites that teams request to be added to the whitelist before or during the competition. For information on how to submit whitelist requests prior to the competition, please see the Competitors’ Guide email. Available Internet resources for the Networking Challenge are listed in Section F. Internet resources such as FAQs, how-to’s, existing forums and responses, and company websites, as well as software tools that are set up and used by Competitors without outside assistance, are valid for competition use under the following conditions: (a) No fee is required to access the resource. (b) Access to the resource has not been granted based on a previous membership, employment, purchase, fee, credit card, or other monetary instrument.

(c) The resource is reasonably available to ALL teams. For example, accessing Microsoft resources through a Microsoft account (this does not include the Microsoft MSDN DreamSpark, to which all Competitors have access) would not be permitted, but searching the public Microsoft support forum would be permitted.

23

(d) No token, smart card, common access card, etc., is required to access the tool or site.

(e) The team requests and receives approval for the site to be part of the whitelist.

(f) During the Network Security Master Challenge, software tools should be downloaded and installed on competition virtual machines, not host laptops. (g) Websites such as GitHub, SourceForge, and www.archive.org/web/ and cached Google web pages are not allowed during the competition. If a specific application is desired from those sites, a URL must be provided as one of the 10 Whitelist requests. If approved the application will be posted on a server accessible to all teams at the competition. (h) All teams are issued temporary email accounts at the competition. If a software tool meeting all of the above requirements requires the creation of an account with an email for access, they may use this temporary email account. All other email accounts are prohibited during the competition. (i) File Transfers. Teams may transfer files between their teams’ assigned laptops in the competition space as long as they do not violate any rules such as using USB devices or using unauthorized software. (11) Competition Systems and Processes. No changes shall be made to host laptops or other competition hardware (e.g., hubs, cables, etc.), software, or power system (electrical outlets, plugs, switches, etc.) unless instructed by a member of the Green Team. (a) Blue Teams start the challenges with identical systems configured with a partition designated for their division. Teams are not to make any type of changes to the configuration of the host machine. Any changes made to the host machine that adversely affect other users of that system may result in immediate disqualification of the entire team in question. Teams should contact the Green Team if they are unsure about the acceptability of the change before making the change. (b) Examples of prohibited conduct include, but are not limited to, deleting or reconfiguring a drive partition, making changes to the system’s BIOS, and changing user permissions on the host machine. (c) Teams may not remove any computer, networking device, or other peripheral from the Competition Area. (d) Teams may not modify the hardware configurations of competition systems. Teams must not open the case of any server, PC, monitor, keyboard, mouse, router, switch, firewall, or any other piece of equipment used during the competition. (e) Scoring System and Processes. Teams shall not tamper with, interfere with, or otherwise modify the scoring system, its components, or scoring processes. This includes interfering with another team competing or modifying the team’s or another team’s score.

24

(12) Changes to Competition Area or Competition Spaces. Teams shall not remove, change, move, or add furnishings in the Competition Area to include tables, visitor controls, signs, and drapes. Team signs and other team-specific items must be approved by the CyberPatriot Program Office before being brought into the competition spaces. (13) Unsportsmanlike Conduct. All participants are expected to conduct themselves with the highest standards of conduct and ethical integrity. Behavior that is prejudicial to the good conduct of the competition, such as refusal to follow instructions from the Competition Staff or disrespect towards participants or guests, is not permitted.

b. Penalties. The competition staff investigates all reported violations of the competition rules and the Coach and chaperone Contracts. Confirmation of a rule violation may result in a penalty to include suspension or disqualification of an individual or team or a competition penalty (e.g., points, time, etc.) against the team, as determined by the National Commissioner.

(1) Individual Disqualification. In the event of an individual disqualification, the disqualified team member shall leave the Competition Area immediately and shall not re-enter at any time. Disqualified individuals are ineligible for team trophies, scholarships, or any other recognition by the CyberPatriot Program Office or sponsors. Replacement of a disqualified team member is at the sole discretion of the National Commissioner.

(2) Team Disqualification. In the event of a team disqualification, the entire team must leave the Competition Area immediately and is ineligible for any team award. c. Reporting Suspected Rules Violations. Reports of suspected rules violations shall be made to the Green Team or Senior Director, CyberPatriot Operations as soon as reasonably possible after the suspected violation occurs. d. Appeals. Appeals assure competition fairness by providing a process to equitably address perceived or real circumstances that, uncorrected, would place a team at a competitive disadvantage for reasons other than their performance. They are not a vehicle for a team to pursue advancement in the competition by other means. The following rules apply to appeals.

(1) Filing an Appeal. Only Team Captains may file an appeal concerning a competition challenge immediately after the challenge. If a Team Captain believes that an unfair competitive disadvantage has occurred to their team, then he or she may file a written appeal with the Green Team using the appeal form obtained from the Green Team. (2) Time Limits. Appeals filed after the periods listed below shall not be considered. (a) Network Security Master Challenge and AT&T Mobile Device Component – 10 minutes after the team’s competition period is complete. (b) Facebook Challenge – 10 minutes after the team’s competition period is complete.

25

(c) Networking Challenge – 10 minutes after the team’s competition period is complete. (d) Leidos Digital Forensics Event – 10 minutes after the team’s competition period is complete.

5. Scoring The National Finals Competition scores are an aggregate of each team’s performance in three challenges. Scores are weighted as follows: Open & All Service Divisions Middle School Division Network Security Master Challenge 60% 90% Cisco Networking Challenge 30% 10% Facebook Challenge 10% - The Leidos Digital Forensics Event’s score will be factored only as the Open and All Service Divisions’ final tiebreaker. Final scores are not released by the Competition Staff during the competition, but teams may gain an understanding of their performance at the Red Team Debrief. a. Network Security Master Challenge Scoring Criteria (1) Finding and Fixing Vulnerabilities (includes questions and answers) (2) Maintaining Services (3) Resolving Injects, including the AT&T Mobile Device Component (4) Defending against hostile Red Team attacks b. Digital Forensics Event Scoring Criteria. Teams are scored on decoding, decryption, and other forensics challenges. c. Facebook Challenge. Teams are scored on their speed and accuracy in a cyber incident response. d. Networking Challenge Scoring Criteria. Teams are scored on their ability to demonstrate proficiency in network security knowledge and secure a network based on the following components: (1) Networking Quiz (2) Hands-on Exercise e. Score Reset and Taking Notes. In the event of a network outage, all Network Security Master Challenge, Digital Forensics, and Networking Challenge scores may be reset. It is critical that Competitors take notes of their actions during the competition to avoid wasted time after a score reset.

26

f. General Scoring Notes

(1) The top three teams with the highest overall scores in each division are recognized at the Awards Banquet following the competition. (2) Except for the Network Security Master Challenge, the teams from the Open Division and All Service Division with the highest scores in individual challenges may be recognized by sponsors at the Awards Banquet.

(3) Competitors are evaluated in two ways during the National Finals Competition: quantitatively and qualitatively. These methods apply both objective (e.g., automated scoring of vulnerabilities or services availability) and subjective (e.g., quality and timeliness of actions required by “injects”) scoring. This method includes straightforward criteria for assessing points and is issued by the White Team to uniformly judge the quality of Blue Team submissions.

(4) Middle School Division teams are scored on the Network Security Master Challenge and the Cisco Networking Challenge.

g. Tiebreakers. If teams tie for one of the top three awards in their division the following tiebreakers will be used in the order listed until the tie is broken. (*) indicates tiebreakers used for Middle School Division teams as well as Open and All Service Division teams.

(1) The team with the higher score in the Networking Security Master Challenge.* (2) The team with the higher score in the Cisco Networking Challenge.* (3) The team with the higher score in the Facebook Challenge. (4) The team with the faster scoring server time to successfully complete the AT&T Mobile Device Component.* (5) The team with the higher score in the Leidos Digital Forensics Event.

h. Scoring Issues, Penalties, and Assessments. If an issue arises where points are administratively added to or subtracted from a team’s score, the Senior Director, CyberPatriot Operations makes a recommendation to the National Commissioner, who renders a final decision on the penalty or assessment.

6. Blue Team Substitution Procedures When a Competitor can no longer compete for the day due to a verified medical issue or emergency, the Alternate may be substituted for that member. Substitutions are controlled by the Green Team. Each Blue Team Captain will turn in an Alternate Card to the Green Team Leader at the beginning of each challenge. The card will identify the team’s Alternate designated by the Coach and be signed by the Coach. Once a Blue Team Coach has made a substitution, the team may not make another substitution for the competition day. The medical issue or emergency is handled immediately and separately from the substitution procedure.

27

a. Reasons for Substitution. Medical issues and emergencies are the only reasons for replacing a primary team member with the Alternate. Note: A Competitor who is replaced by an Alternate may not compete in any challenge or event for the remainder of the competition day. b. Substitution Procedures. The Green Team is the central authority for all substitutions. The respective team’s Coach shall be involved in all substitutions. Substitutes shall be the team’s Alternate. The following are the substitution procedures for three different situations: (1) In the Competition Space (a) Green Team Notification. The Blue Team Captain notifies the Green Team of a Competitor with a medical issue or an emergency who must permanently leave the competition for the day and requires the Alternate to replace the Competitor. (b) Coach Notification. The Green Team contacts the team’s Coach to inform them of the situation. (c) Coach Designation of the Alternate. The Coach confirms that the team will proceed with the designated Alternate. (d) Alternate Verification. The Green Team verifies the Alternate’s name, logs the substitution, and notifies the Senior Director, CyberPatriot Operations. (e) Substitution of Alternate. Once approved by the Senior Director, CyberPatriot Operations, the Green Team will direct the Alternate to his or her team’s competition space. (2) Outside the Competition Space (a) Green Team Notification. The Coach notifies the Green Team of the team member who will be replaced and the reason for replacement. (b) Coach Designation of the Alternate. The Green Team will verify the Alternate’s name against the Alternate Card, log the substitution, and notify the Senior Director, CyberPatriot Operations of the substitution request. (c) Substitution of Alternate. Once approved by the Senior Director, CyberPatriot Operations, the Green Team will direct the Alternate to his or her team’s competition space. (3) Team Captain Substitution. In the event that a Team Captain must leave the competition, the Coach shall notify the Green Team of the new Team Captain’s name. The above procedures apply in the process of replacing the Team Captain.

28

7. National Commissioner’s Critical Information Requirements The National Commissioner requires certain information to safely and effectively conduct the National Finals Competition. The National Commissioner shall be notified by the competition staff or Coach/chaperone if the following events occur: a. Outages of any competition scoring system of more than 10 minutes b. Missing Competitor c. Injured Competitor requiring hospitalization d. Criminal act against a Competitor, Coach, chaperone, Mentor, competition staff member, or CyberPatriot supporter e. Violation of competition rules that involve penalties or disqualification of a team member or team. f. Violation of the Coach and/or chaperone Contract g. Severe weather or natural disaster that could negatively affect the Competitors or competition

29

SECTION C. Network Security Master Challenge including the AT&T Mobile Device Component

Table of Contents

Paragraph 1. Network Security Master Challenge Overview 2. Network Security Master Challenge Scenario 3. Network Security Master Challenge Rules 4. Network Security Master Challenge Competition Images 5. Failover Plan

POC: Lisa O’Loughlin

l.oloughlin@uscyberpatriot.org, 703-247-5800 Ext. 4809

30

1. Network Security Master Challenge Overview

The Network Security Master Challenge uses the CyberPatriot Competition System (CCS) and is administered by the Center for Infrastructure Assurance and Security of the University of Texas at San Antonio. This portion of the National Finals incorporates the methods used in the online rounds and adds elements based on the Collegiate Cyber Defense Competition (CCDC). Unlike CCDC, teams are not required to give presentations during the competition. During this challenge, teams are provided with a set of competition images and AT&T-provided mobile devices with iOS operating systems. Teams will have tasks to complete on the images and using the mobile devices. Note: The team that successfully completes the AT&T Mobile Device Component injects in the fastest time will be considered the winner of the AT&T Mobile Device Component. a. Find and Fix Vulnerabilities. Teams enter their Unique Identifier (Team ID) on images to configure, patch, and secure systems as was done during the online rounds. Teams may be assigned a different Unique Identifier (Team ID) at the National Finals Competition. Teams are required to maintain a connection with the scoring server in order to have their tasks scored. Teams that do not maintain a persistent connection to the scoring server may be subject to penalties. The scoring report will display only vulnerabilities fixed and the total number of vulnerabilities, not the points associated with the vulnerabilities. Additionally, audio cues that signify point changes will not be available. b. Maintain Critical Services. At the start of the competition (and not before), teams receive a competition scenario that outlines which services must be maintained on each competition image. For example, you may be asked to maintain web services on a specific competition image. This means the web service needs to be available to any IP address throughout the competition and it needs to provide the same content that it had at the beginning of the competition. If the web service breaks or the content being displayed by the web service changes, then the service will be considered “broken.” Every time a service is checked and found to be broken, teams are awarded no points. If a service is continuously down, teams are penalized for violating the Service Level Agreement (SLAs), and their scores are reduced. SLAs are enforced on a per-service basis and apply to every critical service. c. Resolve Injects, Including the AT&T Mobile Device Component. Teams are tasked to perform business-related tasks called “injects” during the Network Security Master Challenge. Teams are scored on their ability to complete the inject in the time allowed and their performance on the inject. Teams will not receive any other specifics on the content of the injects prior to the competition. d. Defend Against Hostile Red Team Attacks. Team systems are probed and attacked by the Red Team, and their actions will accelerate in severity as the competition progresses. Successful Red Team actions affect teams’ scores, as they may disable critical services or restore previously fixed vulnerabilities. Teams will not receive information on when or how the Red Team will take action against team systems prior to the competition.

31

Other important topics about the Network Security Master Challenge include: e. Image Access. Teams access their competition images using VMware’s vSphere client software. Each team has the ability to power on, power off, reset, revert to snapshot, and connect to the console on each of their competition images. A link to the video demonstrating the use of vSphere in The National Finals Competition will be provided in emails to National Finalist Coaches. Teams may also connect to the images using SSH, Remote Desktop, VNC, or any other remote connection method that teams choose to install/enable/configure. Note: Reverting a competition image to a snapshot will reset that specific image to its starting configuration – all work performed on that image will be lost once it is reverted. f. Patch Server. Each team has access to a “patch server” containing service packs and software that are authorized for use during the competition. Teams are encouraged to use the competition patch server whenever possible. The patch server is off limits to the Red Team and the contents of the patch server can be trusted. Teams will not receive information about the content of the “patch server” prior to the competition and may request Linux package repositories and software sites that meet the “Internet Resources and Software Tools” criteria to be part of their whitelist. g. Portal Web Page. A “portal” web page will display items such as the status of a team’s services (working or not working) is available during the Network Security Master Challenge.

2. Network Security Master Challenge Scenario Each team is serving as the administrators for a small company. You will be responsible for maintaining their servers and network services. When you inherit your systems all scored critical services will be functional and operational. However, the previous administrators may not have followed best practices.

3. Network Security Master Challenge Rules General competition rules in Section B apply to the Network Security Master Challenge. Below are rules specific to the Network Security Master Challenge. a. Team members may not initiate any contact with members of the Red Team during the hours of live competition. b. Teams must not connect to any devices or peripherals that are outside the competition network. c. Teams are free to block specific IP addresses that are generating suspicious or malicious traffic, but any Team action that interferes with scoring activities is the fault of the Team.

32

d. Teams may not block entire subnets. e. Teams may use the vSphere client (installed on all competition laptops), Remote Desktop Protocol, SSH, Telnet or any other IP-based connection method to connect to their competition images.

4. Network Security Master Challenge Competition Images

The competition network for the Network Security Master Challenge will consist of up to eight images. The following are the only operating systems that will be published before the competition and are subject to change:

Operating Systems

Debian 7

Ubuntu 12.04

Windows Server 2016

Windows Server 2012

Windows Server 2008 R2

Windows 10

Figure C-1. Network Security Master Challenge Images

5. Failover Plan

The following is the failover plan for the Network Security Master Challenge. Its execution timeline may change depending on circumstances at the time of the system failure. a. Failover Conditions (1) Competition session is less than two hours old (2) 20+ minute sustained outage (3) National Commissioner decides to execute the Failover Plan b. Actions upon Failover Plan Execution (1) Students review notes and update notes on system administration and other actions. (2) Local failover system is activated (30 minutes). (3) Network Security Master Challenge continues. c. Outage after Two Hours

33

(1) Teams wait up to one hour for restoral. (2) If there is no restoral after one hour -- teams depart competition floor.

Figure C-2 – Notional Failover Timeline d. Scoring Actions (1) If a failover is executed and the competition is restarted, the scores that teams earn on the failover system may be used for the Network Security Master Challenge scores. Depending on circumstances, the previous scores may not be considered. It is critical that the Competitors take notes of their actions throughout the challenge so that they may quickly re-fix vulnerabilities, reconstitute previously finished tasks, and set their systems to the same levels of security as before the outage. (2) For an outage that occurs after the two-hour mark, the last scores may be used for final Network Security Master Challenge scores.

34

This page is intentionally blank.

35

SECTION D. Leidos Digital Forensics Event

To be published.

Table of Contents

Paragraph 1. Digital Forensics Event Overview 2. Digital Forensics Event Rules 3. Digital Forensics Event Failover and Restart Procedures

POC: Lisa O’Loughlin l.oloughlin@uscyberpatriot.org, 703-247-5800 Ext. 4809

36

1. Digital Forensics Event Overview

To be published.

2. Digital Forensics Event Rules

To be published.

3. Failover Procedures

To be published. .

37

SECTION E. Facebook Challenge

Table of Contents

Paragraph 1. Facebook Challenge Overview 2. Facebook Challenge Rules 3. Facebook Challenge Failover & Restart Procedure

POC: Gamail Mohammed G.Mohammed.@uscyberpatriot.org, 703-247-5807

38

1. Facebook Challenge Overview

Protecting your personal information is more important than ever, and that's why security is built into every Facebook product and design. Our security systems run in the background millions of times per second to catch threats and remove them before they ever reach you. We create lots of easy-to-use security tools on Facebook to help you add an extra layer of security to your account. We have also developed open source security technologies and engage constantly with the security research community to encourage more investment in innovative defenses that will make the internet safer. Read more about Facebook’s technical security work on our Protect the Graph Page, at facebook.com/protectthegraph. The goal of this challenge is to allow competitors to experience an Incident Response scenario similar to those encountered in industry. This challenge replicates a real world incident, similar to the ones industry faces every day. Competitors will use their forensic and investigative skills to analyze a combination of log files, packet captures, and live virtual machines to determine how a security breach has occurred. Competitors will need to investigate the security incident and complete a Technical Report of their findings in less than 45 minutes. Points are awarded for the Accuracy of the Technical Report.

If there is a tied score, the team with the fastest time will win the challenge. Teams may request access to websites and tools by requesting the addition of the specific websites to the whitelist.

2. Facebook Challenge Rules

a. Do not plug in any unauthorized devices into the competition network. b. Do not bring cell phones or other recording devices into the competition environment. c. Do not discuss any details of the competition with Friends, Coaches, Chaperones, or Mentors. d. Do not use the equipment in any way for malicious purposes. e. Do not attempt to access the management network or another team’s network . f. Do not cheat.

Have FUN!

39

3. Facebook Challenge Failover and Restart Procedures

Below are the Failover and Restart procedures for the Facebook Challenge. Its execution timeline may change depending on the circumstances at the time of the system failure. a. If there is a network failure during the initial 30 minutes of this exercise, competition administrators will stop time and provide a local copy of the competition materials including, but not limited to logs, packet captures, and virtual machines. Once each team has a local copy of the files, the time will continue from where it was stopped. ** If the network failure occurs after the initial 30 minutes of this exercise, all teams will submit their Technical Report as is for scoring by the Challenge Staff. b. If there is any other failure or situation, the Facebook Challenge Team will work to rectify the situation as quickly as possible. (1) Team Captains shall ensure that any software or hardware problems are brought to the attention of the Green Team. Each of the competition pods can be reset at the request of the Team Captain with no penalty other than lost time. (2) All teams should take extensive notes and complete their Technical Report as they compete in case any unforeseen problems arise.

This page is intentionally blank.

41

SECTION F. Cisco Networking Challenge

Table of Contents Paragraph 1. Networking Challenge Overview 2. Hands-on Networking Challenge 3. Networking Challenge Rules 4. Application and Equipment Restart Procedures

POC: Gamail Mohammed G.Mohammed.@uscyberpatriot.org, 703-247-5807

42

1. Cisco Networking Challenge Overview

The Networking Challenge is conducted in-person by Cisco Systems Engineers. Teams are scored on their ability to demonstrate proficiency in network security knowledge. Teams are challenged to use their team members efficiently to complete all aspects of the challenge in the allotted timeframe. Each division has a one-hour and thirty minute competition period. Both the Networking Quiz and Hands-on Networking Challenge will be scored after the one-hour and thirty minutes allotted competition time. a. Challenge Components. The competition is divided into two distinct components that are scored separately. (1) Networking Quiz. In order to secure a network, you need to know the fundamentals of building a network. This quiz will test your knowledge of networking fundamentals and network security. This component of the Networking Challenge will be delivered as an online quiz through www.netacad.com. Teams will have access to the internet that can be used for researching questions. Note: Competitors under 13 years of age may not log in to www.netacad.com. Competitors 13 years of age and older must log in to the website and complete the quiz for the team. (2) Hands-on Networking Challenge. The hands-on exercise consists of both physical wiring and device configuration. Each team is presented with networking equipment, cables, and instructions. Notes - Teams are not required to make cables. - Packet Tracer will not be used for the competition. b. Cisco Networking Challenge Score Weighting. The Networking Event is scored with the following weights for each part of the competition. (1) Networking Quiz – 30% (2) Hands-on Networking Challenge – 70% c. Administration. The competition is administered by Cisco Systems Engineers who are available to clarify technical questions.

2. Hands-on Networking Challenge

The Cisco Hands-on Networking Challenge will have a live router, firewall, switch, laptop computers, connection types (e.g., Ethernet, etc.), and applications (e.g., http, ftp, dns, dhcp, etc.). All items will be prepared with the IOS software and some default configuration. Each team will have five laptop computers.

43

a. Pre-Loaded. All software required on both the networking equipment and five laptop computers will be pre-installed. b. Competition Play (1) Teams will access the equipment using the designated laptops through an application called PUTTY.exe. This application is used to SSH/console into the network devices giving access to the command line interface (CLI). (2) Laptop Usage

a. One laptop will be designated as an Inside Test Host. Inside means anything on the LAN side or protected side of the firewall. The Inside Test Host laptop will be labeled and can be used to console into the network devices but will NOT have access to SSH to the network device, the internet, or quiz.

b. All other laptops can be used to SSH/console into the network devices and will have access to the internet for research and to take the quiz.

(3) Team organization, task prioritization, and time management are critical to successfully completing the Networking Challenge. It is up to the teams to “divide and conquer” the entire challenge on their own volition. (4) This is a live environment. For competition grading and monitoring no default configuration should be modified or removed. Also, the management (Yellow) cables should not be removed. If default configuration is modified or cables removed by accident please make a member of the Green Team aware immediately. (5) Information required to access the equipment will be provided at the System Familiarization.

(6) Teams may move the equipment. However, they should be extremely careful when doing so and

should consult a Green Team member if they are concerned about damaging the equipment.

3. Networking Challenge Rules

The general competition rules in Section B apply to the Networking Event. The following rules are specific to the Networking Event. a. Exam Instructions. All instructions will be provided during the System Familiarization. b. Software. No software tools, programs, scripts, etc., shall be downloaded or used on laptops. No attempt to “break,” or otherwise compromise any software on the laptops or networking devices shall be made.

44

c. Whitelist. The only whitelisted sites for this challenge are www.cisco.com and http://www.netacad.com. Teams can find any resources they may need for the Networking Challenge at the sites. To ensure that teams can access their NetAcad curriculum they used during the online rounds, students should bring the credentials they were provided when their instructor created the Content Course.

4. Application and Equipment Restart Procedures Below are the application and equipment restart procedures for each portion of the Cisco Networking Challenge. a. Networking Quiz. If teams are unable to access, complete, or submit the quiz through www.netacad.com, a paper version will be available. b. Hands-On Networking Challenge. If there is a network failure during this exercise, competition administrators will take photographs of teams’ cabling component and save the backup copies of their configuration files.

c. Other. In the event of other hardware or software failure, the Cisco Systems Engineers will work to rectify the situation quickly. (1) Team Captains shall ensure that any software or hardware problems are brought to the attention of the Green Team. (2) All teams should take extensive notes and save their work and configurations often. In the event that a device crashes and needs to be restarted, it is expected that the team will be able to recover from the application reset from their notes and saved configurations.

45

Notes

46

The Air Force Association

thanks our CyberPatriot Sponsors!

CYBER SILVER SPONSORS

CYBER GOLD SPONSORS

CYBER DIAMOND SPONSORS

PRESENTING SPONSOR