Southeast Missouri State University’s Cyber Defense team won its fifth straight state title and will now compete in the Midwest Regional Collegiate Cyber Defense Competition on Friday, March 17, and Saturday, March 18.
The team will compete remotely from Southeast’s campus for regionals as it did for state. A total of 10 teams from eight different states take part in the regional competition. The winner of the Midwest Regional CCDC goes on to the national competition against the champions of the other nine regionals. The National CCDC begins on Thursday, April 13.
Southeast has fallen just short of nationals the past three years, finishing either second or third in each of those regionals. The team will look to defeat the back-to-back regional champion, DePaul University.
The roster size for the competition is a maximum of 12 students, with eight competing in the competition and the other four acting as alternates.
The competition takes about eight hours to complete, and sophomore Lucas Kossack describes it as the worst day in IT ever.
Kossack is in his second year with the Cyber Defense team and already has been named captain.
“I had a lot of previous experience working on my own before I got here,” Kossack said. “So, for me it was a challenge. It was something that I was trying to get involved with... I saw it as something that only upperclassmen were really getting into, but I got into it last year as a freshman, and I’ve stuck with it and I’m team captain now.”
Kossack and the team met once a week to practice for the competition. The team’s preparation includes trying to simulate the environment that they’ll be facing during the match, going over the basics of their defense and trying to prepare for some of the unexpected curveballs they might see.
“We’re constantly under attack,” Kossack said describing the competition. “Not only that, we’re getting a ton of just day-to-day tasks that you’d find in an IT environment that we have to complete, while still defending against an active hacker, basically. So, it’s pretty hectic and you don’t get a lot of down time.”
The active hackers all teams face during the competition are professionals in the cybersecurity industry. During the match, the hackers are known as the “red team,” while all the teams defending against them are known as the “blue team.”
“The competitors are all blue team, which is defense,” Kossack said. “So, we don’t actually get to attack or anything like that. We are purely trying to keep hackers out. The red team… They are the people we are competing, not against, but they are the ones providing the challenge for us.”
While the team is being attacked, they must keep services they were given at the beginning of the competition, such as a website, up and running online. Throughout the match, they also are given injects, which are day-to-day IT tasks the teams must complete while defending from the hackers.
“Those are a major part of the scoring,” Kossack said. “How well you do the injects, how fast you do the injects can easily make or break a team.”
Scoring for the entire match includes a score per inject, how well the team handled that inject and whether they finished and submitted it. The teams also are scored based on how well they keep up their services.
The competitors perform these tasks during the eight-hour competition without any official breaks.
“Not official breaks,” Kossack said. “[The hackers] tend to let off a lot during lunch time, so we have a pizza or whatever’s in the room, but there are no official breaks.”
With five straight state titles, Southeast will look for its first regional title on Friday, March 17.
