12 March 2018

Enforcing the Law at the Mid Atlantic Collegiate Cyber Defense Competition (MACCDC)

The MidAtlantic Collegiate Cyber Defense Competition (MACCDC) is one of the many regional CCDCs that includes a somewhat unique aspect: law enforcement and investigations. For those unfamiliar with CCDC's, they are live network security competitions where schools face off against each other, and a red cell of pentesters, to build and maintain a secure network. While fending off attacks the teams are responsible for creating new servers and services while performing business operations, such as running database queries for a business need. If the respective database is misconfigured, or hijacked by Red Team, then the query cannot be performed and teams suffer major score losses.

There are multiple regional CCDC competitions across the entire country as well as the National CCDC where the winners of each regional competition join to face off against each other. While each regional follows the same structure of competition, each can make slight adjustments to how they determine a winner. A law enforcement (LE) component was built into MACCDC years ago as a method to help expose competitors to the unique and frustrating challenges of fully documenting attacks.

In many competitions, schools practice on being extremely responsive to attacks and, in many cases, aggressive in their responses to remove an adversary as quickly as possible. While that effort is commendable, it does not translate into the actions taken by a real-world security team. In the event of a compromise, theft of data, or denial of service attack, corporate senior leadership will not be content with a message of "We were attacked, it's been fixed."