Cyber Security Team (IWG)

Who We Are

The Cyber Security Team is the Naval Academy's competitive hacking and cyber-security team for Midshipmen interested in learning about computer network operations. Founded in the early 2000's to compete in the NSA's Cyber Defense Exercise, the team has expanded to compete in Jeopardy style Capture the Flags (CTFs), Attack/Defense Exercises, policy competitions, and other various events.

We meet every day during sports period in classes split by experience level so that we can teach new members the basics while helping the more experienced continue to improve. Classes range from network attack and defense, binary exploitation, and web exploitation to forensics and incident response, cryptography, and hacker culture. Our team's hands-on-keyboard training supplements the Cyber Operations major and gives our team members skills and operational knowledge that is not taught anywhere else on the Yard.

Recent Events

2018 NSA Cyber Challenge (NCX)

The U.S. Naval Academy won the National Security Agency‘s recent Cyber Exercise, or NCX, an event where the Midshipmen contended with a variety of cyber operations challenges.  Cadets from all five U.S. military service academies took part in the three-day exercise that challenged participants in the areas of adversary coordinates tracking, space mission kit protection and U.S. infrastructure defense.

The event garnered 80 guests during its first two days, and on the third day had additional attendees who were supposed to take part in the Joint Service Academy Summit. The JSA Summit was cancelled due to a snowstorm in the Annapolis area. The NSA and U.S. Cyber Command members delivered each exercise’s opening and closing remarks.

Harry Coker, executive director at the NSA, announced on March 21 the winner after the final exercise; then Walter Carter, superintendent at the U.S. Naval Academy, delivered NCX’s closing remarks. NCX 2019 is expected to take place at the U.S. Air Force Academy in Colorado.

Collegiate Penetration Testing Competition

Held by our friends up at the Rochester Institute of Technology, this was the first competition of its kind. Competitors worked through every step of the penetration testing process, from the Request for Proposals to going over an example Statement of Work and Non-Disclosure Agreements to the actual engagement and the presentation of the final report.

It was great learning experience, giving the team a look at what goes into penetration testing in the real world. While Navy Red Teams operate under different protocols, the fundamental aspects of pen-testing are the same and the techniques and methodologies learned in the competition can be directly applied in the future.

French Cyber Defense Competition

Hosted by l’École Militaire Hosted by l’École Militaire this international competition pitted our team against the French service academies and teams from around the European Union in an overnight battle. This cyber defense exercise featured a vulnerable SCADA system that operated a oil processing station. The teams were tasked with defending the network against attack and keeping the fuel pumps operational. If the pumps were compromised, the teams would lose points.

We have never defended SCADA systems before and this competition provided us with experience and knowledge we could not have gotten anywhere else. Much of our nation’s critical infrastructure runs on SCADA and other industrial control systems, and any experience now will help our efforts to secure them in the future.

Cyberstakes Online

The annual qualifiers for the service academy Cyberstakes competition was a heated battle, with Blair Mason taking the top spot among the teams. Each academy sends nine members to compete at Carnegie Mellon in a variety of events, which have been historically dominated by the Mids. Special thanks go out to LCDR Hoffmeister who worked tirelessly this past year to secure funding.

Cyber Defense Exercise 2015

Designed to fill the capstone requirement for the United States Military Academy's Information Assurance course in 2001, the Cyber Defense Exercise (CDX) pits teams of cadets from each of the five US service academies against security experts within the Department of Defense. Each team is challenged to design, implement, and manage an operational network of computers. Management of various platforms (Windows, LINUX, Solaris, FreeBSD, etc.) is required and services such as web, email, public key infrastructure, and database sharing must be provided. Students are encouraged to establish architecture, policy, and procedures that invoke a defense-in-depth and defense-in-breadth posture to keep the aggressors at bay. In addition to defending their network, competitors are given forensic challenges and document their analysis.

To keep the playing field level, security measures are limited to freely available open source tools. Strategies and techniques employed by the students that were tested on the CDX battlefield have provided industry, academia, and government with valuable lessons. These lessons are related to work in network mapping, port scanning, vulnerability scanning, password integrity checking, network monitoring tools, intrusion detection systems, host-based and network-based firewalls, and layer-two bridges.

Last year, under the leadership of Zane Markel and Devon Budzitowski, our team came out on top after a hard fought battle with the other service academies, returning the massive trophy to the Yard for the first time in five years. The team got the opportunity to visit President Obama in the White House, as well as meet the Director of the NSA, Admiral Rodgers.