The infosec community has been gaming for a long time. The first DefCon CTF was hosted in 1996. The iCTF hosted at UC Santa Barbara was in 2002. At the collegiate level, the Federal CDX between the US Service Academies started in 2001, and the civilian Collegiate Cyber Defense Competition started in 2006. EC-Council Foundation’s Global Cyberlympics (GCL) started in 2011. In the case of EC-Council and its sister, non-profit company, EC-Council Foundation, creating a worldwide hacking competition just made sense due to the huge community of ethical hackers that make up the membership of both organizations. All of these competitions are still going strong today.
What began as a niche event for conferences and universities, cyber exercises have continued to gain in popularity, diversity, and offerings to today. I first became involved with war gaming and exercises back in 2001 with the first Federal Cyber Defense Exercise. Fast forward nearly 20 years, and I’ve seen and run events all around the world. Big or small, technical or informational, most events are well attended with the players working hard to get to the top of the leaderboard.
Why is Gaming Important to Cybersecurity?
Gaming is resource intensive. Targets and puzzles take a lot of work to build and once used, cannot be used again. Games at conferences pull attendees away from the regular sessions or go late into the night. The prizes are small, with mostly bragging rights being the main reward. Building and playing games take a lot of resources, especially when compared to the prizes. So why do we do it?
At its heart, cybersecurity is conflict, combat, war. You (the defender) have something that they (the attacker) wants. Bandwidth, CPU cycles, information, storage space –the list of possible targets goes on. This battle to protect what you have from those who would do it harm is the very definition of conflict and war. The weapons and consequences are different than those in the physical space, but that does not reduce the reality of the situation and the stress it brings to you, your team, and your infrastructure.
A practice space is needed for those who study and engage in this type of warfare where they can learn by applying their skills in an environment other than the ones they are protecting. Events like the GCL provide a consequence-free environment for professionals to push their skills to the limits. Within the confines of the game, players can experiment with creative approaches to problems they may face in the real fight against cyber criminals. In fact, cyber games require plays to try new tools, new techniques, and attacks with a high degree of risk if they hope to win. The best games build challenges that teams have not encountered before that go well beyond capture the flag-type events we’ve all seen a million times.
This is what GCL does so well. Year after year, the challenges presented to the teams that make the finals are unexpected and impossible to train for. Teams have to rely on their skills and hope their instincts guide them to right solution. Last year the finals included a challenge that required teams to pull the numbers off a platinum credit card with nothing but one battery, a nail, a set of old-school headphones, a bag of silly putty, a grinding stone, a padlock with a ring on it, a roll of tape, a pencil, a sticky note pad, and a Lego figurine character. After a day of wide-ranging challenges, the games wrapped with a bitcoin mining challenge. What will this year have in store?
Hacking competitions are where you can pit your skills against your peers’ and see how you measure up. a place to take your measure. It is a place to see how you do against the puzzle creators as wells as to rank your skills against other professionals from around the globe. It’s one thing to learn hacking theory and skills in the classroom, but it’s another to actually use those skills, and it’s best not to wait until you or your company is well and truly hacked to apply your knowledge. Below is a list of games with open registrations. BTW, if you choose to compete at GCL, click the link below for free registration on me. It’s important for us all to be ready to defend what is ours.
Global Cyberlympics Qualifications
Google Capture The Flag 2019 (Quals)
When: Sat, 22 June 2019, 00:00 UTC — Sun, 23 June 2019, 23:59 UTC
Canadian Institute for Cybersecurity_Capture the Flag
When: Sat, 29 June 2019, 12:00 UTC — Sat, 29 June 2019, 22:00 UTC
When: Fri, 05 July 2019, 09:00 UTC — Fri, 05 July 2019, 19:00 UTC
Crypto CTF 2019
When: Sat, 10 Aug. 2019, 06:00 UTC — Sun, 11 Aug. 2019, 06:00 UTC
Official URL: https://cryp.toc.tf/
When: Thu, 22 Aug. 2019, 15:30 UTC — Fri, 23 Aug. 2019, 15:30 UTC
Official URL: http://bit.ly/hackcon2019