Participating in the International Cyber League helps the IT team at the Illinois State Treasurer’s office test their skills against real-world network threats.
Joe Daniels, chief information officer for the Illinois State Treasurer’s office, was battling malware that had been injected into the network, while another team member was trying to stop a PowerShell script from running across the network and a third was detecting and logging attacks.
Fortunately, that was only part of a competition called the International Cyber League (ICL), but the scenarios are not unlike the threats the office battles every day, Daniels said.
“These are things that we’ve been working on protecting our own networks against,” he said. “You had to go through the process of finding it, doing the remediation, triaging, doing the forensic evidence, submitting the reports – the full incident response process, from discovering you have an issue to getting it out of the network.”
ICL is hosted by Cyberbit, a provider of a software-as-a-service (SaaS) platform that lets cyber personnel train on real-world scenarios. The third annual event, which ran for three weeks starting May 10, welcomed 200 three-person teams made of industry, government and military professionals from around the world. About 45 teams advanced to the semifinals, and 13 competed in the finals. Daniels’ team came in 19th place last year and just missed the cutoff for the finals this year.
“We get that real-world experience whether you do well in the competition or not,” said Daniels who views it as a learning opportunity. “You get a chance to test your skills. We practice this stuff every day, but sometimes your team or the people that work for you don’t get to see it in a live scenario,” he said. “In real life if you’re trying to put out 38 fires at one time; it’s a very different experience. These competitions are a great way to test your team, to grow your skill set, and it’s fun.”
Cyberbit’s SaaS platform has hundreds of exercises, but the company created new ones for the competition that were kept under wraps until the tournament opened, said Sharon Rosenman, chief marketing officer at Cyberbit. Before the event, the company released a warm-up exercise to help participants get used to working on the platform.
For the competition, teams are assigned time slots when Cyberbit analysts are available to help them with technological questions, but they may participate at any time that works for them. The first round, which was at the individual level, was an hour long. The teammates came together to tackle scenarios in the second and third rounds, which last four hours each.
“Teamwork is a very important aspect of cybersecurity. Very often it’s not really tested, so we are testing both their individual skills and their teamwork,” said Adi Dar, chief executive officer of Cyberbit. “At the end of the day, a competition like that is all about creating some sort of a community. I think that can be an anchor. There’s no real cyber community in the world today. … Facebook, Instagram, all the stuff everybody knows this is the place to be if you are 16 years old. But for cyber, there is nothing like that. These competitions are beginning to build some sort of community.”
The platform automatically scores participants based on how well they detect and mitigate the problem they’re presented with. The goal is to get as close to 100 points as possible, with score and time to completion factoring into advancement. The winners get a Lenovo gaming laptop, while second place wins an Apple iPhone 13 Pro and third gets a Sony games console.
To participate, Daniels said the team members log into the platform, which has virtual machines and the scenarios. “One side is the live network environment where you do the forensics and analysis, and on the other side are questions that walk you through the scenario such as, ‘Did you see X, Y, Z when you were looking for this? What did you find?’” he said.
ICL differs from hackathons in which experts are working to create software or hardware in a short time. This is about defending organizations, Rosenman said. “What we’re doing here in this tournament is creating a whole new type of cybersecurity tournament, which is based on real-world experiences,” he added.
Daniels’ office uses Cyberbit for training and since November 2021 has opened it to workers in Illinois localities who are involved in the state’s ePay program, a round-the-clock, full-service electronic program that state agencies use to quickly and securely receive funds.
“It helps us learn, and that’s the end goal,” he said.
Stephanie Kanowitz is a freelance writer based in northern Virginia.
NEXT STORY: Defense against file-based malware