West Point shows off cyber chops in higher ed challenge

CERT-LatestNews ThreatsActivists

Symantec’s cybersecurity competition for colleges and universities drew participation from 31 university IT teams in 25 states.

(Getty Images)

Four faculty members at the U.S. Military Academy in West Point have proven themselves to be among the most skilled academics in cybersecurity and cyberdefense.

The West Point professors won the inaugural year of Symantec’s higher education cybersecurity challenge, which invited college and university IT teams to “think like an adversary” as they worked through the different stages of a security breach, said Megan Imbert, a spokesperson for the software company.

The competition was created to give higher ed IT teams a chance to see how they fare — and whether they are as prepared to fend off a cyberattack as they might think.

Held during National Cybersecurity Awareness Month, the virtual competition attracted 117 IT security professionals on 31 university teams from 25 U.S. states and spanned two days. Teams could include one to four participants.

A team from the University of Central Florida came in second place and the University of Hawaii in third. The winners were announced this week at the EDUCAUSE annual conference in Philadelphia.

“The competition aimed to help higher education cybersecurity leaders understand the vulnerabilities of today’s global threat landscape, gain critical security intelligence, and put their skills to the test in a high-pressure environment,” Imbert said.

West Point’s team participates in cybersecurity competitions on a regular basis, said Clay Moody, an assistant professor of computer science and member of the team. “We seem to be doing a competition every other week, if not more often,” Moody told EdScoop.

The four faculty members also coach West Point cadets involved in the academy’s competitive cyber team.

Moody said the Symantec competition was particularly interesting because, unlike most he participates in, it presented real-world scenarios.

In this particular scenario, his team was hired to be penetration testers for a company. They evaluated a homegrown file-sharing website where users can upload documents and share them with other people in the organization. Moody’s team recovered public files, then private files, then protected files, eventually compromising the website and gaining administration access, which allowed them to steal other users’ passwords.

“Most of the time we do competitions, there’s not a scenario associated with it,” Moody said. “Having a storyline made it very interesting. Each problem built on the previous problem. It helped us stay engaged … and helped in understanding the thought process if you went through the entire attacker process.”

Reach the reporter at [email protected] and follow her on Twitter @ByEmilyTate and @edscoop_news.