Peraton’s Cyber Effects group was on a quest to commit a bank heist. Within five hours, the team successfully unlocked the bank vault — all without ever stepping foot inside a physical bank.
The virtual heist — an all-new simulation — was part of a recent Capture the Flag (CTF) competition hosted by the Defense Acquisition University (DAU). A corporate university established by the Department of Defense, DAU focuses on providing a global learning environment for acquisition, requirements and contingency professionals who support our warfighting capabilities. These CTF events help execute the DAU Cyber Enterprise team’s strategy to transform cyber instruction into a hands-on, “think like a hacker” approach; teams must correctly solve each problem to earn special points that unlock the flag and allow them to advance.
Peraton’s team took the first place title and was the only group to solve 100 percent of the challenge. The team comprised of six cyber protection engineers scored twice as many points as the second place team and finished with more than two hours of competition time to spare. Opposing teams, consisting of other defense contractors and government teams, hardly completed 50 percent of the simulation by the time the clock expired.
“As a company, we know cyber,” Jack B. said. “This is proof that we can track vulnerabilities both as a defender and attacker. We continue to push ourselves using innovative methods to go above and beyond to create new business and help existing customers prevent intrusions on their networks.”
Simply put, the defender has to do everything right, while the attacker only has to find one thing wrong. Any misstep gives opportunity to the attacker.
At the finish line, there is no dramatized wire transfer of millions of dollars to an offshore bank account or destroying of hard drives for the team playing the attacker. Instead, winning teams get bragging rights.
“Sure, CTF events provide us with interesting problems to work on, but there’s also a competitive aspect,” said Benson K. “You’re trying to solve more challenges, more quickly than the other teams.”
In direct opposition, when the Cyber Effects Group isn’t living a stress-free life playing the attacker — and committing legal cybercrimes — they are wearing the white hat to help protect Peraton customers. As the defender, Peraton employees perform cyber security assessments on traditional systems such as laptops, computers, and servers as well as non-traditional systems, which are more complex.
Since a non-traditional system is more unique in its makeup, it requires a higher level of reverse engineering to understand how it was built and the faults in its processes; these are ultimately used to identify any risks.
CTF competitions as an opportune — and fun — training exercises to strengthen the teams’ cybersecurity skills, and as a recruitment tool.
“During these competitions, we try to place people in different locations so they continue to learn and improve their skills. They do the things they are really good at and the things they are not good at,” said Erwin K.. “In the future, our goal is to incorporate both new and junior personnel in this competition to gain the experience and guidance of why certain answers come together.”
In today’s virtual setting, organizations must go above and beyond to ensure they are secure. By equipping teams with the skillset and education to think like a hacker, Peraton stays ahead of evolving threats and helps existing customers prevent intrusions on their networks.