Utilizing critical infrastructure focused scenarios; DOE’s competitions added realistic components to make their competition stand out.
This includes a cyber-physical infrastructure, lifelike anomalies and constraints, and actual users of the systems. Additionally, DOE’s competition looks to help participants and volunteers increase their knowledge and understanding of cyber-physical threats, vulnerabilities, and consequences. Moreover, this competition provides students a hands-on security approach to their team’s infrastructure from their servers and virtual machines to the physical devices on their tables. Teams also have the strain of balancing their security with usability; scores of teams include a user’s ability to continue normal work operations.
Energy Focused
Scenarios developed have an energy focus. Previous scenarios have focused on power distributors and water and power delivery systems. Additionally, the scenarios developed look at real-world constraints and lifelike anomalies to include no budget for maintenance or upkeep, deficiency in understanding the system’s needs, website defacement, business meetings, or lack of permission controls.
Cyber-Physical Infrastructure
Unique to DOE’s competition, a cyber-physical device is provided to allow the participants a real-world understanding of the implications for defending critical infrastructure. When power distributor’s cyber infrastructure is compromised, the participants may see the light bulb go out or the water pump stop indicating that there is no power or water being distributed.
Unique Defenses
The competition encourages unique defense strategies and techniques in safeguarding the cyber assets. Teams are scored on their ‘out-of-the-box’ and innovated ideas and defenses. These unique defenses stem from the real-world constraints provided in the scenario such as no budget. Teams develop a working defense utilizing zero dollars and ensuring that the system’s intended purpose is not deprecated.
Usability
Most cyber defense competitions do not take into account usability of the system. DOE’s competition not only adds this element in, but also scores this element as part of the overarching competition. Teams must balance the added security of the system with usability of the system. If the users are unable to navigate the system or unable to complete basic tasks within the system, the team’s usability score will decrease each hour the users are unable to navigate. Additionally, the teams have the added layer of interacting with the users and working through real-world issues and requests made by the users on top of actively defending the networks.