Running a Cyber Defense Competition in AWS

A guest post by Kurt Giessel, CISO, Highline College

Highline College hosted the 12th annual Pacific Rim Collegiate Cyber Defense Competition (PRCCDC) this spring. The 2019 event was the first regional qualifier for the National Collegiate Cyber Defense Competition (CCDC) run on Amazon Web Services (AWS).

About PRCCDC

PRCCDC is the northwest regional qualifier for the National CCDC. The competition is a two-day event for 12 teams from two- and four-year colleges and universities. Each team consists of eight students who administer a small “commercial” network, typically consisting of 12-16 servers and 100+ users.

They also respond to business tasks, in the form of injects, while hardening the systems and defending against a team of professional penetration testers. The students were scored on service uptime and how they responded to their business tasks.

From On-Premises to the Cloud

Initially, the infrastructure for the competition was hosted locally at Highline on bare metal servers and then later virtualized in VMware. By moving the competition entirely onto AWS, we experienced several advantages:

• All the CPU We Need. The competition is held during the first weekend of spring break each year. When we facilitated the competition in our local production environment, we faced the potential risk of impacting other production systems. Often, we would push the limits of our resources by spinning up an additional 120-180 servers. With AWS, the scale of the competition was no longer a major concern when architecting the system.
• Isolated Network. With AWS, all traffic was contained within an Amazon Virtual Private Cloud (Amazon VPC) – including the attacks.
• Simple to Build and Deploy. The entire infrastructure consisted of 15 Amazon VPCs, 60 subnets, 75 routes in 30 route tables, 350 Amazon EC2 Auto Scaling instances, 30 security groups, 120 elastic IPs, and 300 DNS records. We created the architecture with a script using the AWS Command Line Interface (AWS CLI), which built the entire infrastructure in minutes when the process used to take days.
• Easy Access to the Game Environment. In previous years, students accessed the competition from thin clients, physically located on individual team networks. As a result, we needed to configure the physical switches in the classrooms every year. With AWS, the teams used the thin clients to Remote Desktop Protocol (RDP) directly to AWS Windows desktops. These acted as the students’ workstations as well as bastion hosts to access the team servers.

The Event

This year, 16 teams registered for the event, so we hosted a qualifier round to narrow down the field to final 12. The first round was a four-hour event, but teams could compete anytime within a specific five-day window. To start, students logged into a web portal for the competition and their EC2 instances were created. After the allotted four hours, their instances were shut down and we were notified they were ready to be scored.

The main event far exceeded our expectations. After moving the competition from on-premises to the cloud for the first time, we anticipated an increase in help desk calls. Not only was that not the case, but our help desk call volume was roughly half of what it had been in previous years.

Running the competition on AWS simplifies setup and provides us with a stable and isolated platform. But, ultimately, the competition is about the students. With virtually no infrastructure or performance issues, the students have a much better experience. They can concentrate on putting their skills to the test in a simulated real-world environment. Additionally, the infrastructure provides the next generation of cyber professionals with exposure to the cloud.

Learn more about AWS for education here.