Warfare Center’s Cyber Red Team Notches Another Win in National Hacking Event

Photo By J.W. Marcum | Members of Naval Surface Warfare Center, Port Hueneme Division’s Cyber Red Team...... read more read more

Photo By J.W. Marcum | Members of Naval Surface Warfare Center, Port Hueneme Division’s Cyber Red Team Development Program (RTDP) conduct training and tabletop exercises in penetration testing to protect the integrity and readiness of U.S. Navy systems at the Fathomwerx Lab, Feb. 13, 2020. Pictured are RTDP members (clockwise from left), Shane Bennett, Calvin Raines, Christopher Draper, Steven Coleman, Devin Gavin and Bao Huynh. The team recently captured Third Place in the Navy-sanctioned HACKtheMACHINE contest. (U.S. Navy photo by J.W. Marcum/Released)  see less | View Image Page

PORT HUENEME, CA, UNITED STATES

04.26.2021

Story by Teri Carnicelli 

Naval Surface Warfare Center, Port Hueneme Division

✔ ✗ Subscribe

26

A team from Naval Surface Warfare Center, Port Hueneme Division (NSWC PHD) captured Third Place during last month’s Department of Defense (DOD)-authorized HACKtheMACHINE challenge, despite facing an increased number of competitors and an “unknown” sentinel system protecting the program that team members were trying to hack.

With a first-place win under their belt from last fall’s HACKtheMACHINE competition, the same PHD team members again came together to once again test one of the tools the U.S. Navy is considering for a cybersecurity monitoring environment. The event boasted several government sponsors, such as Naval Sea Systems Command and Program Executive Office, Integrated Warfare Systems, as well as industry sponsors like Microsoft Corp. and Dell Technologies Inc.

Held March 23-26, virtually, aboard fictional USS Ghost (DDG 2000), the competition included three tracks to choose from: Maritime Cyber, Track 1, a targeted hack of the bridge systems; Data Science, Track 2, utilizing artificial intelligence-assisted decision making to allocate resources during a pandemic, or Heavy Metal, Track 3, employing advanced metal 3D printing techniques after a critical component fails aboard the ship. Government teams competed against world-class hackers and other industry innovators to complete the cyber games.

The “game” for Track 1, in which PHD’s Red Team participated, included hacking from the cloud into the Grace Maritime Cyber Testbed. This year’s format included a full bridge navigation suite and a fly-by-wire propulsion system.

The objective was to crash the bridge’s cybersecurity monitoring tool and expose any vulnerabilities before it goes live. In order to be placed in the top-three performers, the Red Team had to successfully complete both objectives—hacking and crashing the system—and outperform its competition.

“This year, the competition really heated up,” said Bao Huynh, PHD’s Red Team lead. “There were 48 teams in Track 1, which has grown significantly in size and prize money.”

As government employees, team members were unable to collect the $5,000 third-place prize. However, Huynh said the experience is the main draw for competing.

“HACKtheMACHINE is the only hacking competition that allows us get hands-on with maritime control systems,” he said. “It’s satisfying to see our attacks on a computer cause physical effects. It is also a great opportunity to work with people from industry and cross-pollenate ideas.”

PHD’s seven Red Team members—Huynh, Shane Bennett, Steven Coleman, Chris Draper, Devin Gavin, Calvin Raines and Ian Wilson—were once again joined by a colleague from Naval Underwater Warfare Center, Newport Division and an industry representative.

“We all worked from our own remote locations,” Huynh said. “We’re all comfortable with collaboration over a virtual environment, so it’s actually better than working together in person. For instance, sharing snippets of code is quick and easy over chat.

“Screen-sharing is better than eight people standing behind you looking at your screen,” he added.

This year, the Track 1 challenge included an undisclosed cybersecurity sentinel system that watched the target systems and actively intervened when it saw malicious activity.

“Defeating a system like that is extremely challenging,” Huynh said. “The goal is to be stealthy, but that is difficult to do when we don’t know what the sensor is looking at. It’s like trying to avoid the cameras in a bank when there’s a black dome covering each camera to prevent you from seeing where the camera is pointed.”

NSWC PHD launched a Red Team Development Program in October 2019 to enhance and promote enterprise-wide cybersecurity and fleet readiness. The first cohort has continued to actively train and test its skills during tabletop exercises and mock-up scenarios, as well as real-world applications.

The team has previously participated in other contests such as Booz Allen Hamilton Inc.’s Kaizen Capture the Flag (CTF) and the National Cyber Range Complex CTF.

PHD’s Red Team continues to notch wins in the highly competitive HACKtheMACHINE event that draws expert teams from industry, academia and other government agencies. In fact, government agencies have consistently placed in the top ranks of the semiannual competition, now in its seventh iteration.

First Place this year went to the Navy Cyber Warfare Development Group, and Second Place went to Georgia Tech Research Institute, headquartered in Atlanta.

The Navy garners valuable insights from every HACKtheMACHINE challenge and adapts its systems accordingly. Prior winning teams have provided insights that have led to security improvements, technological integration and new approaches to pressing issues.