From the White House—

Tan Dailin was a graduate student at Sichuan University when he was noticed (for attacking a Japanese site) by the People’s Liberation Army (PLA) in the summer of 2005. He was invited to participate in a PLA-sponsored hacking contest and won. He subsequently participated in a one-month, 16-hour-per-day training program where he and the other students simulated various cyber invasion methods, built dozens of hacking exploits, and developed various hacking tactics and strategies. He was chosen for the Sichuan regional team to compete against teams from Yunnan, Guizhou, Tibet, and Chongqing Military Districts. His team again ranked number one and he won a cash prize of 20,000 RMB.

Then, under the pseudonym Wicked Rose, he formed a group called Network Crack Program Hacker (NCPH) and recruited other talented hackers from his school. He found a funding source (an unknown benefactor) and started attacking US sites. After an initial round of successful attacks, his funding was tripled. All through 2006, NCPH built sophisticated rootkits and launched a barrage of attacks against multiple US government agencies. By the end of July, 2006, NCPH had created some 35 different attack variants for one MS Office vulnerability. During the testing phase, NCPH used Word document vulnerabilities. They switched to Excel and later to PowerPoint vulnerabilities. The result of all of this activity is that the NCPH group siphoned thousands, if not millions, of unclassified US government documents back to China.

Sponsored by the White House, the US Cyber Challenge is a national talent search and skills development program. Its official purpose is to find 10,000 young Americans with the interests and skills to fill the ranks of cyber security practitioners, researchers, and warriors. Some will become the top guns in cyber security.

The program promises to nurture and develop the participants’ skills, and enable them to get access to advanced education and exercises. Moreover, the program will enable them to be recognized by employers where their skills can be of the greatest value to the nation.

The Cyber Challenge includes several different programs, including:

• “CyberPatriot” (an introductory program designed for high school students), in which participants compete in computer system network defense by defending their networks from attacks by a hostile “Red Team”.
• The “DC3 Digital Forensics Challenge” (conducted by the DOD’s Cyber Crime Center), in which “contestants attempt to uncover evidence on digital media.”
• The Network Attack Competition (conducted by the SANS Institute), which is a “competition in network vulnerability discovery and exploitation”—also described as “NetWars” or a “capture the flag competition” in which players attempt to exploit the computer networks of the other players while defending their own.

The Network Attack Competition is the sexy, newsworthy competition. It is described as follows—

You can play the game as an analyst, a penetration tester, a defender, or any combination. You earn points by finding keys, moving to higher levels, capturing services such as a website, overcoming obstacles (attack techniques) and protecting resources (defensive techniques). You can see the other players' scores and your own points scored, live, or on an overall scoreboard.

The NetWars game is a collection of computer and network security challenges. It is designed to represent real-world security issues: their flaws and their resolutions. Each player can follow an independent path based on individual problem solving skills, technical skills, aptitude, and creativity. The game is played in a fun but safe environment using the technology that drives our lives every day.

The game starts when a player downloads and starts a CD-ROM image on a PC or in a virtual environment such as VMware Player. The image contains a brief tutorial and the game's full instructions.

The player must find a hidden key within the image that is downloaded and then uses that key to enter an online environment where knowledge of security vulnerabilities and their exploits can be turned into points.

This year’s NetWars winner was determined in December, 2009, when 21 year-old Chris Benedict of Nauvoo, Illinois was declared the “king of the hacker hill.” CNN reported on the competition here. Two of the other three winners were Michael Coppola (a 17 year-old high school senior) and Matt Bergin (age not reported), who beat out twelve other finalists.

What do the winners get? According to the White House—

Promising candidates will be immediately recognized and will be invited to attend regional “camps” at local colleges, run jointly by college faculty and cyber security experts from the community, where they will develop their skills more fully and participate in additional competitions. The students who rise to the top in these regional programs will be invited to live national challenges like those conducted by schools coordinated by the University of Texas at San Antonio and NYU Polytechnic. Greatly promising candidates from these programs will be given either Federal Service grants or SANS Institute scholarships to study advanced cyber security programs and may earn scholarships to colleges and graduate programs at participating schools. Finally, the best of the candidates will be brought into federal agencies like the National Security Agency, the FBI, DoD DC3, US-CERT, and US Department of Energy Laboratories, all of which are helping to make this program effective.

So we can expect Messrs. Benedict, Coppola, and Bergin to be offered pretty much whatever they want, if only they will agree to join the United States’ nascent cybersecurity infrastructure and help defend against the likes of Tan Dailin and his ilk.

We have previously written about the challenges of 21^st century warfare, asserting that it was “not your father’s war” and noting that “our adversaries are making advances … in areas in which we are vulnerable to exploitation.” New challenges require innovative approaches, and we applaud our government for implementing this unique approach to identifying and developing individuals with the aptitude to excel in the cyberspace wars of the 21^st century.