In July 2013, I attended planning meetings and contributed injects (competition exercises) for the Po’oihe Cyber Range’s first annual Cyber Security Exercise as a member of the White Team. The actual Po’oihe exercise took place from August 2-4, 2013 at the University of Hawaii at Manoa. The Blue Team played the role of the IT department for a Hawaii bank.
The Cyber Security Exercise followed a structure of simulated cybersecurity exercises that divided competitors, support staff, and judges into five categories.
The Five Teams You Meet at a Cybersecurity Exercise
- Blue Team
A cybersecurity competition has multiple Blue Teams, each one made up of people from a specific company, school, or other organization. Pooihe had a mix of businesses, schools, and Armed Forces teams. Each team has a Team Captain and Team Co-Captain who were responsible for communicating with the White Team.
- Red Team
The Red Team is a team of cyber security professionals who work to disrupt the operation of the computers that the Blue Team is responsible for. Once the team gains unauthorized access to a system, they can add and delete users, deface web pages, bring down critical services, plant keyloggers and other listening tools, or whatever else is needed for the exercise. Once a Blue Team detects that the Red Team has gained access to their system, they are usually required to file an incident report with the White Team that describes the impact of the Red Team attack, the evidence for the attack, and any steps taken to mitigate the attack.
- White Team
The White Team serves as the judges for the event, scoring the performance of each Blue Team and enforcing the rules of the competition. At the Po’oihe exercise, the White Team also designed the exercises, or “injects” for the event.
- Black Team
The Black Team is in charge of setting up the competition environment (equipment, rooms, etc.) in advance of the competition.
- Gold Team
The Gold Team acts out the roles of the management and staff of the fictional company in all communications with the Blue Teams.
Each inject consists of a task (such as creating a security policy, setting up a web server, configuring a firewall, etc.), a time deadline, and a point value. Each inject is scored according to a separate document that defines how it will be scored. Injects are delivered to each Blue Team as printouts or by email at specific times during the competition. Each Blue Team’s total score on all injects is used to determine the overall winner of the exercise.
Injects are judged by the White Team during or after the competition. Teams will lose points for an inject if their results are incomplete, incorrect, or otherwise not sufficient to meet the criteria for the exercise. The overall score of a team for all of its submitted injects determines its ranking.