1 / 24

Cybersecurity Competitions

Cybersecurity Competitions. Angelo Castigliola. Angelo Castigliola. Enterprise Information Security and Risk Management Systems Analyst for Unum. Application Security Architecture Winner of DHS National Cybersecurity Awareness Campaign Challenge 2010

kellan
Download Presentation

Cybersecurity Competitions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity Competitions Angelo Castigliola

  2. Angelo Castigliola • Enterprise Information Security and Risk Management Systems Analyst for Unum. • Application Security Architecture • Winner of DHS National Cybersecurity Awareness Campaign Challenge 2010 • Contributed to GNU open source project iWar featured in “Hacking Exposed Linux, 3rd Edition.”

  3. Cybersecurity Competitions • National Cybersecurity Awareness Campaign Challenge 2010 • Contest rules • My Entry • Other winning entries • Cybersecurity Competitions • Nerd Superstar

  4. DHS Cyberchallenge • Announced by Janet Napolitano at the RSA conference • Entries dues only three months after announcement Overview: The Department of Homeland Security is working with many organizations, both individually and through the National Cyber Security Alliance, to find ways of raising public awareness of cybersecurity. As we develop strategies and messages that will resonate with various groups, we want the benefit of your ideas on how you would get the word out to your colleagues, or your friends, or your parents and children. This competition will gather and share publicly the best, most creative ideas for making the public more cyber secure, cyber smart, and cyber assured. Challenge: The National Cybersecurity Awareness Campaign Challenge Competition is designed to solicit ideas from industry and individuals alike on how best we can clearly and comprehensively discuss cybersecurity with the American public.

  5. DHS Cyberchallenge Judging Criteria Key areas that should be factored into the competition are the following: • Teamwork • Ability to quantify the distribution method • Ability to quantify the receipt of message • Solution may under no circumstance create spam • Use of Web 2.0 Technology • Feedback mechanism • List building • Privacy protection • Repeatability • Transparency • Message

  6. DHS CyberchallengeEntry Rules • It should engage the Private Sector and Industry leaders to develop their own campaign strategy and metrics to track how to get a unified cyber security message out to the American public.  • Proposals should be submitted in Word format by April 30, 2010 and should include the following: • Company name, Point of Contact and contact information • Outline of Campaign Strategy • Strategic overview of plan and definition of success • Organizations involved • Target audience • Timeline • Metrics used to define success.  • Distribution of Message • Communication methods to reach targeted audience • Traditional media/PSAs • New Media • Literature/Pamphlets

  7. My Strategy for the DHS Cyberchallenge • Main focus was writing the proposal • Brainstormed to come up with as many activities as possible to write about. • Found out what other initiatives existed that supported same goals • Identified stakeholders • Networking

  8. Proposal Structure • Criteria for the proposal was an outline for a marketing campaign • Biggest challenges: • Organizations involved (Teamwork) • Target audience • Ability to quantify the distribution method • Ability to quantify the receipt of message • Metrics used to define success • Communication methods to reach targeted audience

  9. Collaboration • Deployed websites mymaineprivacy.org and wiki.mymaineprivacy.org • Website central to teamwork, transparency, list building, and feedback • Easily integrated with Facebook, Twitter, and YouTube for Web 2.0 • Meetings • Phone conferencing

  10. Teamwork and Networking • Assembled a group of friends interested in participating • Reached out to government cybersecurity awareness campaigns • Federal Trade Commission: Bureau of Consumer Protection (onguardonline.gov) • National Cyber Security Alliance (staysafeonline.org) • Unum and General Dynamics

  11. Stakeholders • Antivirus companies • McAfee • Banks • Emailed over fifty local banks • Partnered with Androscoggin Bank and Gorham Savings Bank • Community organizations • 4H • Small Business Association

  12. Marketing • Local Community and Government Television Stations • Over 70 public and government television stations in the state of Maine • Received commitments from 50 television stations • Local Community Radio Stations • Maine has 15 community radio stations • Received commitments from 4 • Public Libraries • Over 300 public libraries exist in Maine • Received commitments from 150 libraries

  13. Timeline

  14. My Proposal • Listed all of the contacts I made and how they agreed to help my local initiative • Summery of campaign materials • Defined metrics from cybercrime statistics • Available on my blog castigliola.com

  15. Other Winning Entries • Best Local/Community Plan – Securing Our eCity San Diego and MyMaine Privacy • For the Best Local/Community Plan, Securing Our eCity San Diego and MyMainePrivacywere both selected as winners. Both proposals offered innovative and efficient strategies for executing grassroots approaches in collaboration with state and local government, the public and private sector, and the academic community. This is an important component of the national campaign, and we will continue to explore and learn about these programs to help inform our grassroots efforts. • Best Creative Approach – Beekeeper Group and LegalNet Works “Trot Against Bots” • For Best Creative Approach, Beekeeper Group and LegalNet Works were selected as the winners for their “Trot Against Bots” submission. The idea puts a new twist on a traditional 5K race, and involves working with local officials to organize a 5K in the middle of downtown Washington, D.C., and intentionally causing traffic congestion. The metaphor: while a single problem may not shut down traffic, the culmination of many problems could create a large disruption (In this case, vehicle traffic represents Internet traffic). This unique demonstration could be replicated easily in cities and towns across the United States. • Best Individual Plan – Melissa Short “Cybersecurity Starts Here: Home, School and Main Street” • For the Best Individual Plan, Melissa Short, from Roanoke, Va., was selected for her “Cybersecurity Starts Here” campaign. Included in her proposal is the creation of a cybersecurity awareness portal and a Cybersecurity Ambassador Program, both of which will be integrated into the national Campaign.

  16. Other Winning Entries (cont.) • Best Educational Plan – Pennsylvania State University “CyberLink Games” • Penn State’s proposal was selected as the Best Educational Plan, for their CyberLink Games. The two games—CyberLink Duo andCyberLink Solo—are aimed at improving Internet security. CyberLink Duo helps players understand how society views cybersecurity risk, and CyberLink Solo educates players on the latest information from experts on cybersecurity threats. • Best Publicity and Marketing – Cisco Systems, Inc. “Cybersecurity is Everyone’s Responsibility” • For Best Publicity and Marketing plan, Cisco Systems’ proposal was selected for their “Cybersecurity is Everyone’s Responsibility” campaign. An overarching theme of the National Cybersecurity Awareness Campaign is creating a balance between Internet safety as a personal responsibility and a shared responsibility. The awareness campaign Cisco proposed addresses this goal by creating an educational cybersecurity portal and cybersecurity “IQ challenge,” and utilizing print, radio, TV and online advertisements to drive awareness of these programs. • Best Iconic and Overall Structure – Deloitte & Touche LLP “Think Before You Click” • The winning submission for Best Iconic and Overall Structure was Deloitte & Touche for their Cybersecurity call-to-action and “Think Before You Click” campaign. In addition to proposing creative messaging and tag lines, Deloitte proposed a logo to help drive awareness and recognition of the campaign.

  17. Other Cybersecurity Competitions • nerdsuperstars.com (BETA)

  18. Competitions open to Professionals Pwn2own 2011 • Registration opens ahead of CanSecWest conference. March 9-11, 2011 Vancouver, Canada. • Challenge is to hack various web browsers on different platforms (Win 7, Vista, XP, Apple) • IE 8 • Mozilla Firefox 3 • Google Chrome 4 • Apple Safari 4 • Over $200,000 in prizes given away!

  19. Competitions open to Professionals (Cont.) Department of Defense DC3 Digital Forensic Challenge • Approximately 25 different challenges ranging from basic forensics to advanced tool development are being provided to all participants. • The challenges are single based challenges and are designed to be unique and separate from one another. • New registrations will be accepted until November 2, 2010 • $100,000 in prizes given away

  20. Competitions open to Professionals (Cont.) • RSA Security Blogger Awards • February 14-18, 2011 San Francisco, California The Social Security Blogger Awards for 2010 • Best Technical Security Blog – The SANS Internet Storm Center Blog • Best Non-technical Security Blog - Krebs on Security by Brian Krebs • Best Podcast – Pauldotcom • Best Corporate Blog – Jeremiah Grossman, White Hat Security • Most Entertaining Security Blog – Rational Survivability by Chris Hoff

  21. Cyber Security Competitions open to College students • EDUCAUSE Annual Security Video Contest • Contest in search of posters and short information security awareness videos developed by college students, for college students. • Deadline for submission: March 11, 2011 • Mid-Atlantic Collegiate Cyber Defense Competition • Cyber attack/defense competition • Open to all two- and four-year undergraduate and graduate students in Delaware, Maryland, North Carolina, Pennsylvania, Virginia, and Washington, D.C. • Team registrations start October 10, 2010 and are due by December 10, 2010

  22. Maine High School Cybersecurity Competition Maine Cyber Defense Competition • The competition is open to all Maine high schools and technical schools • Note: no previous knowledge of cyber security is required of the advisor or team members. A variety of educational Resources are available to each team to help them learn concepts (basic to more complex) that will introduce them to technical knowledge and skills including cyber defense techniques. • An adult willing to serve as an advisor (must be a school staff person) • An adult willing to serve as a mentor (may be the same as the advisor) • Between three to eight students • All team advisors must submit a Participation Agreement and Release forms as soon a possible and no later than January 30, 2011.

  23. Past 2010 Competitions • Defcon • SANS Netwars Next Generation Competition • NYU-Poly Capture the Flag Application Security Challenge • NYU-Poly Embedded Systems Challenge • AFA CyberPatriot • NYU-Poly High School Cyber Forensics Challenge

  24. Staying in Contact • castigliola.com • Facebook • Twitter • LinkedIn • Blog • nerdsuperstars.com

More Related