Against a sullen gray background, a Tandon School of Engineering gymnasium was packed with colorful balloons and tables of excited competitors with eyes glued to their laptops, prepared to compete in the world’s largest student-led cyber security contest: Tandon’s annual Cyber Security Awareness Week games.
Universities from over six countries took part in the CSAW’s 17th edition on Thursday and Friday. The competition was started in 2003 by the students of Professor Nasir Memon, founder of NYU Tandon’s cyber security program. Originally a small, local event, the competition has grown into a global initiative to support cyber security education with two different competition categories: one for collegiate level hackers and another for high school students, called CSAW-Red.
Perfect Blue, comprised of students from four universities, was the team that won the collegiate competition, while Montgomery Blair High School of Silver Spring, Maryland was first in the high school category.
The current CSAW organizers are part of NYU Tandon’s student-led Offensive Security, Incident Response and Internet Security laboratory, which is home to weekly hackathon trainings and student research. OSIRIS leads the CSAW-Red and CTF Challenges.
The organizers spoke about the difficulty of making this global competition possible.
“It has been a lot of restless nights,” Tandon Senior and OSIRIS lab member Marcus Barbu said. “We had to correspond with people from many different countries and timezones, make sure the venue can support many people — trying to get everything organized is a big commitment but we are glad that it has run smoothly.”
The most important of their tasks, however, is the development of the competition itself. CTF competitions are “Jeopardy”-style with tasks of different point values. Participants earn points after each task is completed. OSIRIS prides itself on formulating unique tasks for competitors.
“We are different because our tasks are story-driven and have real world applications,” Barbu said. “Students are hacking in the form of an investigation cycle and submit a report at the end. They are graded on the level of depth and understanding within the final report.”
In this year’s competition, OSIRIS simulated a city organization in which students had to find vulnerabilities in security protocol and explain how to fix them. OSIRIS drew inspiration for these challenges from job and internship interview questions and current issues within cybersecurity. Some examples include recent Ransomware attacks on manufacturing firms and surveillance breaches at Customs and Border Patrol.
OSIRIS has made efforts to highlight the two all-girl high school teams that competed this year. In a field where women represent only 24% of the global workforce, OSIRIS, CSAW and Tandon as a whole have worked to make the games a gateway for more women in STEM.
Julia Curd, a Red Team finalist and part of the all-girls team from Niwot High School in Longmont, Colorado, talked about her excitement for her team’s participation.
“The whole point of cybersecurity is to have innovative ideas that protect people,” Curd said. “Having a diverse array of ideas and solutions is super important, and the people working in cybersecurity should represent that.”
Other participants talked about the newfound attention cybersecurity has been receiving.
“With issues of privacy being at the forefront of technological innovation people are giving cybersecurity the attention it deserves,” Poolesville High School senior Ishida Chatterjee said. “It’s great to be in New York City and being amongst others with the same interest.”
Tandon has offered up more than $1 million in scholarships in total divided among the CSAW Red Team Competition finalists.
CSAW not only works as a competition, but an organization that emphasizes awareness of cybersecurity and informing people who may not be interested in STEM at all.
“I have heard people here complain about multi-factor [authentication] for logging into Albert,” OSIRIS Lab Manager and Tandon junior John Cunniff said. “What people don’t understand is that Duo works as a preventer of phishing, where emails are sent to you with links that are falsified as Albert and steal your login.”
President of OSIRIS Lab Kyle Martin said cybersecurity is relevant to everyone.
“Everything we now do, regardless of discipline, is online somewhere,” Martin said. “Security matters because we are all connected to the internet. Having a better understanding of security for everyone is something CSAW works to accomplish.”
A version of this article appeared in the Monday, Nov. 11, 2019 print edition. Email Mina Mohammadi at [email protected].