Over the past few weeks I’ve been working with Jon Lavender (Dragos Security CTO) to get the website and challenges ready for the ICS Cybersecurity Challenge. The SANS Institute is sponsoring the challenge and the purpose is to promote awareness for ICS cybersecurity while offering an opportunity for folks to test their knowledge and skills. The challenge can be found here and the registrations are now officially open. On November 15th the challenge files will be released to registered members and the contest will run through December 28th.
The challenge should feel familiar to anyone that used to participate in the DC3 challenges. I always thought very highly of those challenges and hated to see them go. I took a page out of their book to build this challenge and structure the questions as 100, 200, and 300 level challenges. These represent brand new, novice, and intermediate level challenges making the challenge accessible to a wide audience. There will be knowledge based questions regarding ICS security and standards as well as technical lab based questions where participants will download challenge files and search for the answers. As an example, I’ve infected a Windows based Human Machine Interface (HMI) and taken a memory dump of the system. Participants will have to identify the malware on the system for one question and create a YARA rule that alerts on the malware but not a baseline of the system for another question. In total there will be around 20 challenges for folks to participate in.
The idea is that this first year will be a free for all and gauge the interest from the community. Next year there will be two different structures to include a category for students and there will be an opportunity to compete as a team. As long as this year goes well, next year will also see some more advanced challenges (400 level and potentially one or two 500 level challenges). Participants will be able to submit their answers to the challenges through the website where I will review and assign points for each challenge. The overall winner will be announced early Jan 2016 and receive prizes (yay!). I’m finalizing the prize list now – SANS is being very gracious and donating all the prizes this year.
There will also be a second phase of the challenge to those also attending the SANS ICS Summit in Orlando, Florida next Feb. There will be flags spread throughout the conference and in technical challenges such as interacting with the ICS Wall. A second winner will be announced at the Summit and crowned the overall winner – with additional prizes (yay!).
Hopefully this presents a good opportunity for folks to learn more about ICS cybersecurity and test their skills. Please feel free to participate regardless of your skill level and tell others about it (especially high school and college students). The ICS cybersecurity community is just that – a community – and it takes us all getting better to raise the bar for defense.