High school students compete in a statewide cybersecurity competition

Capture the Flag, or CTF, functions a lot like “Jeopardy,” except that it involves reverse engineering an algorithm through a series of puzzles, rather than answering a series of inverse questions. Also, winning entails gaining access to a file or internet server, or ‘capturing the flag,’ instead of receiving a large cash prize.

CTF is a training exercise in the growing field of cybersecurity in which computer scientists, electrical engineers and other critical thinkers must work to protect the integrity of computer networks, programs and data from attack and unauthorized access. Network attacks often come in the form of files containing ransomware which is why the goal is to gain access in CTF.

In 2017, Cybersecurity Ventures, a cyber economic researcher, predicted that there would be 3.5 million unfilled cybersecurity jobs by 2021. To help fill that gap, a number of cybersecurity challenges for high schoolers, including CyberPatriot, were created. These challenges are centered around CTF exercises.

“CyberPatriot was the main challenge,” said Ganden Schaffner, a recent graduate from San Luis Obispo High School where he was president of the Information Security Club, “but we also did CTFs to practice.”

>Schaffner also competed in the California Cyber Innovation Challenge, or CCIC, which took place for the first time in the summer of 2017 at the CCI headquarters in Camp SLO. The CCIC incorporated CTFs and other elements of CyberPatriot along with an immersive forensics challenge.>

“This year, we went in a completely different direction. We did not even incorporate CyberPatriot,” said CCI’s Danielle Borrelli who organized the event. “We focused on health care, so we staged a ransomware attack on a fake hospital by building out IT rooms as well as medical rooms.”

From June 23-25, 2018, high schoolers from across the state of California were tasked with finding and processing evidence hidden in these rooms in order to solve the staged ransomware attack.

“Hospital sounds played over the PA. We had a mister that released the hospital smell,” said CCI Director Martin Minnich, “so when you entered, it created this disbelief of reality where you really felt like you were in this environment. It made it more real. We did smells, sounds and visuals.”

The attention to detail created a more complex and realistic cybersecurity scenario that you would see in an actual ransomware attack.

“The CCIC presents the high schoolers with a moral dilemma,” said Minnich. “As an analyst of data forensics, do you pay the ransomware? What do you do? It asks them the question of what’s the right thing to do in this situation.”

The CCI hopes to impart that cybersecurity involves more than reverse engineering algorithms from a laptop; it requires thinking like a hacker and making ethical decisions.

“[Cybersecurity] involves many different issues and impacts different areas of society, so we need people to attack it from lots of different angles,” said Borrelli. “You don’t necessarily need to have a computer science background. My background isn’t even in computer science, it’s in politics; but here I am getting the technical skillset to help meet this need. It should be about engaging more than just the computer scientists. It should be about engaging everyone.”

For more information on the CCI’s annual CCIC, click here.

Related Content