CRDF Global Partners With NSDC to Host Ukraine’s First Large-Scale Hackathon For Critical Infrastructure Workers
The National Security and Defense Council (NSDC) of Ukraine, in close cooperation with CRDF Global, hosted the country’s first large-scale virtual hackathon to strengthen cyber defense systems among critical infrastructure (CI) and public institutions in Ukraine. Held on April 27-29, 2020, the event connected approximately 50 IT specialists from key-note government agencies – such as the NSDC, National Bank of Ukraine, National Aviation Service, and the Ministry of Defense – with 10 volunteer “ethical hackers” from four leading cyber security companies: Berezha Security, 10guards, IT-Laboratory, and Cyber Unit.
In typical attack-defense capture the flag (CTF) fashion, five defending "blue teams" of IT specialists learned theoretical approaches to ensure the safety of CI objects, and then put those theories to the test against cyber-attacks posed by five attacking "red teams" of volunteer hackers. Unlike most CTF-based hackathons however, the blue teams battled cyber-attacks in real-time and faced additional restrictions emulating real-world business scenarios and architecture mistakes in their mission to ensure continuous functionality of all enterprise systems (IT and industrial).
"Despite the negative factors (COVID-19, home isolation), the positive prevailed. Live hacking is a big plus because there is no prearranged scenario and you need to act in real-time," reports Deputy Secretary of the National Security and Defense Council Serhii Demediuk.
This highly interactive virtual laboratory emulated real infrastructure with vulnerabilities on operating systems and application levels, creating a realistic and educational experience for IT specialists and volunteer hackers alike. "Such hackathons are really useful," says head of Cyber Unit Egor Aushev. "Ukraine's ethical hackers, some of the best in the world, can actually be useful for providing cyber security and counteracting government-level intruders."
Vitaly Yakushev of 10guards also sees the value in hosting such realistic cyber security trainings. "Finally, the best practices of public-private partnerships have begun to be applied in our country, which are of real benefit for improving the cyber security of critical infrastructure facilities. Let it be a small step, but it is definitely a forward movement," he says.
Subject matter experts used predefined scoring templates to evaluate blue teams on the effectiveness of their defensive strategies against the red teams. The latter were assessed based on the number of keys ("flags") they obtained through their cyber-attacks.
The following charts display the final scoreboards for the red (left) and blue (right) teams:
After the competition, IT specialists, volunteer hackers, and organizers alike discussed the best technical and organizational protective measures observed in the online training.
While many daily activities have come to a halt during the COVID-19 pandemic, cyber-attacks have not. And as more industries rely on virtual communication technologies to conduct business, effective cyber trainings remain of vital importance in ensuring the safety and integrity of private information. That is why CRDF Global is proud to partner with the NSDC to provide such instrumental training initiatives throughout this unprecedented time of COVID-19 and for years to come. "The beginning of our cooperation with CRDF Global Ukraine looks very positive and optimistic and we are looking forward for all our future joint activities," says Deputy Secretary of the National Security and Defense Council Serhii Demediuk.