A team of Rochester Institute of Technology students took first place at the Collegiate Penetration Testing Competition (CPTC) international finals Jan. 7-10. Stanford University placed second and California State Polytechnic University, Pomona placed third.
This is RIT’s first time winning the competition, which challenges the world’s brightest cybersecurity college students to put their hacking skills to the test.
At the CPTC finals, teams from 15 universities faced off to see who was best at breaking into fabricated computer networks, evaluating their weak points, and presenting plans to better secure them. This year’s competition was held virtually through RIT, in Rochester, N.Y.
The CPTC has become the premier offense-based collegiate computing security event, after starting at RIT six years ago. CPTC is an effective counterpart to the Collegiate Cyber Defense Competition (CCDC), which is the premier defense-based event for college students.
Several at-large awards were also given to this year’s CTPC teams, including:
The pentesting competition allows students to experience a day in the life of a penetration tester—the in-demand security professionals hired to test and evaluate an organization’s computer systems and networks to make sure malicious hackers can’t get in.
Teams of six students interrogated a mock company’s network. The next day, they presented a report on their findings and offered their suggestions for mitigating risk.
This year’s pentesting target was the energy grid infrastructure of a small city, including a hydroelectric dam, a nuclear power plant, and a wind farm system that was connected to a regional power utility company. During their pentest, teams were virtually visited by organizers who acted like clients and gave them side tasks to complete, just like in the real world. Each team also got exposure to programmable logic controllers (PLCs), industrial computers that control many of the important components of our critical infrastructure.
Judges and sponsors from the security industry evaluated the performance of the competitors while under fire. Students also had the opportunity to meet experts and distribute résumés. Sponsors include IBM Security, Eaton, Hurricane Labs, and 780th Military Intelligence Brigade, among others.
During the event, IBM announced an important commitment to extend its sponsorship of CPTC for five years. The company has acted as the premier sponsor of the competition since its inception in 2015, and through this extension IBM will continue in this role – providing guidance, funding, infrastructure support, virtual servers, and cloud and volunteer resources.
“The Collegiate Penetration Testing Competition has become a premier student contest in the industry, helping the next generation of security professionals build and refine a highly sought after skillset in today’s fast changing security landscape,” said Bob Kalka, vice president of Security Technical Professionals for IBM. “Working closely to help guide, fund, and support competitions like this is not only a chance for us to invest in the future workforce, but also an opportunity for IBM to connect with some of the most promising emerging cybersecurity talent for internship and recruitment opportunities.”
The CPTC began in October, when more than 500 students gathered for eight regional events across the globe to compete in regionals. This marked the first year with an international regional hosted in Europe.
The top 15 collegiate teams from regionals were selected for the weekend-long CPTC international finals. Participating teams included:
For the first time, the competition was run through RIT’s Global Cybersecurity Institute (GCI), a new, three-story facility that features a state-of-the-art Cyber Range and Training Center. Instead of having to use a separate cloud, the competition environment was hosted by the Cyber Range infrastructure, which is capable of hosting more than 5,000 virtual machines for immersive scenarios.
More information about CPTC is available on the Collegiate Penetration Testing Competition website.
This content was originally published here.