The cyber games consist of two broad formats, with the competitions organized and promoted to appeal to a generation raised on video gaming. The goal is to identify and train candidates for careers in cybersecurity.
There are king-of-the-hill-type games where one team tries to break into a network while the other team tries to defend it. There are also capture-the-flag-type games where teams must complete a series of puzzles that follow the basic tenets of cybersecurity programs, like decrypting an encrypted file or analyzing secret network traffic.
“Practicing defenses in today’s world when all rules are changing is difficult. This helps them see what attacks look like in real life,“ said Jessica Gulick, the founder and CEO of Katzcy, a northern Virginia-based digital marketing firm that is running the cybersecurity initiative, a partnership between the federal government, academia and the private sector.
“This is a safe place to see and apply those tactics. … Here, it’s okay to try and fail and try again and learn and mentor and get stronger."
Gulick is commissioner of the nascent U.S. Cyber Games effort, which states on its website: “Our mission is to bring talented cybersecurity athletes, coaches, and industry leaders together to build an elite US Cyber Team for global cybersecurity competition.”
The U.S. government’s cybersecurity defense forces are led by the U.S. Cyber Command. The command coordinates cybersecurity operations across the U.S. military service branches, and, though independent since 2018, has been led by the director of the National Security Agency since its inception just over a decade ago.
Traditionally, the United States has identified candidates for this department by selecting qualified Marines, soldiers, sailors and airmen as well as by recruiting through internship programs. It has drawn from undergraduate and graduate schools and even community job fairs. This new esports-style program hopes to bolster those numbers by proactively developing candidates for jobs in both public and private sectors.
Earlier this month, a comprehensive hack of livestreaming platform Twitch marked the latest high-profile cybersecurity incident in a year already filled with them. (Twitch is owned by Amazon, whose founder, Jeff Bezos, owns The Washington Post.) In May, hackers held hostage the Colonial oil pipeline with a ransomware attack, one of a number of interruptions to critical infrastructure, utilities and services from cyberattacks.
In August, President Biden called cybersecurity a “core national security challenge” and secured commitments from Google and Microsoft to invest $10 billion and $20 billion, respectively, over five years in cybersecurity. IBM committed to training 150,000 people in cybersecurity over three years. The CIA is also sharpening its focus on cybersecurity threats, as evidenced by the October announcement of a new intelligence-gathering mission center, chief technology officer role and launch of a “Technology Fellows” program.
The U.S. cyber team’s head coach, retired Lt. Col. TJ O’Connor who served as a communications support officer with special forces, noted the unique platform presented by cybersecurity competitions. Unlike other forms of computer science education, O’Connor said, staying up to date on the latest developments in cybersecurity is difficult, with hackers constantly iterating on and developing new tactics to break through cyberdefenses.
“Understanding the most likely attack is one thing you gain through Cyber Games. It’s an attack-based curriculum, and then you can plan the most appropriate strategies when they occur,” said O’Connor, who helped create and now chairs Florida Tech’s cybersecurity program.
Part of O’Connor’s role is also to teach his team offensive strategies.
“It’s very important to show them how to attack, and it’s not so they become attackers, it’s because you can’t defend against an unknown boogeyman you can’t explain,” he said.
Asked about the possibility of teaching skills to people who could use it for ill, he compared himself to a chemistry teacher. “I teach them how to put elements together. That knowledge could be misused, but we assess character,” O’Connor said.
One of the recruits, Gwendolyn Vongkasemsiri, 17, only had about a year of cybersecurity experience when she beat out more than 500 players during the U.S. Cyber Games Open Competition to be selected for the program. She is participating as a trainee since she is under 18.
Vongkasemsiri became hooked after competing in a cybersecurity competition in the summer of 2020.
“It was very new and very challenging and I really like the problem-solving aspect of it," she said. “I kept improving and getting better at it, and won a prize.” That competition was organized by the SANS Institute, which offers cybersecurity courses and certifications.
“I love it," she said. "I really like hacking things. I don’t know what really else there is to say. … This is definitely something I want to do as a career. I want to do something from the offensive side.”
2nd Lt. Sears Schulz, 23, a U.S. Air Force Academy graduate who is now studying for a master’s degree at Carnegie Mellon University, finished in the top three of the U.S. Cyber Games Open last spring. He gravitated toward cybersecurity during high school via a computer science class. It was enough to entice him to go to Colorado Springs due to the Academy’s offering of a cybersecurity major.
“In private industry, you’re selling a product, protecting a product. It’s more interesting when you’re supporting national security policies,” said Schulz, who won the President’s Cup Cybersecurity Competition in 2019, a national tournament hosted by the Cybersecurity and Infrastructure Security Agency.
“Competitions are a great way to get people more excited about cybersecurity," he said. "These actually have a direct relation between the skills and what you can do professionally. It’s a great way for companies to identify and recruit talent.”
Though it might very much matter one day if Schulz and his teammates are successful against foreign adversaries, Gulick articulated a more important victory she hopes to claim for the cybersecurity industry.
“The top names in the U.S. Cyber Games will be recognized in this industry," she said. "And they didn’t have to hack a Department of Defense system or a pipeline.”