Loyola’s Cybersecurity Team Secures Top 15 in Nationwide Competition

Loyola’s cybersecurity team finished 14th out of 95 teams in the Department of Energy’s annual cybersecurity competition, held Nov. 9 at the Q Center in St. Charles, Ill.

Cyberforce brings together university teams from across the country to test their cybersecurity skills in a simulation of real-world cyberattacks which currently threaten the energy grid. Loyola improved upon their 17th placement in the 2023 competition.

In the weeks leading up to the competition, teams were given access to six machines, each running a different operating system which contained a variety of security vulnerabilities and misconfigurations. 

The vulnerabilities were addressed by each team through the update of software, while misconfigurations were addressed by making the system’s settings more secure. The protection of these machines was the objective on competition day, as groups of professional “red teamers” simulated hacker behavior. 

Teams earned points for minutes spent keeping machine services up and running despite these unexpected attacks. 

As the machines were programmed with vulnerable software and insecure settings, they are less protected from the exploitation of an attacker. Through these updates, students become more knowledgeable of the systems they were working with and are able to understand how an attack was able to penetrate their systems. 

The simulation of security testing with live attackers then becomes a demonstration of each group’s understanding of their systems. 

Loyola’s team, made up of five students and faculty advisor Dr. Eric Chan-Tin, spent two weeks prior to the competition analyzing the systems, identifying weaknesses and fixing security holes to prepare for the simulated attacks they’d face. 

Simulating the process allowed team members to strengthen their skills in real-world cybersecurity defense scenarios, according to team captain and graduate student Josh Honig. 

Honig, who’s also the president of Loyola’s cybersecurity competition club 7968, said the competition’s hands-on experience was beneficial for the students involved. 

“This year’s competition was a great opportunity to apply the skills we’ve developed over the past year,” Honig said. “It’s been really fun to watch people grow, and everyone, including myself, has grown their techniques.”

During the competition, Loyola’s team had to quickly triage and report the simulated attacks, demonstrating they understood how the attackers breached their systems and what could be done to combat them. Points in the competition were awarded for uptime — meaning clear and complete patching of breaches and incident reports.

“I find this part of the competition one of the most engaging aspects, as it emulates real-world attackers and serves as a huge adrenaline rush,” Honig said. “We had to act quickly to address vulnerabilities, keep our systems up and understand how and why the attacks worked. It’s a chance to put everything we’ve learned into practice in a real-time environment.”

About two weeks before the competition, the team also worked on producing a C-Suite brief. This required them to create technical recommendations of the systems they were given in order to simulate a presentation to the higher ups of a company, referred to as a non-technical audience.

The task underlined the importance of communication in cybersecurity, as the team had to explain complex technical concepts in an accessible way.

Chloe Kilroy, a third-year student studying cybersecurity, said as a first time competitor there are benefits to working on a team with a diverse mix of graduate students and begginers.

 “I think we all bring a unique perspective to the team,” Kilroy said. “We all bring different aspects to each competition that give us an edge in different sections.” 

Above highlighting the vulnerable state of the energy grid, the competition sought to expand on students’ education through a closer and more valuable application of cybersecurity skills, according to Dr. Chan-Tin. 

“The Department of Energy Cyberforce competition provides our students an opportunity to apply the cybersecurity knowledge and skills learned in the classroom into a realistic setting, protecting a cyber physical system against a live red team,” Chan-Tin said. “I am proud of what the students have accomplished at the competition.”

Moving forward, the Loyola team has already begun preparing for the next sets of challenges in cybersecurity, including the Collegiate Cyber Defense Competition Feb. 15 and the National Cyber League. Both competitions will be conducted remotely and will enable the group to test their skills gained from previous events, according to Honig.