President’s Cup Cybersecurity Competition Brings Out the Best
April 22, 2021 • Article
April 22, 2021—The 2020 President’s Cup Cybersecurity Competition held its final round in late February, concluding nearly a year of work by the SEI to support the second annual event hosted by the Cybersecurity and Infrastructure Security Agency (CISA). The competition identifies, challenges, and recognizes talented cybersecurity professionals in the federal workforce. To orchestrate the 2020 President’s Cup, the SEI team drew on past experience and new ideas to create the most robust federal government contest of its kind.
In response to 2019’s Executive Order 13870, which called on the government to strengthen the federal cybersecurity workforce, CISA tapped the SEI to develop the inaugural President’s Cup. The 2019 event, open to all federal, executive-branch employees, drew more than 1,000 individuals and 200 teams. They tackled 82 challenges to test their cybersecurity skills. The in-person finals took place in December 2019. The SEI had been drafted to create the competition—everything from writing the program plan to creating the challenges and standing up the competition infrastructure—just a few months before.
“Two years ago, we were designing the plane as we were taking off,” said Matt Kaar, a cybersecurity exercise developer and trainer at the SEI and one of the President’s Cup’s principal architects. “This year, we wanted to improve on that.”
For the second President’s Cup, Kaar and his colleagues upgraded the competition’s web-based platform and made all-new team and individual challenges. Other enhancements included the allowance of partial credit for challenge solutions. The SEI team also provided rapid-response support for the 1,470 individual competitors and 249 teams from 19 federal departments and agencies. In the qualifying rounds, held asynchronously in August and September 2020, competitors used real tools to analyze network traffic, scan for malware, and other cybersecurity tasks.
The top 10 competitors in the two individual tracks and the top five teams were invited to the final round of the President’s Cup. The President’s Cup was initially planned to be hosted in person, but the COVID-19 pandemic forced the SEI and CISA to quickly pivot to an all-remote environment.
The final round featured a multimedia “Save the World” scenario that included mock news broadcasts about a blizzard taking out parts of a city’s infrastructure—an eerily prescient coincidence with the Texas winter storm crisis that occurred a few weeks earlier in February. The finals also included a three-dimensional video game developed by Carnegie Mellon University’s Entertainment Technology Center and a six-hour live-stream of the final day’s competition.
But perhaps the innovation with the broadest impact was the mapping of all the challenges to tasks and work roles defined by the Workforce Framework for Cybersecurity, also known as the NICE Framework. The federal government uses the framework to define the knowledge, skills, and abilities needed by dozens of different work roles to perform particular cybersecurity tasks. The SEI team tailored the 2020 President’s Cup individual challenges to create competition tracks around two sets of work roles: incident response and forensic analysis made up one track while the other focused on exploitation and vulnerability assessment. The team challenges included eight work roles that represent the majority of federal cybersecurity jobs.
Mapping the competition challenges to the work roles clarified the tasks for competitors. Doing it repeatedly in future President’s Cup competitions could also benefit the participating agencies. “Over time, you'll learn more about your workforce, about their strengths, and where you want to prioritize investments,” said Kaar.
First and foremost, though, the President’s Cup shines a light on the federal government’s best cybersecurity operators. This year, the winning team was made up of cyberspace capability engineers from the 780th Military Intelligence Brigade.
With CISA’s approval, the SEI open sourced more than half of the 2019 challenges along with the software platform used for the competition. Later this year, the 2020 challenges and the finals video game will join the competition’s open-source library. Anyone is welcome to adapt the resources for their own cybersecurity training.
While other cybersecurity competitions exist, the President’s Cup is the only one focused on the federal workforce and mapped to work roles in the NICE Framework. “The competitors come from all different walks in the federal government,” said Kaar. “For some of them, this is their first exposure to these types of cyber scenarios. I think that's a really powerful thing this competition provides: that insight into the diverse challenges faced every day by the federal cyber workforce.”
The President’s Cup Cybersecurity Competition looks to build on the accomplishments of previous competitions and carry on their reputation. “The SEI is essential to the President’s Cup success,” said Michael Harpin, the CISA federal lead for the President’s Cup Cybersecurity Competition. “We are excited to continue to partner with the SEI and look forward to the 2021 President’s Cup.”
Watch Matt Kaar give a presentation on the 2020 President’s Cup, watch the recorded livestream of the 2020 competition finals, and learn more about the SEI’s work in Cyber Workforce Development.