Naval Surface Warfare Center, Philadelphia Division (NSWCPD) Strategic Cyberphysical Initiatives group engineers came in first place in the fifth annual HacktheMachine Hack the Ship challenge at the Brooklyn Navy Yard from Sept. 6-8.
HacktheMachine is the Navy’s maritime cybersecurity challenge that brings together engineers from government, academia, and private industry to bring fresh perspectives to cybersecurity challenges facing the fleet.
“Awesome for our folks who participated,” said Capt. Dana Simon, NSWCPD’s Commanding Officer. “Just another indication of our expertise in the cyber field!”
NSWCPD’s Christopher Lester, Andrew Fischer, and Bogdan Niemocyznski, along with contractor Derrick Rice, served on the winning team Cactus Balloon Scream. They collaborated with employees from Naval Undersea Warfare Center (NUWC) Division Newport, Penn State’s Applied Research Laboratory, and Red Balloon Security.
Lester has been to three of the five annual HacktheMachine events, and sees progress after each one.
“We have been working to build up a capability for penetration testing and red teaming [penetration testing refers to identifying as many cybersecurity vulnerabilities as possible, while red teaming is a focused hack getting all the information possible in one specific area]. It was great to see our efforts validated in our win at HacktheMachine,” Lester said. “Not only did we forge stronger relationships with our team partners, but we were able to leverage teamwork to place ahead of a number of well-established red teams who competed against us.”
Cactus Balloon Scream participated in Track 1, Hack the Ship. The track was a Cyber Capture the Flag challenge that included objectives on Programmable Logic Controllers, Maritime field bus networks, software defined radio, enterprise Information Technology, wireless networks, binary reverse engineering, and 3D printer vulnerability identification. The 10-person team hacked three maritime system testbeds, four 3D printers, and five diversified and hardened boundaries.
“We couldn’t have accomplished what we did without the full team. Track 1 included many diverse challenges on five targets, ranging from software defined radio challenges to embedded firmware hacking. Many other teams came and competed with a team fielded from the same organizational unit. Because we planned ahead and assembled a team with diverse and complementary skill sets from four distinct places, we were able to pull ahead,” Lester said. “We practice the same philosophy on the job. Every assessment we do has a different team assembled, including at least one outsider who can bring a unique perspective to our work.”
Two of those outsiders were Jesse Carter and Akeim Findlay, engineers from another Naval Sea Systems Command (NAVSEA), NUWC Newport.
“The folks from Newport are great. We have had the pleasure of working with this particular group for a number of years on various projects, and I was excited that they were able to join us for HacktheMachine this year,” Lester said.
NSWCPD’s Paul Gucciardi, Adam Miller, Steven Duong, and contractors Jason Czop, Caleb Paioletti, and Edwin Batista, also participated in Hack the Ship and came in sixth place.
HacktheMachine isn’t only a competition, there’s also an educational track that focuses on teaching participants new skills. This year, NSWCPD’s Dr. Greg Anderson participated in the educational version of Hack the Ship, focused on letting participants learn skills in a team setting instead of competing.
“It put a lot of things into context, for example how packet inspections let you generate spoofed messages,” Anderson said.
This was Anderson’s first HacktheMachine, but it won’t be his last. He plans on competing in one of the technical tracks next year to further what he learned from the educational track.
“It was a great opportunity for our competitive team to work on new equipment and collaborate with our partners,” Anderson said. “Anytime we have a chance to do something like this, I think it works out in our benefit.”
NSWCPD employs approximately 2,600 civilian engineers, scientists, technicians, and support personnel doing research and development, test and evaluation, acquisition support, and in-service and logistics engineering for Navy ships. NSWCPD is also the lead organization providing cybersecurity for all ship systems.
For more news from NAVSEA and the Warfare Centers, go to www.navsea.navy.mil.