RULES

 
 

Committee National Security Systems


Platinum Sponsors

DHS


Gold Sponsors

INSCOM
INSCOM

RAYTHEON


Silver Sponsors

 


Bronze Sponsors

IDOLOGY

SPAWAR


Other Sponsors

Cobalt Strike

SECCDC Rules

    The following Rules apply to institutions competing in the Southeast Collegiate Cyber Defense
    Competition and are based on, and reflect changes made to, the National Collegiate Cyber Defense
    Competition as of January 2014. Updates will be provided as available.
    All institution teams, including student competitors and university representatives, must comply with these rules. Failure to do so can result in penalties ranging from points against the team, individual or team disqualification, individual or team expulsion, individual or team suspension or banishment from future competitions, to law enforcement involvement.
    All individuals associated with the competition must sign a compliance agreement and disclosure waiver prior to being allowed to attend the competition.
    Areas where the SECCDC rules differ from the National CCDC rules are highlighted in italics. Some rules are duplicated for emphasis.  

    – Effective Feb 5, 2014

    Competion Rules Packet (downloadable as a PDF)

    Note: These rules reflect the National CCDC Rules committee review of all rules, and are effective as of the date of this packet.
    SECCDC Specific rules are clearly marked and prefaced with SECCDC.
    SECCDQC (Qualification) competition rules are clearly marked and prefaced with SECCDQC.

    COMPETITION RULES

    Introduction
    The following Rules apply to institutions competing in the Southeast Collegiate Cyber Defense Competition and are based on, and reflect changes made to, the National Collegiate Cyber Defense Competition as of January 2014. Updates will be provided as available.
    All institution teams, including student competitors and university representatives, must comply with these rules. Failure to do so can result in penalties ranging from points against the team, individual or team disqualification, individual or team expulsion, individual or team suspension or banishment from future competitions, to law enforcement involvement.
    All individuals associated with the competition must sign a compliance agreement and disclosure waiver prior to being allowed to attend the competition.
    Areas where the SECCDC rules differ from the National CCDC rules are highlighted in italics. Some rules are duplicated for emphasis.  

    2014 Rules

    The following are the approved national rules for the 2014 CCDC season. Please refer to the official rules for your specific CCDC event for any local variations.
    Throughout these rules, the following terms are used:

    • Gold Team/Operations Team - competition officials that organize, run, and manage the competition.
    • White Team - competition officials that observe team performance in their competition area and evaluate team performance and rule compliance. (SECCDC: a.k.a. Room Judges)
    • Red Team - penetration testing professionals simulating external hackers attempting to gain unauthorized access to competition teams’ systems.
    • Black Team - competition support members that provide technical support, pick-up and deliver communications, and provide overall administrative support to the competition.
    • Blue Team/Competition Team - the institution competitive teams consisting of students competing in a CCDC event.
    • Team Captain - a student member of the Blue Team identified as the primary liaison between the Blue Team and the White Team.
    • Team Co-Captain - a student member of the Blue Team identified as the secondary or backup liaison between the Blue Team and the White Team, should the Team Captain be unavailable (i.e. not in the competition room).
    • Team representatives - a faculty or staff representative of the Blue Team’s host institution responsible for serving as a liaison between competition officials and the Blue Team’s institution.

      1. Competitor Eligibility

      1. Competitors in CCDC events must be full-time students of the institution they are representing.
        1. Team members must qualify as full-time students as defined by the institution they are attending.
        2. Individual competitors may participate in CCDC events for a maximum of five seasons. A CCDC season is defined as the period of time between the start of the first state event and the completion of the National CCDC event. Participation on a team in any CCDC event during a given season counts as participation for that entire season.
        3. A competitor in their final semester prior to graduation is exempt from the full-time student requirement and may compete in CCDC events as a part-time student provided the competitor has a demonstrated record of full-time attendance for the previous semester or quarter.
        4. If a team member competes in a qualifying, state, or regional CCDC event and graduates before the next CCDC event in the same season, that team member will be allowed to continue to compete at CCDC events during the same season should their team win and advance to the next round of competition.
      2. Competitors may only be a member of one team per CCDC season.

      2. Composition

      1. Each team must submit a roster of up to 12 competitors to the competition director of the first CCDC event they participate in during a given CCDC competition season. Rosters must be submitted at least two weeks prior to the start of that event. All competitors on the roster must meet all stated eligibility requirements. No changes to the team roster will be permitted after the team competes in their first CCDC event. The competition team must be chosen from the submitted roster. A competition team is defined as the group of individuals competing in a CCDC event.
        1. SECCDC Supplemental Rule: Rosters are due to the SECCDC Competition organizers by Jan 30 of the competition year, however changes may be made to the roster up through one week prior to the first competition (the Virtual Prequalification Competition), provided the Competition Director is notified and accepts the change.
      2. Each competition team may consist of up to eight (8) members chosen from the submitted roster.
      3. Each competition team may have no more than two (2) graduate students as team members.
      4. If the member of a competition team advancing to a qualifying, state, regional, or national competition is unable to attend that competition, that team may substitute another student from the roster in their place prior to the start of that competition.
      5. Once a CCDC event has begun, a team must complete the competition with the team that started the competition. Substitutions, additions, or removals of team members are prohibited except for extreme circumstances.
        1. Team Representatives must petition the Competition Director in writing for the right to perform a change to the competition team.
        2. The Competition Director must approve any substitutions or additions prior to those actions occurring.
      6. Teams or team members arriving after an event’s official start time, for reasons beyond their control, may be allowed to join the competition provided a substitution has not already been made. Event coordinators will review the reason for tardiness and make the final determination.
      7. Each team will designate a Team Captain for the duration of the competition to act as the team liaison between the competition staff and the teams before and during the competition. In the event of the Team Captain’s absence, teams must have an identified team liaison serving as the captain in the competition space at all times during competition hours.
        1. SECCDC Supplemental Rule: During a competition, only the Team Captain, or in the Captain’s absence the Co-Captain, may interact with the White Team, unless a team member has specifically been approached by the White Team. All correspondence, questions or issues must follow this chain of command Team Captain (or Co-Captain) to White Team to Gold Team/Operations. Violation of this chain of command MAY result in a points penalty against the competition team.
        2. SECCDC Supplemental Rule: All questions regarding the competition organization, its systems and operations, including responses to competition injections, should be addressed to the competition organization’s chief information officer. Questions regarding the competition or its rules should be addressed to competition officials. Violation of this separation of duties MAY result in a points penalty against the competition team.  
      8. An institution is only allowed to compete one team in any CCDC event or season.
      3. Team Representatives
      1. Each team must have at least one representative present at every CCDC event. The representative must be a faculty or staff member of the institution the team is representing.
      2. Once a CCDC event has started, representatives may not coach, assist, or advise their team until the completion of that event (including overnight hours for multi-day competitions).
      3. Representatives may not enter their team’s competition space during any CCDC event.
      4. Representatives must not interfere with any other competing team.
      5. The representative, or any non-team member, must not discuss any aspect of the competition event, specifically event injections, configurations, operations, team performance or red team functions, with their team during CCDC competition hours and must not attempt to influence their team’s performance in any way.
        1. SECCDC Supplemental Rule: The institutional representative must remain in the area designated during competition hours. Should the institutional representative need to leave the competition area, they must ensure that they notify the operations center and leave a contact number in case of emergencies.  

      4. Competition Conduct

      1. Throughout the competition, Operations and White Team members will occasionally need access to a team’s system(s) for scoring, troubleshooting, etc. Teams must immediately allow Operations and White Team members’ access when requested.
        1. SECCDC Supplemental Rule: For technical support, such as a system reset, Black team members will require access to systems. These individuals will only be allowed access if accompanied or specifically authorized by a Gold Team/Operations or White Team member.
        2. SECCDC Supplemental Rule: For the qualification competition, the local judge may inspect all systems for rules compliance at any time before, during or after the competition.
      2. Teams must not connect any devices or peripherals to the competition network unless specifically authorized to do so by Operations or White Team members.
        1. SECCDC Supplemental Rule: If a competition team is provided with supplemental equipment in the competition room, and that equipment is specifically designated as support for the team’s competition efforts, it is preauthorized for connection to the competition network and systems (e.g. USB hard drive, flash drive, printer). 
        2. SECCDQC Supplemental Rule: For the qualification competition, the host institution may stage replacement equipment in the competition rooms. This equipment cannot be used until authorized by SECCDC competition officials, after the team reports a systems failure and has made every effort to recover the initial equipment. Once authorized, the local judge will supervise the installation of replacement equipment, and inspect it for unauthorized materials prior to allowing it to be used by the local team.
      3. Teams may not modify the hardware configurations of competition systems. Teams must not open the case of any server, printer, PC, monitor, KVM, router, switch, firewall, or any other piece of equipment used during the competition. All hardware related questions and issues should be referred to the White Team.
      4. Teams may not remove any item from the competition area unless specifically authorized to do so by Operations or White Team members including items brought into the team areas at the start of the competition.
        1. SECCDC Supplemental Rule: This includes items brought into the competition rooms by the Blue teams at the start of the competition.  
      5. Team members are forbidden from entering or attempting to enter another team’s competition workspace or room during CCDC events.
      6. Teams must compete without “outside assistance” from non-team members including team representatives from the start of the competition to the end of the competition (including overnight hours for multi-day events). All private communications (calls, emails, chat, texting, directed emails, forum postings, conversations, requests for assistance, etc) with non-team members including team representatives that would help the team gain an unfair advantage are not allowed and are grounds for disqualification and/or a penalty assigned to the appropriate team.
      7. Printed reference materials (books, magazines, checklists) are permitted in competition areas and teams may bring printed reference materials to the competition.
        1. SECCDC Supplemental Rule: Each team is restricted to two (2) standard business file boxes (approx 10 x 12 x 18) of hard copy/printed material. Refer also to rule 4d and 4di.
      8. Team representatives, sponsors, and observers are not competitors and are prohibited from directly assisting any competitor through direct advice, “suggestions”, or hands-on assistance. Any team sponsor or observers found assisting a team will be asked to leave the competition area for the duration of the competition and/or a penalty will be assigned to the appropriate team.
        1. SECCDC Supplemental Rule: Team representatives, sponsors, and observers are prohibited from entering team areas without direct supervision of the Competition officials (Gold Team). Institutions wishing to photograph students during the competition must be escorted by a Gold Team representative, and must photograph the team from outside the competition area. For the qualification competitions Institutions may “stage” competition photographs before or after the competition hours. For the onsite competition, an official event photographer (Black team) will take pictures of all teams and make them available after the competition.
      9. Team members will not initiate any contact with members of the Red Team during the hours of live competition. Team members are free to talk to Red Team members during official competition events such as breakfasts, dinners, mixers, and receptions that occur outside of live competition hours.
      10. Teams are free to examine their own systems but no offensive activity against other teams, the Operations Team, the White Team, or the Red Team will be tolerated. This includes port scans, unauthorized connection attempts, vulnerability scans, etc. Any team performing offensive activity against other teams, the Operations Team, the White Team, the Red Team, or any global asset will be immediately disqualified from the competition. If there are any questions or concerns during the competition about whether or not specific actions can be considered offensive in nature contact the Operations Team before performing those actions.
      11. Teams are allowed to use active response mechanisms such as TCP resets when responding to suspicious/malicious activity. Any active mechanisms that interfere with the functionality of the scoring engine or manual scoring checks are exclusively the responsibility of the teams. Any firewall rule, IDS, IPS, or defensive action that interferes with the functionality of the scoring engine or manual scoring checks are exclusively the responsibility of the teams.
      12. All team members will wear badges identifying team affiliation at all times during competition hours.
      13. Only Operations Team/White Team members will be allowed in competition areas outside of competition hours.

      5. Internet Usage

      1. Internet resources such as FAQs, how-to's, existing forums and responses, and company websites, are completely valid for competition use provided there is no fee required to access those resources and access to those resources has not been granted based on a previous membership, purchase, or fee. Only resources that could reasonably be available to all teams are permitted. For example, accessing Cisco resources through a CCO account would not be permitted but searching a public Cisco support forum would be permitted. Public sites such as Security Focus or Packetstorm are acceptable. Only public resources that every team could access if they chose to are permitted.
        1. SECCDC Supplemental Rule: For the SECCDC on-site regional competition, all Internet access is by proxy server. In order to access any external Web site, Blue Teams must submit a candidate proxy list at least 2 weeks prior to the competition. This list will be reviewed, and only authorized sites added to the proxy list.  
        2. SECCDC Supplemental Rule: Once the competition has started, additions to the proxy list may be requested via a properly formatted request to the CIO/CISO.
        3. SECCDC Supplemental Rule: The proxy list will not be shared with any competition team. If a team wishes to access a particular site, they must request it in advance. Support sites for operating systems used during the competition will be preconfigured in the Proxy Server. Teams will be notified of these sites. 
        4. SECCDQC Supplemental Rule: For the Qualification competition, Internet access will be enforced by local judges.
      2. Teams may not use any external, private electronic staging area or FTP site for patches, software, etc. during the competition. Teams are not allowed to access private Internet-accessible libraries, FTP sites, web sites, network storage, email accounts, or shared drives during the competition. All Internet resources used during the competition must be freely available to all other teams. The use of external collaboration and storage environments such as Google Docs/Drive is prohibited unless the environment was provided by and is administered by competition officials. Accessing private staging areas or email accounts is grounds for disqualification and/or a penalty assigned to the appropriate team.
      3. No peer to peer or distributed file sharing clients or servers are permitted on competition networks unless specifically authorized by the competition officials.
      4. Internet activity, where allowed, will be monitored and any team member caught viewing inappropriate or unauthorized content will be subject to disqualification and/or a penalty assigned to the appropriate team. This includes direct contact with outside sources through AIM/chat/email or any other public or non-public services including sites such as Facebook. For the purposes of this competition inappropriate content includes pornography or explicit materials, pirated media files, sites containing key generators and pirated software, etc. If there are any questions or concerns during the competition about whether or not specific materials are unauthorized contact the White Team immediately.
      5. All network activity that takes place on the competition network may be logged and subject to release. Competition officials are not responsible for the security of any information, including login credentials, which competitors place on the competition network.
        1. SECCDC Supplemental Rule: For the onsite regional, all event logs are subject to public review and release subsequent to the following conditions: Should a competition team desire to view their own logs, the Team Representative may submit a request to competition officials after the competition has ended. Teams desiring to review the logs from other teams must submit a valid, legitimate reason in order to gain access. 
        2. SECCDC Supplemental Rule: Competition logs may be provided to external entities for non-profit research and investigation, if a legitimate request is received within 60 days of the competition. 
        3. SECCDC Supplemental Rule: All logs will be destroyed 60 days after the competition.  

      6. Permitted Materials

      1. No memory sticks, flash drives, removable drives, CDROMs, electronic media, or other similar electronic devices are allowed in the room during the competition unless specifically authorized by the Operations or White Team in advance.  Any violation of these rules will result in disqualification of the team member and/or a penalty assigned to the appropriate team.
        1. Supplemental SECCDC Rule: All cellular calls, texts, smart phone usage, and so on must be made and received/viewed outside of the team’s competition space and must not be used to receive outside assistance.
        2. Supplemental SECCDQC Rule: For the qualification competition, should the team representative desire to provide USB flash drives for the team’s use they must notify the Competition Director in advance, and attest that the devices were wiped clean prior to the completion, and only issued after the start of the competition.
      2. Teams may not bring any type of computer, laptop, tablet, PDA, cell phone, smart phone, or wireless device into the competition area unless specifically authorized by the Operations or White Team in advance.  Any violation of these rules will result in disqualification of the team member and/or a penalty assigned to the appropriate team.
        1. SECCDQC Supplemental Rule: For the qualification competition, all equipment to be used for the competition must be the property of the host institution. No student owned or supplied equipment may be connected to local systems or the competition networks. The team representative and local judge will inspect the local systems and attest to their status.
      3. Printed reference materials (books, magazines, checklists) are permitted in competition areas and teams may bring printed reference materials to the competition as specified by the competition officials.
        1. SECCDC Supplemental Rule: (See Rule 4.g for restrictions on the quantity of printed materials which may be brought into the competition area).
        2. SECCDC Supplemental Rule: If a competition team member with a documented disability requires special equipment to compete, the Team Representative must notify competition officials at least 30 days prior to the competition to facilitate the evaluation and authorization of needed equipment. Failure to do so MAY result in the student team member not being able to use the needed equipment during the competition.  

      7. Professional Conduct

      1. All participants, including competitors, coaches, White Team, Red Team, Ops Team, and Gold Team members, are expected to behave professionally at all times during all CCDC events including preparation meetings, receptions, mixers, banquets, competitions and so on.
      2. In addition to published CCDC rules, Host Site policies and rules apply throughout the competition and must be respected by all CCDC participants.
      3. All CCDC events are alcohol free events. No drinking is permitted at any time during competition hours.
      4. Activities such as swearing, consumption of alcohol or illegal drugs, disrespectful or unruly behavior, sexual harassment, improper physical contact, becoming argumentative, willful violence, or willful physical damage have no place at the competition and will not be tolerated.
      5. Violations of the rules can be deemed unprofessional conduct if determined to be intentional or malicious by competition officials.
      6. Competitors behaving in an unprofessional manner may receive a warning from the White Team, Gold Team, or Operations Team for their first offense. For egregious actions or for subsequent violations following a warning, competitors may have a penalty assessed against their team, be disqualified, and/or expelled from the competition site. Competitors expelled for unprofessional conduct will be banned from future CCDC competitions for a period of no less than 12 months from the date of their expulsion.
      7. Individual(s), other than competitors, behaving in an unprofessional manner may be warned against such behavior by the White Team or asked to leave the competition entirely by the Competition Director, the Operations Team, or Gold Team.

       8. Questions, Disputes, and Disclosures

      1. PRIOR TO THE COMPETITION: Team captains are encouraged to work with the Competition Director and their staff to resolve any questions regarding the rules of the competition or scoring methods before the competition begins.
      2. DURING THE COMPETITION: Protests by any team must be presented in writing by the Team Captain to the White Team as soon as possible. The competition officials will be the final arbitrators for any protests or questions arising before, during, or after the competition. Rulings by the competition officials are final. All competition results are official and final as of the Closing Ceremony.
        1. SECCDC Supplemental Rule: White team members will notify the Gold Team of a protest immediately and forward ALL formally submitted protests from the Team Captain for review and arbitration.  
        2. SECCDC Supplemental Rule: Any team representative that approaches a competition official during the competition to register a complaint or protest on behalf of their competition team will be asked to leave the competition area.  
      3. In the event of an individual disqualification, that team member must leave the competition area immediately upon notification of disqualification and must not re-enter the competition area at any time. Disqualified individuals are also ineligible for individual or team awards.
      4. In the event of a team disqualification, the entire team must leave the competition area immediately upon notice of disqualification and is ineligible for any individual or team award.
      5. All competition materials including injects, scoring sheets, and team-generated reports and documents must remain in the competition area. Only materials brought into the competition area by the student teams may be removed after the competition concludes.
        1. SECCDC Supplemental Rule: AFTER THE COMPETITION: any team member that behaves unprofessionally in their public comments about the event may be prohibited from competing in future CCDC events and/or referred to their host institutions for student misconduct.  

      9. Scoring

      1. Scoring will be based on keeping required services up, controlling/preventing un-authorized access, and completing business tasks that will be provided throughout the competition. Teams accumulate points by successfully completing injects and maintaining services. Teams lose points by violating service level agreements, usage of recovery services, and successful penetrations by the Red Team.
      2. Scores will be maintained by the competition officials and may be shared at the end of the competition. There will be no running totals provided during the competition. Team rankings may be provided at the beginning of each competition day.
      3. Any team action that interrupts the scoring system is exclusively the responsibility of that team and will result in a lower score. Should any question arise about scoring, the scoring engine, or how they function, the Team Captain should immediately contact the competition officials to address the issue.
      4. Teams are strongly encouraged to provide incident reports for each Red Team incident they detect. Incident reports can be completed as needed throughout the competition and presented to the White Team for collection. Incident reports must contain a description of what occurred (including source and destination IP addresses, timelines of activity, passwords cracked, access obtained, damage done, etc), a discussion of what was affected, and a remediation plan. A thorough incident report that correctly identifies and addresses a successful Red Team attackmay reduce the Red Team penalty for that event – no partial points will be given for incomplete or vague incident reports.
        1. SECCDC Supplemental Rule: incident reports must use the specified format, and must be submitted within 2 hours of the incident in order to receive any reduction in Red Team penalty. 
        2. SECCDC Supplemental Rule: Some incidents are “seeded” throughout SECCDC equipment, such as planted malware or inappropriate material. Since these Incident reports are not directly affiliated with a Red Team action, these incident reports are scored and points earned added to the team’s total, UNLESS they correspond to a graded injection, in which case any modification of scoring will be made to that injection. 

      10.  Remote/ Team Site Judging and Compliance
      With the advent of viable remote access technologies and virtualization, teams will have the ability to participate in CCDC events from their respective institutions. This section addresses policy for proper engagement in CCDC events for remote teams.

      1. Remote teams are required to compete from a location with controlled access, i.e., a separate room or a portion of a room that is dedicated for use during the CCDC event. Workstations and internet access must comply with published requirements.
      2. One or more Remote Site Judge(s) must be assigned to the team site. At least one Remote Site Judge must be present at the remote site for the duration of the event in order to facilitate the execution of the CCDC. The qualifications of Remote Site Judge are the same as Event Judge. Subject to the specifications of the remote competition, the responsibilities of the Remote Site Judge may include the following:
        1. Be present with the participating team to assure compliance with all event rules
        2. Provide direction and clarification to the team as to rules and requirements
        3. Establish communication with all Event Judges and provide status when requested
        4. Provide technical assistance to remote teams regarding use of the remote system
        5. Review all equipment to be used (SECCDC: before and) during the remote competition for compliance with all event rules
        6. Assure that the Team Captain has communicated to the Event Judges approval of initial system integrity and remote system functionality
        7. Assist Event Judges in the resolution of grievances and disciplinary action, including possible disqualification, where needed
        8. Report excessive misconduct to local security or police
        9. Assess completion of various injects based on timeliness and quality when requested by Event Judges
        10. Act as a liaison to site personnel responsible for core networking and internet connectivity
        11. Provide direct technical assistance to teams when requested by Event Judges
        12. Provide feedback to students subsequent to the completion of the CCDC event
      3. A recommendation for Remote Site Judge(s) is expected to be given from a Team representative of the participating institution to the CCDC Event Manager. Remote Site Judge(s) must not be currently employed, a student of, or otherwise affiliated with the participating institution, other than membership on an advisory board. CCDC Event Managers should also be apprised of a contact from the participating institution responsible for core networking and internet connectivity that will be available during the CCDC event.

      11.  Local Competition Rules
      The local competition rules section is unique to each specific CCDC competition. Please refer to the official rules for your CCDC event for more information.

      1. SECCDC Supplemental Rule: The video recording of SECCDC events and event materials is prohibited without the expressed permission of the competition officials.  Similarly the broadcast, publication or posting of event materials in any public forum, to include documentation and team packets before, during or after a SECCDC competition is prohibited and may result in teams being prohibited from competing in the current and/or future competition seasons.
      2. Teams and team representatives may use flash photography during the reception and closing ceremonies.  We will make every effort to provide professionally recorded video during the awards portion of the final presentation, and to have an escort to allow team representatives to take photographs of their teams during the competition, at designated times.