DEFNET 2022: EPITA students in the role of cyber-defenders!
The situation is serious: the IT system of a defense company appears to be under cyber-attack. The French Ministry of the Armed Forces assigns two teams of cyber defenders to investigate and, more importantly, to secure the system, in just a few hours. This is the scenario in which the 4th year SRS (System, Network and Security) majors at EPITA participated on March 23 and 24, 2022, at the new edition of DEFNET proposed by ComCyber (Cyber defense commission).
Organized (and planned) since 2014 by ComCyber at the Ministry of the Armed Forces, DEFNET is a joint cyber defense exercise that trains the armed forces in real conditions. Since 2015, this exercise has also been open to students from a handful of schools in France, including EPITA, when ComCyber representatives visit the campuses to recruit future IT security professionalshttps://www.epita.fr/ecole-ingenieurs/au-coeur-des-enjeux-de-demain/cybersecurite/. DEFNET raises students’ awareness of the reality of cyber defense in a specific ecosystem, which is largely transposable to what we do on a daily basis,” explains Philippe, head of ComCyber’s recruitment office. The exercise can also encourage participants to join us in certain specialties by creating vocations around pentest (penetration testing), digital investigation (forensic) and all professions for which we are recruiting. Indeed, the state is always looking for individuals with particular skills, drive and a good spirit in this field, which is constantly evolving.” These needs give rise to opportunities for future graduates to join the operational reserve (“within the scope of ComCyber, this will represent nearly 600 cyber fighters through 2025”). “In addition to this reserve, we also need managers, for short 5-year missions and longer missions, as well as civilian personnel. Today, there are twenty civilian personnel positions, but with the military planning law, this number will increase significantly”, said minister Florence Parly at the most recent edition of the FIC (International Cybersecurity Forum). “This is why it is important to provide students with an exciting and, above all, very realistic challenge.
Fighting against assailants… and the clock
This 9th edition of DEFNET was no exception to the rule. On the EPITA Paris campus, students in the SRS major had to explore a fictitious information system representing a defense industrialist in order to understand its vulnerabilities, detect possible attacks –
they quickly discovered that there were some – and propose security and remediation plans to regain control and restore the system to a nominal state of security. One day is quite short, and the work of the students, divided into two teams, is done in several stages,” says Sébastien Bombal, head of the SRS major. First, there is an important exploration phase, which involves auditing, mapping, and IT system administration skills. Then a second phase to identify and characterize the cyberattack – this is called digital investigation, which requires forensic and reverse engineering skills. Then comes a third phase on strengthening the information system and “stabilizing” the cyberattack, which requires administration and development skills.” Then, at the end of the day, there is a final stage in which each team cross-tests the security of the different platforms to check that the established plan is sufficiently comprehensive and that a cyber attacker cannot return. “This last part was a great success, as the students were able to test each other,” notes Sébastien Bombal.
Coordination and explanations
Beyond the basic technical aspect, DEFNET covers two other key subjects. The first is organization, because working with several people on an IT system requires good, and particularly rigorous follow-up on the various tasks and actions to be carried out. “You have to work together as if you were at a crime scene, because if ten of you work on a system that is under attack, you risk “polluting” it! In this kind of a situation, you have to follow each other’s activities and be as methodical as factual, like a real investigator, taking samples, taking pictures of the system, analyzing the traces of the system…” The second subject is directly linked to the cyber defense profession: “reporting” as Sébastien Bombal explains: “This is an essential element in structures, including state structures: we must be able to transcribe what we do technically into a language that is understandable for people who are not in the business. When did the attacker arrive? What did he do? Where did he go? Will he be able to come back? What is the impact? You need to be able to answer all of these questions clearly, in a very concrete manner. This forces you to never lose sight of the context of the operation outside of the technical aspects.”
An extremely formative experiences
The future Class of 2023 engineers particularly appreciated the DEFNET challenge. It was a good opportunity to learn how to detect attacks and understand how they can occur in an almost real situation, while working together in a large team,” says Jean, who was particularly interested in the proposed scenario. It’s something we’ll certainly experience again after graduating from EPITA. Nonetheless, in this scenario, there were a great deal of vulnerabilities that led us to test several things: let’s hope there won’t be as many in the future! Nadia felt the same way. The context was very stimulating, and we had to react quickly to defend the IT system,” continues the student, who was also impressed by the support system set up for the event. I appreciated being able to talk with the ComCyber representatives about their jobs and hear their advice on the measures to take during the exercise.” She expressed her interest in joining the world of cyber defense later on: “It made me want to join the reserves! Ideally, I would like to work in IT project management at the Ministry of the Armed Forces. This positive feedback from the students undoubtedly satisfied the ComCyber teams, starting with Philippe, head of the recruitment office. Beyond the fact of getting a job, it’s the idea of teamwork that we want to share with the students,” says the officer. Those who join our teams become fully immersed in operational cyber defense missions and work on things they won’t see elsewhere. Of course, it’s still the same base from a technical point of view, but it’s really field-oriented. It’s an irreplaceable experience!”