Authored by a Symantec employee
“If you know your enemy and know yourself, then in one hundred battles you will never be in peril. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.” — Sun Tzu, The Art of War
In the world of cyber security, those who fight for good must know and understand the tactics of those who fight for evil in order to best them in battle. At Symantec our experts are always one step ahead of cyber attackers, using our global intelligence network that surveys the cyber threat landscape around the clock. But we don’t stop there.
For the past five years, all Symantec employees interested in honing their cybersecurity skills have been invited to participate in CyberWar Games, an immersive simulated environment that has employees taking on the role of hackers in real-world scenarios.
This year, more than 1,500 employees from 33 countries across a spectrum of professional disciplines took part in the world’s largest civilian war game. The top ten teams traveled to Mountain View for an intense three-day battle that concluded on May 4, 2017.
Each year, the CyberWar Games highlight a new sector or industry. This year, the focus was on the global supply chain, using agricultural technology as a backdrop.
Samir Kapuria, SVP and GM of Cyber Security Services (CSS), explains the theme: “What’s become very apparent to us is there’s interconnectivity between all industries that can have a digital domino effect.”
Kapuria continues, “This year’s games included core critical infrastructure, financial services systems, intellectual property in labs, as well as new emerging technologies, autonomous vehicles, and the Internet of Things.”
The challenges designed by CSS illustrated how a single, small vulnerability within an unsuspecting industry like agriculture could set off a digital domino effect, with the potential to escalate into all-out cyber warfare.
The games depicted farming, a seemingly simple process that mankind has practiced for thousands of years. Today, farming has grown in complexity to involve biotechnology and GMO strains designed to increase yield through resistance to drought and disease. So agriculture was a particularly dynamic industry to showcase the world’s interconnectivity.
In addition to the tech needed to develop new strains of corn, technology affects every facet of the agricultural sector supply chain and control systems: from autonomous vehicles for transportation and seed-sowing to PLCs (programmable logic controllers) used for automating processes, like watering plants.
“Spotlighting agriculture was the perfect way to raise awareness of how cyber threats do apply in more traditional, non-high-tech industries,” says Josh Larsen, Development Director of CSS, the team that builds and operates the games. “By focusing on a typically non-tech industry, the games proved that every industry around the globe is vulnerable to cyber attack.”
Navigating the games
During the games, the competing teams performed a series of challenges to earn the points needed to emerge as champions. The gamers were required to hack system vulnerabilities to steal trade secrets, hold systems hostage until the ransom was paid with digital currency, and destroy future crops by altering planting automation programs — each a seemingly random act, but in actuality pieces in a digital domino effect that could bring down the corn farming industry
Hacking into restricted access areas
Teams raced to conquer the challenges, such as gaining entry into a restricted access lab to steal intellectual property from an agricultural biotechnology lab. To succeed, competitors had to reverse-engineer and build a mobile app to escalate access privileges.
Taking control of an automated green house
Next, the competitors compromised a testing facility by reprogramming the PLCs used to manage a controlled environment in which test corn was growing. By altering the program, the hackers destroyed the test corn plants by overwatering and subsequently flooding the facility.
Cyber jacking the food supply
Finally, the hackers used vulnerabilities in autonomous tractors to alter the depth at which the seed corn was planted, so the crop would not grow. On a grand scale, the failure of crops could devastate the corn supply for a nation and affect the corn futures market.
Winning the CyberWar Games
On May 4, Team “No Name,” from Culver City, was crowned champion of the games. Teammates Jerry Jing, Kevin Liu, Alan Meng, and Nathaniel Thies succeeded at the challenges and at the larger goal of the CyberWar Games: to understand the growing attack landscape and how hackers plan and launch their cyberattacks.
“The big win for Symantec is truly the experience and what the players take back to our customers after participating,” says Stan Kiefer, Senior Product Manager, CSS. “Thinking like an attacker radically transforms the mindset of both the event participants and the developers. The immediate direct applicability to our Symantec and Norton customers is priceless.”
CSS Senior Vice President Kapuria sums up the win-win experience, “Symantec has a unique perspective: We see more, protect more, analyze more. We look at today’s technology to analyze tomorrow’s threats to propel the cyber security industry forward. Every day there are new innovations. With that comes new potential risks, to countries, companies, and individuals.”
“We invite every employee on an annual basis to participate in CyberWar Games where we create an environment for them to innovate, channel their passion for security, and learn more about the emerging threats and how we thwart them.”
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone