A photo of a researcher participating in a hackathon/CTF event at GTRI.

GTRI 'Hacks' Solutions for Pressing Cybersecurity Challenges

06.09.2022

When people think about the game capture the flag, memories of gym class or family trips likely come to mind. The Georgia Tech Research Institute (GTRI) is participating in a slightly different version of this childhood favorite, where teams face off against opponents across the world to tackle real-world cybersecurity issues.  

GTRI's Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory has participated in capture the flag (CTF) and hackathon events since spring 2021, winning monetary prizes and prestige in the process.

In March 2021, GTRI won $10,000 and placed 2nd in the U.S. Navy's HACKtheMACHINE event, where participants attempted to hack commercial maritime electronics intended for laboratory use to test their vulnerabilities. In December 2021, GTRI was a top 4% finisher in the U.S. Air Force and U.S. Space Force's Hack-a-Sat 2 event, where participants learned how to reduce vulnerabilities in space systems and make them more secure. GTRI in May 2022 placed in the top 5% of the final round of the Air Force and Space Force's Hack-a-Sat 3 competition.

Though the terms “hackathons” and “CTFs” are often used interchangeably, CTFs refer to team-based competitions in which participants use cybersecurity tools and techniques to find hidden clues or flags. The team that finds the most clues or flags, which are hidden in purposefully-vulnerable programs or websites, during the event wins. Hackathons, meanwhile, are events in which developers, designers, and even non-technical people collaborate to build new programs and technologies and do not necessarily involve vulnerability discovery. Most hackathons and CTFs are open to all students, researchers, and professionals across the world.

Chris Roberts, a GTRI principal research engineer who leads CIPHER's Embedded Cyber Techniques branch, said CTFs allow students and faculty of all skill levels at Georgia Tech and GTRI to work together to address issues impacting the cybersecurity field.  

"CTFs involve challenges that represent real-world issues," Roberts said. "What I really like about them is they give seasoned engineers the ability to impart knowledge on more junior-level engineers. Both groups can work together and learn from each other." 

GTRI Principal Research Engineer Chris Roberts helps a student during a hackathon competition.
Chris Roberts (right), a GTRI principal research engineer who leads CIPHER's Embedded Cyber Techniques branch, said hackathons and CTFs teach participants teamwork and problem-solving skills that extend into the workplace (Photo Credit: Ethan Trewhitt). 

 

Many CTF events require participants to figure out how to secure legacy technology systems against sophisticated cyber threats.

Pointing to the example of satellites, which are central to the Hack-a-Sat contests, Roberts said many of these systems are prime targets for cyberattacks because they often use obsolete equipment and may not receive regular security updates. The importance of securing satellites holds relevance for advancing national security. Satellites are especially crucial for military operations in the U.S. and across the world, providing geolocation and navigation services, target detection, missile warning and adversary activity tracking.

"Satellites are high-tech pieces of equipment, but a lot of them were launched decades ago when cybersecurity wasn't as much of a concern," Roberts said.  

In addition to exposing participants to relevant cybersecurity issues, Roberts said hackathons and CTFs reinforce the importance of teamwork and problem solving that extend into the workplace.    

"These events require participants to figure out how to approach a problem, break it down into bite-sized chunks, and test their theories," Roberts said. "When I hire a full-time research engineer at GTRI, I'm looking for their ability to problem solve. I can teach them the technical side of things, but problem solving is much more difficult to learn."

Randi Thorson, a GTRI research engineer who earned an M.S. in cybersecurity from Georgia Tech in 2022, said she most enjoys the "rush of" finding flags during competitions and thinking outside the box when testing systems for vulnerabilities. Thorson has participated in CTFs and hackathons at Tech and GTRI for one year.

"I think CTFs are important because they teach you to look for vulnerabilities," Thorson said. "So, when you're designing a product, you know not only some of the mitigations that need to be put in place to design a secure system, but they also teach you the out of box thinking that an adversary will use to exploit the product."

Similarly, Kennon Bittick, a GTRI research scientist, said CTFs and hackathons help people who are new to computer security ease into the field by solving unique problems and just having fun.

Bittick is a Georgia Tech double alum who earned his undergraduate degree in computer science in 2015 and a graduate degree in computer science in 2018. He has participated in hackathons and CTFs at Tech and GTRI since his freshman year of college. 

"The thing I like most is getting a challenge for a system I have never heard of before and being able to quickly do a deep dive, learn about the system, and solve the problem," Bittick said. "To me, it evokes the classic hacker ethos of quickly learning something cool and making something work."

GTRI Research Scientist Kennon Bittick participates in a hackathon/capture-the-flag contest.
GTRI Research Scientist Kennon Bittick (pictured) solves a cybersecurity problem during Hack-a-Sat 3 in May 2022 (Photo Credit: Ethan Trewhitt). 

 

 

Writer: Anna Akins (anna.akins@gtri.gatech.edu)
Photos: Ethan Trewhitt
GTRI Communications
Georgia Tech Research Institute
Atlanta, Georgia USA


MORE 2022 ANNUAL REPORT STORIES

MORE GTRI NEWS STORIES


The Georgia Tech Research Institute (GTRI) is the nonprofit, applied research division of the Georgia Institute of Technology (Georgia Tech). Founded in 1934 as the Engineering Experiment Station, GTRI has grown to more than 2,800 employees supporting eight laboratories in over 20 locations around the country and performing more than $700 million of problem-solving research annually for government and industry. GTRI's renowned researchers combine science, engineering, economics, policy, and technical expertise to solve complex problems for the U.S. federal government, state, and industry.

Newsletter

Sign up for monthly updates on GTRI’s research, activity, and more.

Related News

| News stories
GTRI has expanded its Defense-university Affiliated Research Traineeship (DART) Program to Tuskegee University, a historically Black institution in Alabama. The DART Program trains HBCU faculty and students in applied DoD research and offers mentorship and career exposure.
| News stories
A new training system that can run on ordinary tablet computers is enhancing existing electronic warfare (EW) instruction for the crews of U.S. air mobility aircraft, including the C-130H, C-130J, and C-17 transports.
| News stories
Collaboration among three Georgia institutions of higher education on the operation of a new weather radar system will enhance student learning, provide new opportunities for research, and help improve severe weather coverage in north Georgia.