CCDC Events are designed to:

• Build a meaningful mechanism by which institutions of higher education may evaluate their programs.
• Provide an educational venue in which students are able to apply the theory and practical skills they have learned in their course work
• Foster a spirit of teamwork, ethical behavior, and effective communication both within and across teams
• Create interest and awareness among participating institutions and students.

CCDC competitions ask student teams to assume administrative and protective duties for an existing “commercial” network – typically a small company with 50+ users, 7 to 10 servers, and common Internet services such as a web server, mail server, and e-commerce site.  Each team begins the competition with an identical set of hardware and software and is scored on their ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security needs against business needs.  Throughout the competition an automated scoring engine is used to verify the functionality and availability of each team’s services on a periodic basis and traffic generators continuously feed simulated user traffic into the competition network.  A volunteer red team provides the “external threat” all Internet-based services face and allows the teams to match their defensive skills against live opponents.

On February 27 and 28, 2004, a group of educators, students, government and industry representatives gathered in San Antonio, Texas, to discuss the feasibility and desirability of establishing regular cyber security exercises with a uniform structure for post-secondary level students.  During their discussions this group suggested the goals of creating a uniform structure for cyber security exercises might include the following:

1. Providing a template from which any educational institution can build a cyber security exercise
2. Providing enough structure to allow for competition among schools, regardless of size or resources
3. Motivating more educational institutions to offer students an opportunity to gain practical experience in information assurance

The group also identified concerns related to limiting participation to post-secondary students, creating a level playing field to eliminate possible advantages due to hardware and bandwidth differences, having a clear set of rules, implementing a fair and impartial scoring system, and addressing possible legal concerns.

In an effort to help facilitate the development of a regular, national level cyber security exercise, the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio agreed to host the first Collegiate Cyber Defense Competition (CCDC) for the Southwestern region in April of 2005.  While similar to other cyber defense competitions in many aspects, the CCDC is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure.  While other exercises examine the abilities of a group of students to design, configure, and protect a network over the course of an entire semester, this competition is focused on the more operational task of assuming administrative and protective duties for an existing “commercial” network.  Teams are scored based on their ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security needs against business needs.