Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government //


08:40 PM
Dark Reading
Dark Reading
Products and Releases

Teens Compete In CyberPatriot II Championships

Friday's CyberPatriot II is the largest national high school cyber defense competition ever held

MAXWELL AIR FORCE BASE, Ala. -- Cyber defense teams from the Arizona, California, New Hampshire and North Carolina wings of the Civil Air Patrol will compete against four Air Force Junior ROTC teams in the Air Force Association's CyberPatriot II Championships on Friday in Orlando, Fla.

CyberPatriot II is the largest national high school cyber defense competition ever held. It has included more than 200 high school Air Force Junior ROTC and CAP cadet teams from 41 states and Japan in simultaneous competition. Only eight teams from the competition's Medalist Flight round advanced to the all-expenses-paid championship round at the Rosen Shingle Creek Convention Center.

Last year, only one CAP team was in the final eight compared with seven Air Force Junior ROTC teams. This year, CAP teams made up about one-quarter of the contestants to start, but ended the competition as half of a 50-50 split.

The CAP Medalist Flight teams are from Beach Cities Cadet Squadron 107 in Torrance, Calif., Willie Composite Squadron 304 in Mesa, Ariz., the Seacoast Composite Squadron in Portsmouth, N.H., and the Burlington Composite Squadron in Burlington, N.C. Air Force Junior ROTC teams competing in the finals are from F.W. Springstead High School in Spring Hill, Fla., Newburgh Free Academy in Newburgh, N.Y., Rome Free Academy in Rome, N.Y., and Clearfield High School in Clearfield, Utah.

The Beach Cities cyber defense team carries a lot of momentum into the championship round of CyberPatriot II. It received the highest score in the Medalist Flight competition and easily advanced to the finals.

During the Medalist Flight competition, competitors had only six hours to find and correct vulnerabilities in a virtual network made possible by Science Applications International Corporation (SAIC), and were tracked and scored according to success and speed. In the championship round, the cadets will compete in the most complicated series of live challenges yet, against a "Red Team" opponent that will actively counter their defense strategies using a commercial platform called CyberNEXS, donated by SAIC.

"CyberPatriot II has been a tremendous success and an excellent learning opportunity," said S. Sanford Schlitt, AFA's vice chairman of the board for aerospace education. "As a career field, cyber defense is essential to our nation's prosperity and national security. One of our primary missions at AFA is promoting education in science, technology, engineering and mathematics, and we're so proud to spearhead this exciting educational program."

Civil Air Patrol, the official auxiliary of the U.S. Air Force, is a nonprofit organization with 59,000 members nationwide. CAP, in its Air Force auxiliary role, performs 90 percent of continental U.S. inland search and rescue missions as tasked by the Air Force Rescue Coordination Center and was credited by the AFRCC with saving 72 lives in fiscal year 2009. Its volunteers also perform homeland security, disaster relief and counter-drug missions at the request of federal, state and local agencies. The members play a leading role in aerospace education and serve as mentors to the more than 24,000 young people currently participating in CAP cadet programs. CAP has been performing missions for America for 68 years. For more information on CAP, please visit www.gocivilairpatrol.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.