High school students working in a computer lab

Countdown to Embedded Capture the Flag Grand Finale

By Catherine Trifiletti

The popular annual competition promotes the protection of everyday devices.

A group of 8 members of the US Air Force Academy eCTF team

Embedded Capture the Flag

A competition that convenes hundreds of eager young people to attack secure embedded systems.

Take a moment to look around you. Your phone. Your electronic car key. Your smart watch. They’re all dependent on semiconductors.

As idealistic consumers, we expect these ubiquitous tools to be both secure and economical. But most aren't, really. Security measures often get sacrificed for low-cost manufacturing. This means that many of the devices we rely on daily are ripe for hacks.

To achieve security, embedded systems must meet authentication requirements. In other words, they must be designed to ensure only you have access to your stuff. It isn’t enough that the devices provide a level of security to ensure the protection of you and your data, but in the event of a breach, today’s devices need to fail gracefully. Building resilient systems is key.

Enter MITRE’s Embedded Capture the Flag™ (eCTF), a competition that convenes hundreds of eager young people from dozens of academic institutions to team up over a semester and develop—then attack—secure, embedded systems.

As the real-world need for talent grows in this multibillion-dollar market, the goal of the MITRE Engenuity and MITRE Labs-led initiative is to drum up interest from a new generation of cybersecurity professionals. It’s all part of MITRE’s larger workforce development efforts.

The office of Massachusetts Gov. Maura Healey recognized the field’s workforce shortage earlier this year, earmarking $1.5 million (of a total $9.2 million in federal CHIPS and Science Act grant funding) to initiatives that “aim to expand engagement to students across the northeast region.” eCTF received $750,000 of those dollars.

Learn more about the competition below.

Getting young people engaged with embedded security challenges in a hands-on, risk-free environment where they can learn from their mistakes is invaluable.

Capture the flag, like the game we played as kids?

Yes, but trade a wide-open field for the vast cyber landscape. Capture the flag has become a popular exercise in cybersecurity, where teams must find security vulnerabilities in their competition’s designed systems.

The rules of engagement are different than those from summer camp, but the feeling of grasping the hidden flag carries the same triumph.

eCTF participants began working on their embedded systems in January. This year’s winners will be crowned and awarded cash prizes on April 26 at a ceremony in Boston, Mass.

Who’s participating?

The 95 teams competing include 773 students studying cybersecurity, computer science, and engineering. Participants from as far as India, Singapore, and several African countries are involved.

  • 18% High schoolers
  • 67% College undergrads
  • 12% Graduate students
  • 3% Ph.D. candidates

What device systems are teams building and protecting?

Each year’s challenge is different. This year, teams designed and implemented a new supply chain security solution for microcontrollers on a medical device. (Did you know your insulin pump may be vulnerable to cyberattacks?) Past competitions have featured car key fobs, drones, and smart grids, to name a few.

Why is eCTF unique?

Embedded security has not yet gotten its due in college curricula, despite its heightened relevance. eCTF is distinct because it requires students to address both attack and defend methodologies across software and hardware, whereas most capture the flag competitions only feature an attack phase in software. Here's how it works:

Step 1: Teams design and develop secure systems;
Step 2: Teams hand off the system to organizers for functionality testing;
Step 3: Teams analyze and attack their competition’s secure systems for points;
Step 4: Teams with the most points are awarded first, second, and third place prizes (plus additional awards: exemplary write-up, hardware hacker, and best poster).

Why is eCTF important?

With a growing reliance on microelectronics to power our everyday activities, protecting them through embedded security is paramount.

Also, getting young people engaged with embedded security challenges in a hands-on, risk-free environment where they can learn from their mistakes is invaluable. Event sponsors, including cybersecurity companies Fortinet and CrowdStrike, agree, and they see the competition as an opportunity to recruit new talent. MITRE has also done a fair share of hiring at the competition. 

Interested in solving problems for a safer world? Join our community of innovators, learners, knowledge-sharers, and risk takers. View our Job Openings and Student Programs. Subscribe to our MITRE 360 Newsletter.