College teams came to Brookhaven Lab and six other national labs for an annual U.S. Department of Energy-sponsored cyber defense competition that encourages students to consider cybersecurity careers and develop relevant skills.
As cyberattacks become more frequent and sophisticated, building a highly skilled cybersecurity workforce has become a national priority. And looking at estimates by Cybersecurity Ventures — a researcher for the global cyber economy — 3.5 million cybersecurity jobs could be unfilled by 2021.
When anyone adds that up, it becomes apparent there needs to be a big jump in the workforce.
In 2016, the U.S. Department of Energy (DoE) began the CyberForce Competition, now an annual collegiate cyber defense competition in which students defend a simulated energy infrastructure network from cyberattack.
Outages resulting from cyberattacks targeting the nation’s electric power grid, oil and gas pipelines, and other energy delivery systems could endanger people’s lives and cause significant economic loss. Ensuring the reliability, resiliency, and security of these systems requires highly skilled individuals who can respond to ever-evolving threats and vulnerabilities. The CyberForce Competition is one of the ways DoE promotes the development of the next generation of cybersecurity professionals with competencies relevant to the energy sector.
The fourth competition was held on Dec. 1, with 66 teams from 24 U.S. states and Puerto Rico hosted at Argonne, Brookhaven, Idaho, Lawrence Berkeley, Oak Ridge, Pacific Northwest, and Sandia National Laboratories. Brookhaven hosted five teams, which were from Columbia University, New York University (NYU), Suffolk County Community College (SCCC), the United States Military Academy at West Point, and the University of Maryland, Baltimore County (UMBC).
“This CyberForce competition is the inaugural one for Brookhaven,” said local co-organizer Patrick Looney, chair of Brookhaven’s Sustainable Energy Technologies Department. “It is exciting to watch the students learn how to defend a piece of virtual infrastructure as they were attacked by cybersecurity experts whose job it is to penetrate their systems. Brookhaven’s participation in the competition is important because it speaks directly to our educational mission in helping prepare researchers of the future — in this case, cybersecurity experts.”
Blue Teams Defend
For eight hours, the college students (blue teams) hardened and defended simulated cyber-physical infrastructure — an oil transportation network, a power delivery system, and a high-performance computing system — against staged cyberattacks launched by volunteer cybersecurity experts from government and industry (red team).
Throughout the day, the students were presented with anomalies — unusual or unexpected activities —they had to distinguish from malicious network behavior. The anomalies were designed to mimic real-world distractions.
“Anomalies are actions that have been noticed in files, such as repeated logins,” said fellow NYU team member Julio Nunez, who is also part of the Cyber Fellows cohort and works as an engineer at a banking firm. “I am supposed to be tracking every case and triangulating them with the log files to figure out who is committing these actions. Everything you ever do on a computer is logged. You can ascertain malicious behavior by going into the log file and analyzing the actions within the file, either manually or with a tool. The main tool we are using here is called Splunk.”
After launching each attack, the red team assessed the blue teams’ responses. Representatives from the blue teams presented their team’s defense strategy to a panel of chief information security officers (CISO) and industry experts. At the same time the blue teams were defending their systems, they had to continue the operation of websites, mail servers, and other services for volunteer end users (green team).
A points-based system was used to assess how successful the teams were at thwarting cyberattacks and maintaining the usability of services, and the level of creativity and innovation in their defense strategies. The University of Central Florida team was named the national winner, and UMBC won first place locally at Brookhaven.
“I’m in charge of everything Windows for the industrial control system,” said local winner Seamus Burke, who is expected to graduate from UMBC in 2020 with a degree in computer science. “My job is to make it as hard as possible for the red team to hack into our Windows machines and try to keep the system functioning. I came up with a way to differentiate between authorized and unauthorized traffic. Unauthorized users can view the status and query the device, but they cannot make any changes.”
The competition not only developed the students’ technical skills in cybersecurity but also their soft skills in teamwork and communication.
“Research has shown that what makes a better team is not necessarily technical knowledge but how well the team members relate to one another,” said CISO panel volunteer Jim Boardman, an academy technical engineer at Palo Alto Networks. “As a former coach of competitions like this one, I saw that communication is key. In this competition, each of the teams has two minutes to state their case, telling us what vulnerabilities they discovered on their network and how they are trying to abate them. If the presenter cannot succinctly and clearly explain the strategy, then the team will not be well represented even though the team may be great.”
“This competition was a great opportunity for students to better understand what it takes to protect a real-world system against cyberattacks and to interact with industry experts,” said local co-organizer Robert Lofaro, leader of the Renewable Energy Group in Brookhaven’s Sustainable Energy Technologies Department. “We look forward to hosting teams again next year.”