What’s the best means to integrate, maintain, and secure an organization’s internal system infrastructure and remote client management software?
Six members of Auburn University’s Ethical Hacking Club (AUEHC) — five Auburn Engineering students and one business student — found out at CyberForce, one of the nation’s premier cyber-physical security competitions, Nov. 3-4 in St. Charles, Illinois. At this U.S. Department of Energy-sponsored event, 107 teams representing 70-plus universities maintained a fictitious energy resource management company’s web portal — where data on generation, distribution, account credits, client information and overall health of the grid was vulnerable.
“This was the closest experience to a real-world scenario that students can have,” said Andrew Pruett, a senior in computer engineering and AUEHC treasurer. “We were given a wide range of operations to manage. Not just the technical documentation but also trying to maintain the security of computers. Much of the technologies and platforms we used are going to be the ones we see in industry.”
Pruett was joined in St. Charles – a western Chicago suburb – by Luke Robinson (computer science and software engineering), Jonathan Story (electrical and computer engineering), Hemant Sherawat (graduate student in cyber security management), Walker McGilvary (computer engineering), Kyle Ackerman (computer science and software engineering), and Farah Kandah (associate professor in computer science and software engineering and team mentor).
“We were provided machines including a web server,” Pruett said. “We were given DNS (domain name system) servers for databases and client machines, which had a set of services already installed to create a cyber-physical system. Basically, we were given a wide spectrum of data necessary for business to be conducted. We monitored machines for the duration of the competition. It was a real-life situation.”
Farah Kandah, associate professor in computer science and software engineering and member of the Auburn Cyber Research Center (ACRC), served as the team’s mentor.
“The students were put in that kind of situation from 10 a.m. to 6 p.m. and it seemed that the system was under attack for six, seven, or eight hours,” he said. “They were under pressure, and they demonstrated great capabilities in defending the system and satisfying the customer needs as required by the given setup. Their hard work and determination pushed us up the scoreboard.”
Malware attacks were constant. Playing the role of cyber defenders, students were tasked with locating where malware attacks were initiated. Where were those files downloaded? Who downloaded them? What is the IP address? Did other incidents occur because of the attack? Could unwanted processes be stopped from executing undesired tasks? Bad actors are inside the system – can they be kicked out, and if so, how?
“We teach many of these techniques – how to find deleted files, how to retrieve information stored within broken hard drives, network security techniques, how malware penetrates the system, running network analyses – in our classrooms, but not all at one time in one day,” Kandah said. “This competition, however, encompassed all these things in one place in a pressure situation.”
In its ninth iteration, CyberForce has attracted a who’s who list of collegiate cyber super sleuths.
“Many universities have sent teams six or seven times,” Kandah said. “It’s easy to recognize how beneficial this was to our students, and program. We already look forward to going back next year.”
The team was sponsored by ACRC, which covered all travel costs.
“The Auburn University Ethical Hacking Club’s participation builds on its increased participation in DOE events such as CyberFire Puzzles hosted by Los Alamos National Laboratory and Tracer FIRE hosted by Sandia National Laboratories,” said Daniel Tauritz, associate professor in computer science and software engineering, interim director and chief cyber artificial intelligence strategist of the ACRC, and director for national laboratory relationships.
“Auburn’s strength in national security manifests itself through R&D collaborations with U.S. government agencies such as DOE, educational programs such as the Master of Science in Cybersecurity Engineering which is one of only 10 institutions designated as National Centers of Academic Excellence in Cyber Defense, Cyber Operations, and Cyber Research, and student groups such as AUEHC participating in cybersecurity competitions.”