Thwarting ‘Hacktivists’: CWU partners with industry to prepare students for real-world cyber-attacks

Thwarting ‘Hacktivists’: CWU partners with industry to prepare students for real-world cyber-attacks

Hackivists 1

One trillion. That’s the estimated number of computer hacks attempted every day. Roughly one hack every 12 minutes for each person on Earth.

These cyberattacks can affect everyone from the college student, who inadvertently reveals personal information that can lead to identity theft, to a small town that suddenly finds its financial records encoded and held for ransom.

The latter possibility, in fact, led the cities of Ellensburg and Cle Elum to invite a group of 65 CWU students, partnering with the Public Infrastructure Security Cyber Education System (PISCES) Northwest and its technical support contractor, Seattle-based CI Security, to monitor their internet activity.

“Normally, we wouldn’t have such high-level supervision against potential infection of our systems,” noted Cle Elum’s City Manager Robert Omans.

In fact, within days of the start of PISCES monitoring, an anomaly was discovered in Cle Elum. While it turned out to be a normal part of the information technology (IT) system, Omans, who also oversees the city’s IT, said it proved the monitoring worked.

“It’s nothing but good,” he said. “Because of all of my responsibilities, I don’t get to spend, probably, more than two percent my time on IT, unless there is some type of problem. This is certainly beneficial for small jurisdictions where officials have to wear many hats.”

Deb Wells, a CWU Information Technology and Administrative Management (ITAM) lecturer who oversaw the project, said it provided students a real-world experience.

“It was a priceless opportunity for them to see live data and make decisions on whether or not there was a possible attack or breach,” she said.

How It Works

Students were able to use highly sophisticated technology that analyzes computer network traffic. When they did determine something was amiss, they informed the PISCES Cyber Range in Poulsbo to initiate a response with the organization being monitored, and with permission to share the information with the Washington State Fusion Center (WSFC).

The purpose of WSFC is to support government agencies to quickly protect privacy and civil liberties, ensure information and operational security, and support communications and collaboration.

Hitting the Ground Running

The success of the project also illustrates the growing need for qualified computer-security analysts. CI Security Chief Information Security Officer Michael Hamilton said CI Security is expecting to expand its Ellensburg operations center soon (it also operates centers throughout the state).

O’Rynn Hayden (ITAM 2019) is one of four CWU graduates who now serve as Security Operations Center analysts for CI Security in Ellensburg. He said working in the cybersecurity field is rewarding because he feels like he is doing something good for the world, especially in helping to prevent attacks on organizations that provide health care and keep the lights on.

“We have multiple clients across the world and we, in real-time, monitor their networks for potential security breaches,” Hayden said. “And we find out what kinds of requests certain users are making on our clients’ networks. We can find out a lot about what’s going on.”

Hayden believes he was well prepared to assume that role and was able to jump right into his career.

“I felt very comfortable right off the bat looking at a lot of different types of data and looking at different types of exploit attempt,” he said. “I feel like I’m able to pick the new things up a lot quicker because of the skills I learned at Central.”

Hamilton concurred, adding, “The dude’s already been promoted twice—that’s what we think about the resources that we’ve been getting from Central. I spend a good amount of time with a number of institutions in our state. I know the academic underpinnings of the different programs. Because Central focuses a lot on learning how networks work—that is the key. We can teach how to sort through the data and look for a problem. They need to come through the door knowing how networks work.”

Typically hackers target data confidentiality, integrity, and availability (known as the CIA Triad). Such breaches can negatively impact the accuracy and integrity of a system’s data, which concerns Wells, who served as a cyber-computer officer in the Air Force for more than 21 years.

“That’s a passion of mine, especially when you talk about the industrial control systems,” she said. “SCADA (Supervisory Control and Data Acquisition) allows for remote monitoring and control of things like power substations, which depend on accurate data. If a hacker gets in and changes settings, while making it appear that things are still normal at the control center, then you can have loss of life.”

Preparing for What’s to Come

A big area of concern for most people is the theft of their confidential personal data. That applies even to people who believe they are not at risk because they don’t do online banking or social media—or even use a computer.

“If they pay their taxes, then the IRS has all of their data,” Wells noted. “Even if a person doesn’t do anything wrong, their data could be stolen.”

It’s not only desktop computers and systems that hackers target. They have a new and emerging quarry: the internet of things (IoT).

The IoT is seen as one of the most crucial challenges right now because everything is connected digitally. This includes wearables, wireless routers, lightbulbs, refrigerators, voice-enabled AI (artificial intelligence), cars, and more. Robert Lupton, chair of the ITAM department, said the different layers of security are becoming highly sophisticated.

“It’s challenging to prepare students to be ready for all of this because it’s changing all the time,” he said. “Lifelong-learning skills are going to be extremely important.”

In terms of education, Wells also offers cybersecurity tips and training off campus during frequent presentations at service clubs, organizations, and businesses around Washington. Her IT students also chip in, providing specific risk assessments to Ellensburg businesses.

“You can’t put your head in the sand and say, ‘They’re not going to hack into my device,’” she said. “Hackers have lots of nefarious reasons. Education is key to being safer, but there’s no surefire way to be entirely safe online.”

CI Security’s Hamilton added that along with the technical expertise CWU students gain, they’re also developing another valuable trait for budding cybersecurity professionals: curiosity.

“You need to have that drive to pull on that thread to see where it goes,” he said. “Some of that we can teach and turn into process. But some (has to do with) an individual’s personality and character.”

Hackivists 2

CyberHygiene 101

The top 5 tips, and 1 freebie

1. Rotate or change your passwords every 45 to 90 days, or earlier if you learn of a potential breach.

2. Do not use the same password for everything. Consider incorporating a password manager for all of your accounts and website logins.

3. Use a virtual private network (VPN) to encrypt your network’s incoming and outgoing data.

“This is vital if you are using free Wi-Fi and it’s very smart—and should be a policy—if you are teleworking,” ITAM lecturer Deb Wells said.

4. While on the Internet, limit your browsing to sites that use the prefix “https” (hypertext transfer protocol secure), as they offer an added layer of security.

“You can even add an extension to most web browsers to do this automatically,” Wells pointed out. “It’s called ‘HTTPS Everywhere.’”

5. Make sure to install anti-virus or malware software on your system, beyond what may come with your operating system. Free and low-cost options are available.

6. If you get a message to update your system, then you should UPDATE YOUR SYSTEM.

“Companies specifically distribute these updates as soon as they can to fix any known or discovered bugs in their software or operating system,” Wells noted. “So, it’s not wise to ignore them.”

Doing it the CIA Way

The foundation of the cyberwarfare training at CWU is understanding the Central Intelligence Agency’s (CIA) Triad—considered the three main rules for cybersecurity, according to Deb Wells.

The first leg involves recognizing an attempt to gain access to confidential information. Each year, millions of cyberattacks try to gain unauthorized access to customers’ personal data.

“Not everyone needs the ‘keys to the kingdom’—everybody in an organization, or a home for that matter, doesn’t need to have access to all the data or all the servers,” Wells said. “What matters most is making sure that the people who need to know are only the ones who get to know. Access to assets, data, information, and so on, should be available only on a need-to-know basis. Data encryption is a good way to help ensure confidentiality.”

The second leg of the Triad is integrity, which involves compromising or tampering with stored data when it’s being transmitted.

“Information in underlying systems, such as databases, also needs protection,” Wells said. “Access controls need to be put in place, and there should be an accepted procedure to input or change the stored or transmitted data.”

Access controls are measures that are implemented to protect the data and ensure it cannot be manipulated by, what she termed, a “bad actor.”

The third leg of the Triad is availability. A common type of cyberattack aims to cut off accessibility. These attacks are typically known as denial of service (DoS), which use a single computer and Internet connection to overwhelm a targeted system or source.

Hackers also can use what is called a distributed denial of service (DDoS) attack, which uses multiple computers and Internet connections, to overwhelm a computer system. In both cases, the hackers are attempting to make sure the services are no longer accessible.

“This could mean 24/7, 365, or simply when an organization is open for business,” Wells said. “An iconic example of an availability attack was when most of the people living in Estonia were unable to access the internet after the country’s entire network was shut down because of a dispute with Russia. Estonian officials are said to have ignored warnings of a Russian response. It came and the [DdoS] attack lasted 22 days.”

Not surprisingly, the complexity and variation of cyberattacks can be mind-boggling.

“Even cyber professionals can get confused or distracted by all the ‘noise’ generated in the cyber world,” Wells said. “For example, when our students are monitoring traffic for the PISCES project, they have thousands of feeds they can get bogged down with.

“However, with the knowledge they gain of the CIA Triad and the solid visualization tools available to them, they can stay on track and not get lost down a virtual rabbit hole.”

What is the Internet of Things?

The Internet of Things (IoT) moniker is commonly used and frequently misunderstood. The IoT is the wide range of everyday devices that digitally connect us.

IoT items include everything from voice assistants to refrigerators to medical equipment. There are even smart buildings, where lighting systems can automatically adjust depending upon immediate needs.

“IoT and ‘smart devices’ are an incredible addition to our technological advancement,” Deb Wells said.

For example, small sensors embedded in road surfaces collect information about conditions ahead that can be relayed to corresponding receivers in cars and trucks driving on the highway. Medical devices use sensors to manage patient health, while ranchers are even implanting them in cattle as a way to manage herds on the open range.

The applications and uses appear to be limitless, and new technology is being designed and tested “virtually” every day.

But is the IoT secure?

“Yes … and no,” Wells said, apprehensively. “Many times, a new ‘smart’ gadget comes with a default username and password. The consumer must go in and change that password and ensure (the devices) are locked down as much as possible. It’s the responsibility of the user to ensure they change passwords and keep their networks safe and secure.”

No matter how smart our devices become, Wells encourages users to be even more vigilant.

comments powered by Disqus