08/17/2016

High School Students Get Crash Course in Cyber-Kinetic Tactical Operations

August 17, 2016—Forward Operating Base Kyle buzzed with activity. Under a canopy of camouflage netting, Combat Mission Team 227 from the U.S. National Cyber Mission Force worked to coordinate the efforts of Task Force 44, a Navy SEAL unit deployed to the small island of Paraiso in the Indian Ocean. Loudspeakers squawked with the urgent chatter of the task force. Large monitors displayed real-time views from SEAL body cams and the surveillance drone hovering above the island, which recently had fallen into the hands of a well-funded, well-coordinated band of pirates. Task Force 44 had been deployed to the island to rescue a prominent U.S. journalist taken hostage by the pirates.

If some members of Team 227 sometimes whooped with youthful abandon, they could be forgiven. They were, after all, local high school students from the Pittsburgh region, and they were having a great time. The 75 students had gathered at the SEI CERT Division’s Distributed Learning Center for a three-day program on cyber techniques used in mission support operations. The program culminated in the rescue mission, code named “Aluminum Kangaroo,” which the students executed in a sophisticated, gamified training environment created by the SEI to support DoD training initiatives.

From their computer stations, the students comprising Team 227 operated a Scan Eagle unmanned aerial vehicle to locate enemy forces. They hardened Scan Eagle’s control systems against enemy compromise. They gained access to the enemy network and cracked the building management control system in the pirates’ compound, cutting lights during a critical phase of the operation. Through it all, the team communicated with the Seals of Task Force 44 and worked to execute numerous other actions to support the SEALs’ mission and hinder the pirates’ ability to operate.

“This is a first for us,” said Chris May, technical director of the CERT Division’s Cyber Workforce Development Team. “In this exercise, we connected cyber and kinetic missions in real time.” May explained that the Cyber Workforce Development team created the cyber component of the exercise using the SEI’s STEPfwd training environment. May’s team then integrated a virtual kinetic battle simulator produced by a third-party vendor. This integration resulted in a rich training environment that extended from the cyber realm into the realm of events taking place in a simulated combat environment. Adding realism to the exercise, grad students from Carnegie Mellon University portrayed the Navy SEALs of Task Force 44.

As in 2015, the SEI partnered with the Pittsburgh Chapter of the (ISC)2™ to host this high school cyber challenge. “We banded together to help address a gap in teen education,” said the SEI CERT Division’s Jonathan Frederick, vice president of (ISC)2 Pittsburgh. “Our goal for these kinds of events is to help develop and inspire the next generation of elite cybersecurity professionals.”

During the first two days of the event, experts from CERT and members of (ISC)2 introduced students to a range of cybersecurity and cyber mission topics and provided the students hands-on training in techniques such as network scanning, metasploit and SQL injection attacks, and hardening computer operating systems against attack. On the third day, the students formed into smaller teams and rotated through the “Aluminum Kangaroo” rescue mission exercise as well as a second exercise, dubbed “Opulent Bluegrass,” in which they disabled a botnet.

“The kids worked very hard on building offensive and defensive cyber skills that were essential for completing their mission exercise,” said Josh Hammerstein who led the SEI team in producing this exciting event. Hammerstein is a member of the CERT Information Assurance Team. “It was great to see how they teamed up with the virtual special forces team and provided critical cyber-kinetic support to help the task force extract the hostage,” added Hammerstein. “They did a great job defending their cyber terrain while also hacking into enemy industrial control systems to ensure the mission’s success.”

For more on the work of the SEI CERT Division’s Cyber Workforce Development Team and the STEPfwd training environment, visit http://cert.org/cyber-workforce-development/.