NREL Analysts Help Students Battle Real-Time Cyberattacks, Gain Skills
March 25, 2019
When a series of cyberattacks surged through the Denver Tech Center, Cybersecurity Analysts Joshua Rivera, Adarsh Hasandka, and Anuj Sanghvi from the U.S. Department of Energy’s National Renewable Energy Laboratory (NREL) could just watch—and wait.
They were aware that a group of hackers—known as the Red Team—were running amok in a computer infrastructure at Regis University’s Denver Tech Center campus March 8-9. The clock was ticking, and the only lines of defense were young, relatively inexperienced college students.
“They were under pressure for sure,” said Rivera.
Not only did those students have to defend their computer systems in real time, they also had to write succinct business reports to justify their actions so their superiors could understand their responses.
Once those business plans were finished, the NREL analysts could finally contribute. That’s because they were volunteers on the Gold Team at the eighth Rocky Mountain Collegiate Cyber Defense Competition (RMCCDC), a regional event that gives eight college teams the chance to test their cybersecurity skills.
When all the scores—including the Gold Team’s subjective appraisals of business plans—were tallied, the Red Rocks Community College Cyber Team took second place in the competition. Rivera and Hasandka, who had helped coach the team, shared in their celebration.
In February, the pair had run a training drill for the team. “The feedback we got was that it was helpful to them to get insight into the kinds of cyberattacks people see in industry,” Hasandka said.
And while Red Rocks’ runner-up finish was sweet for both, it was especially satisfying for Rivera because it fulfilled a vision sparked when he was a student at the school four years ago.
Entering the World of Cybersecurity
Rivera—who grew up in Thornton, Colorado—embarked on a path that eventually led to NREL by first serving in the U.S Navy, earning a degree in criminology from Regis University, and heading to Red Rocks to pursue a cybersecurity degree through a DOE Office of Science scholarship.
While at Red Rocks, he urged his fellow students to compete in the RMCCDC. “A lot weren’t confident about our chances,” Rivera recalled. “They said, ‘We are only community college students. Four-year schools will be entered.’” He persisted, arguing, “It’s about our own internal drive and motivation to take this on.”
The eight-person squad ended up being the first community college team to compete in its region, which covers Kansas, Utah, Wyoming, Nebraska, New Mexico, and Colorado
“Our expectation was to show up and not quit,” he said.
However, the team members surprised themselves by beating one university and a business school. The following year, Rivera created a computer system framework that allowed him to train the students on attacker’s tactics. “I built out a network infrastructure, implemented vulnerabilities in their laptops, and had an attack hack into the systems,” he said.
The upgraded training paid off. That year, Red Rocks bested the Air Force Academy as well as another team in the RMCCDC.
Rivera, who joined NREL two years ago, took a break in 2018 to pursue his own endeavors—but this year, he joined forces with Hasandka to link up with some Red Rocks mentors and coach the latest Red Rocks Cyber Team.
Training the Next Group of Cyber-Warriors
As coaches, Rivera and Hasandka took the team through a mock attack scenario. The training also gave the team practice writing business reports while simultaneously having to defend against intruders.
“We used pre-existing computer infrastructure,” Hasandka said. “Joshua and I were effectively acting as the Red Team, attacking,” he laughed.
After all, both needed to be competent “bad guys” to know how to probe for vulnerabilities in a computer system.
With the system up and running during the February mock competition, the two maneuvered it, letting the Red Rocks trainees know their defenses were breached. After taking over their system, Rivera would use a text file to “write ‘I’m still here’ in real time so they would see it. I said, ‘How are you going to kick me out of here and make sure I’m locked out?’”
The students might feel powerless at first as an unseen attacker taunts them—but it’s a necessary challenge. One goal of the RMCCDC, Rivera noted, is to “understand how to do an instant response. Someone has gotten into their system, and now, how do they respond correctly?”
Good teams must learn to respond without damaging the integrity of any of the data in the system and collect the appropriate artifacts to highlight the breach. The process is “like doing computer forensics,” Rivera said. Successful groups “capture critical information and identify where in the network this outside person is coming from. Then they must create a mitigation strategy to address vulnerabilities and breached systems.”
The NREL staffers volunteered about 16 hours at the contest—time well spent for both the students and the laboratory. Like Rivera, some of these skillful cybersecurity students may end up at NREL one day. Also, knowledge about how to stage such cybersecurity competitions will be valuable if the laboratory hosts one in the future.
Meanwhile, Rivera and his group have been working on creating a 3-D cyber and power-attack emulation at NREL’s Energy Systems Integration Facility (ESIF). The emulation runs on a real-time system and has the ability to link real physical systems. Such work in the ESIF ties into an NREL Laboratory Directed Research and Development effort focused on cybersecurity and power emulation. Both Rivera and Hasandka believe that developing this vision could help more students learn at a higher level.
“If we do go in this direction, it could change the paradigm of how we do cyber defense competitions,” Rivera said.
And the constantly evolving world of cyber defense, any advantage could help stop the next wave of intruders—who certainly want to do far more damage than merely taunting budding cybersecurity analysts.
Learn more about NREL's cybersecurity work.