Teaming Up with the Department of Energy and Argonne National Laboratory at the CyberForce Competition™
The US Department of Energy (DOE) hosted their CyberForce Competition™ in late 2018 within their network of National Laboratories across the United States. The competition was created with the goal of addressing the cybersecurity skill gap in the marketplace today. It is estimated that in 2018 alone there were close to 3 Million unfilled cybersecurity positions. Through the CyberForce Competition™, DOE has worked to increase 1) hands-on cyber education to college students and professionals, 2) awareness into the critical infrastructure and cyber security nexus, and 3) basic understanding of cyber security within a real-world scenario.
West Monroe’s participation in CyberForce highlights our interest and commitment to the development of future cybersecurity professionals. This was the second time this year that West Monroe’s cybersecurity team was fortunate enough to attend the event as both a participant and corporate sponsor. Overall, there were 70 teams participating across the U.S. from highly regarded universities and cybersecurity clubs, with student participants ranging from lower classman to Ph.D. candidates. Argonne National Laboratory served as the host sponsor and event lead. Students were challenged with applying security strategies and controls that can adequately defend a simulated industrial control system (ICS) against current real-world threats that plague the energy and utility sector today.
Preparing for the CyberForce Competition™
During the days leading up to the competition, Blue Team members (students) received credentials to remotely access their respective cloud instances that that hosted a functional IT environment used to manage an ICS and high-performance computing (HPC) cluster. The cloud instance contained virtual machines (VMs) that the Blue Team had to manage and one VM managed by the White team. Prior to day 1 of the competition, each Blue team had to submit their defense in depth strategy on mitigating techniques and for assessing the threats to their environment, hardening and monitoring their environment, and responding to incidents. The following team structure was put in place to ensure a managed communication flow process was followed throughout the competition:
Competing for cause
The competition kicked off early with the Red Team trying to actively gain access to the Blue Team’s ICS environment, the Green Team attempting to use the environment as a normal business user, rounding out with the White Team monitoring Blue Team service uptime. A key part of day two activities was the Blue Team’s ability to monitor their systems, submit incident reports to the White Team, choose anomalies they wish to complete for additional points, and at the same time to support their Green Team users.
During the Green Team effort, each volunteer acted as a business user to assess, score, and report on the usability and uptime of Blue Team’s environment. The Blue Team provided user documentation and instructions for access and using their ICS environment. Participating on the Green Team was interesting on two fronts. As volunteers, we were able to access and report on the usability of the Blue Team’s ICS environment, and had the experience of seeing the Red Team’s ability to demonstrate real-time attacks. A real-time scoreboard was shown in the room such that each Blue Team could see regarding their ability to withstand attacks.
Bringing real-world strategy to the CyberForce Competition™
In most organizations today, cybersecurity professionals are asked to update and advocate for additional opportunities and resources with executive-level leadership. To simulate and show why this is important, the competition enlisted a mock CISO panel. For additional points, each Blue team was given the opportunity to request time (2-minutes) in front of the CISO panel to advocate any unique defensive approaches they would take during the competition. The Blue team’s pitch to this panel was to describe their defense approach, implementation methods, as well as results and lessons learned. As part of the CISO panel, the West Monroe’s cybersecurity team offered a unique perspective as we applied our experience and real-life understanding of how business and technology works to be able to critique the Blue team defense strategies.
While uptime and availability of each Blue teams ICS environment was of most importance, several teams were defeated not by the Red team’s attack, but by their lack of legible user guidance materials. As we commonly see in the industry, security teams tend to focus on keeping systems operational and tend to overlook activities with documentation and knowledge transfer, which in a time of crisis will create significant risk. As we often emphasize with our clients, continuous learning is a key factor in improving cybersecurity organizations. At the end of the competition Red team volunteers recapped their attack methods with the participants and educated them on overlooked defenses.
“It is important that Universities, National Labs and industry partners work together to get more interest in cybersecurity related fields, especially in the critical infrastructure sectors. We need continue to grow and mentor these students into the future leaders and challenge them to design innovative solutions to the upcoming challenges,”
Dr. Nathaniel Evans, the founder of the competition from Argonne National Laboratory
The importance of a control systems cybersecurity perspective
West Monroe’s involvement in this competition was to work collaboratively on real-world threats, and to gather different interpretations on how to mitigate these threats with the serviceable goal of having a shared perspective on the rising issues in the Energy and Utility cybersecurity and threat actor motivations. A common theme identified was that control system cybersecurity is paramount and the importance of addressing this from multiple angles. This is an important point as the operational technology threat landscape is evolving more quickly than the development of conventional mitigation techniques.
From a control systems cybersecurity perspective, it’s important to remember that attack vectors regularly change and need on-ongoing assessment and monitoring; security hardening across the cyber and physical domains need to be achieved with the effective combination and layering of multiple security components. To ensure the reliability of power delivery, it is vital that an organization’s industrial control systems (ICS) and its networked components meet safety and reliability criteria through excellence in operational planning and daily work execution, and by predictive and proactive monitoring of real-time system operations. This is exactly what the U.S. Department of Energy’s (DOE) CyberForce competition set out to do and certainly demonstrated on many fronts.
Overall, this completion offered a unique shared experience for all participants including Industry Sponsors (including West Monroe, Microsoft, Federal Training Partnership, CLAROTY, AFPM, American Public Power Association, CybatiWorks, General Atomics, NASEO, and TN Department of Environment & Conservation), Argonne National Laboratory committee members, National Laboratories across the US, cybersecurity experts, faculty advisors and professors from respective Universities and cybersecurity clubs.
More information on DOE’s CyberForce Competition can be found HERE.