Brookhaven Hosts Seven Teams for 2019 CyberForce Competition^TM

In November 2019, Brookhaven welcomed university, community college, and military academy teams of undergraduate, master's, and doctoral students for the U.S. Department of Energy's nationwide cyberdefense competition

December 5, 2019

“I trust this will be a fun-filled day for all yet there is a serious element to it as well—for today our energy infrastructure is under sophisticated and sustained attack from ruthless and determined adversaries,” said U.S. Energy Secretary Rick Perry in a video message streamed across 10 U.S. Department of Energy (DOE) national labs hosting 110 college and university teams for the CyberForce Competition^TM on Nov. 16. “As the Secretary of Energy, I have no higher priority than defending against those dangers. That’s where you—our competitors—come in. Competition is a uniquely American approach to problem solving. When America’s cyber experts are competing on the virtual battlefield, we all win.”

The digitization of the U.S. power grid has made electricity generation, transmission, and distribution increasingly susceptible to cyberattacks. Protecting our nation’s critical energy infrastructure from hackers requires a significant investment in cybersecurity. This investment must be made not only in emerging technologies such as artificial intelligence (AI) but also in trained professionals who are equipped with the appropriate knowledge and skills to handle rapidly changing threats and vulnerabilities. Today, more than 300,000 cyber jobs are open in the United States.

The 2019 CyberForce Competition is the latest in a series that DOE began in 2016 to help train the next generation of cybersecurity specialists in the energy sector. College students (blue teams) stationed at national labs across the country defend a simulated energy infrastructure from cyberattacks launched by cybersecurity experts (red team) while maintaining email, file sharing, and other basic services for end users (green team). National lab and cybersecurity industry staff (white team) help the blue teams set up their infrastructure, inject anomalies (optional puzzle-like activities for bonus points) into the network infrastructure, and judge the competition.

DOE’s Brookhaven National Laboratory first co-hosted the competition last December, with five local teams participating. Brookhaven Lab returned as a co-host for this year’s competition—the fifth in the series—held from Nov. 15 to 16. Seven teams came to Brookhaven: Columbia University, New York University, Northeastern University, St. John’s University, the State University of New York (SUNY) at Albany, Suffolk County Community College (SCCC), and the U.S. Military Academy (USMA) at West Point.

“We’re seeing such a diversified group of students come to compete—from U.S. military academies to community colleges to big athletic powerhouse universities,” said Sean Plankey, principal deputy assistant secretary for DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER), who visited Brookhaven during the competition. “We can harness the power of technology to compete across the entire spectrum of the United States.”

The Brookhaven-hosted teams competed against each other and against teams located at nine other DOE labs: Argonne (also the host of the CyberForce Competition Professional Pilot for experienced cyberdefenders), Idaho, Lawrence Berkeley, Lawrence Livermore, National Energy Technology, National Renewable Energy, Oak Ridge, Pacific Northwest, and Sandia.

“One of the awesome things about CyberForce is that schools nationwide are competing at the same time right off the bat, without state and regional qualifier levels as required by other cyberdefense competitions,” said Max Kirby, a sophomore majoring in digital forensics at SUNY Albany, where he is also the captain of the Cyber Defense Organization.

The 2019 competition tasked blue teams with not only defending one of four interconnected infrastructures—a solar energy generation facility, an energy distribution substation, a high-performance-computing (HPC) data center, or a solar panel manufacturing facility—but also communicating with the other three. The infrastructures are made up of networks and faux cyber-physical devices that show disruptions due to a successful cyberattack. The blue teams at Brookhaven were assigned to defend the HPC data center. Each team had a data center replica with colored lights indicating whether the servers were up and running (green) or down (red). Steven Glozek, an intern in Brookhaven Lab’s Nonproliferation and National Security Department (NNSD) and PhD candidate in the Department of Technology and Society at Stony Brook University, built these replicas as part of his internship.

This scenario-based set up with both physical and digital components gives participants a realistic sense of what is entailed in balancing the security and usability of a system as a whole, and enables them to see the real-world implications of compromised critical infrastructure. Teams were scored based on their ability to thwart cyberattacks, maintain usability of services, complete anomalies, share information across different infrastructures, and present a strategy for responding to a hypothetical incident.

“Schools can’t necessarily provide these specialized infrastructures,” said Northeastern University second-year cybersecurity major Fiona McCrae, who is interested in exploring reverse engineering and security operations roles during her co-ops. “The national labs can set up things in a way that is more real world, within the spirit of a competition.”

Local coordinator and NNSD cybersecurity researcher Michael DePhillips explained how CyberForce is different than traditional-style cybersecurity capture-the-flag (CTF) competitions: “In CTF, you typically have to defend and attack, like the game of basketball. CyberForce is just defense.”

“The format of the competition is very helpful in that it develops your practical skills,” added St. John’s University senior Hrishikesh Ramprashad, who is studying cybersecurity and plans to enter the career field immediately following graduation. “In class, the lessons are theory-based, but here you get to do things that you would in real life.”

For example, the blue teams had to provide documentation (a user guide) to the green team—equivalent to the employees and customers of an energy company—on how to access their services to conduct routine operational tasks.

“We have to fill out a survey after doing certain tasks,” explained green team member Biays Bowerman, a chemist and group leader in Brookhaven’s NNSD. “Right now, I can’t access my team’s website, so all I can do is judge them on their user manual. It appears that they’ve been hacked.”

Hacking began with the red teams trying to establish persistence. 

“There were a lot of vulnerabilities to start with, such as default credentials,” said red team member Richard Alcade, a technical specialist at Con Edison. “Our goal is to get and maintain access to the blue team systems.”

As the day went on, the attacks became more malicious and sophisticated.

“Hactivism and defacement is stage one—letting the blue teams know we’re there by exploiting low-hanging fruit, and clandestinely installing back doors to get in at a later time,” explained local red team leader Daniel Fedele of Brookhaven’s Information Technology Division (ITD). “Stage two is exfiltration, where we try to copy any sensitive data we find on their servers. In stage three, we are essentially playing whack-a-mole, shutting down services in sequence. Stage four is extremely destructive, with the systems fully down until the teams can figure out how they can undo what we did.”

The blue teams were also presented with a hypothetical incident: an SSL certificate for a company’s e-commerce website expired, and the company could no longer process payment information without violating regulations. One representative from each team gave a presentation to a chief information security officer (CISO) panel—representing the board members of the imaginary company—explaining how their team would respond to the incident.

“I was impressed by the creative ideas of some of the teams that went outside the strict cybersecurity viewpoint to include business outcomes,” said local CISO panel member Ian Ballantyne, a senior technology architect for cybersecurity at Brookhaven. “One of the suggestions was to find out which customers couldn’t complete orders by looking at the logs and offer those customers a discount to retain their business. This scenario-type exercise is really useful because talking about incidents is something they will be doing in the real world—explaining what went on in business terms, not only the technical details, and reassuring senior management that the situation is under control and measures are in place to reduce the chances of an incident like this happening again.”

The national winner of the competition was a team from the University of Maryland, Baltimore County, which took first place locally at Brookhaven last year; the local winner was a Northeastern University team. One senior, three juniors, and two sophomores made up the Northeastern team. None of them had participated in CyberForce before, and three had not previously competed in any cyberdefense event.

“I’m a computer science major with a concentration in cyber operations, but everyone else on the team is a cybersecurity student,” said Northeastern senior and team captain Anuj Modi. “Cybersecurity is a new major at the school. There were a few times where parts of the competition took us by surprise, so the fact that we were able to go on and win locally is a testament to our perseverance, teamwork, and ability to adjust on the fly.”

Several other students were also first-time CyberForce participants.

“Everyone on our team is new besides one member who participated last year,” said David Regan, a working professional in information technology (IT) management who is pursuing a master’s degree in cybersecurity through the NYU Cyber Fellows online program. “When we got the scenario two weeks ahead of the competition, we broke it down into pieces based on our individual skills.”

“The competition environment provides more hands-on experience outside of the normal school curriculum,” said SCCC freshman Eric Muller, who is studying cybersecurity. “Solving anomalies such as encrypted messages is challenging, especially as a first-year student, but I hope I’m invited back next year to do even better. I would like to get into national defense cybersecurity. I was previously in the military, so I want that sense of purpose again but with less risk than what I used to do.”

USMA team member Steven Cilenti, a senior IT major who will be going into the cyber branch of the U.S. Army upon graduation, noted how he was more prepared for this year’s CyberForce Competition after having participated last year.

“Last year, our machines got hacked into quickly but we had no clue how because we weren’t monitoring them appropriately,” said Cilenti. “We’ve learned a lot since in regard to better securing our systems. This year, we’ve implemented measures such as firewalls and server backups.”

“During our set up, I did a lot of the penetration testing—as we were trying to harden our servers, I went in and tried to look at things from the perspective of the red team,” said USMA team member and computer science major Aidan McCarthy, who would like to join the Army’s cyberoffense operations.

For those participants still exploring career options, CyberForce provided an opportunity to experience the national lab environment.

“Many of the participants may never know what the DOE does,” said Plankey. “A lot of them had no preconceived notion of the national labs and the vast basic and applied research going on. When the students come here as part of the competition, they get a tour of the facilities and see some of the research and recently graduated scientists working here. And they see how their education could translate into a career at the national labs. I think that’s inspiring and something that every student no matter how they do in the competition can really walk away with.”

Consider Anthony Lippman. He participated in the competition last year on the SCCC blue team and, since this past summer, has been an intern in the ITD and Internal Audit Office at Brookhaven.

“After arriving at Brookhaven and taking the tour of the National Synchrotron Light Source II during the 2018 CyberForce Competition, I was amazed by the technologies and could never see myself getting bored here,” said Lippman, who was a member of the local red team for this year’s competition. “The internship I’m doing now is the first of its kind. I learned of the opportunity through SCCC cybersecurity specialist Jonathan Sadowski, who previously worked in Brookhaven’s ITD. He encouraged me to apply.”

Lippman is among the first 20 students to graduate with an AS degree in cybersecurity from SCCC. Now, he is pursuing an online bachelor’s degree in cybersecurity with a specialization in cyber operations at Utica College.

“Interning here has advanced my academic pursuits,” said Lippman. “Participating in cybersecurity assessments and audits at Brookhaven has exposed me to tools and technologies that I never got the chance to learn about in school. I find myself being challenged each day, with my mentors encouraging me to go out of my comfort zone. For example, I’m starting to automate tasks using Python, which helps to make processes more efficient and thorough. Even as I’m learning about cybersecurity processes and tools as an intern, I play a role in helping Brookhaven to achieve its missions. I’d most certainly be interested in working here someday.”

“This competition not only supports cybersecurity workforce development across the country at large but also a grow-your-own effort within the DOE complex,” said Noel Blackburn, manager of university relations and DOE programs for Brookhaven Lab’s Office of Educational Programs (OEP). “We hosted two additional teams this year, and we hope to continue to increase our participation in the future.”

The CyberForce Competition is one of many ways that DOE promotes the development of a workforce of cyber professionals with competencies relevant to the energy sector.

The competition is co-funded by the DOE’s CESER; Office of Science; Office of the Chief Information Officer; Office of Energy Efficiency & Renewable Energy; and the National Nuclear Security Administration. Corporate sponsors of this year’s event include the Federal Training Partnership, which produces training, technology, and military-related events for government and industry, and service providers such as Microsoft Government Azure, Cavalry, Apex Systems, KeyLogic, West Monroe Partners, and Digital Silence.

Brookhaven National Laboratory is supported by the U.S. Department of Energy’s Office of Science. The Office of Science is the single largest supporter of basic research in the physical sciences in the United States and is working to address some of the most pressing challenges of our time. For more information, visit https://energy.gov/science.

Follow @BrookhavenLab on Twitter or find us on Facebook.

2019-16840  |  INT/EXT  |  Newsroom