Login | April 26, 2024
UA hosts national cybersecurity training
RICHARD WEINER
Legal News Reporter
Published: June 15, 2018
More than 100 cybersecurity professionals from northeast Ohio and around the world recently completed a Department of Homeland Security training held at the University of Akron’s new cybersecurity lab.
The training concentrated on known and potential vulnerabilities to the US power grid and manufacturing facilities, said John Nicholas, UA’s cybersecurity program director.
Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) provided the training. Although DHS would not provide a spokesperson for an interview, the department did release the following statement: “As attacks on our cyber and communications infrastructure grow in diversity, prevalence, and sophistication, NCCIC’s mission demands that we stay ahead of the threat curve. One of the ways we do this is by providing timely and comprehensive industrial control system (ICS) training for cybersecurity professionals.”
DHS also said that the University of Akron had extended an invitation to host NCCIC’s training on campus.
Scott McConnell, spokesman for the DHS, said “The NCCIC accepted this offer primarily because of the robust connections the university has with industrial control system facilities and operators in the region.”
Nicholas said that all of the subjects of the lab work-- the electric grid, various dams, power facilities, large manufacturing facilities, have been the subject of hacking attacks over the years. That infrastructure is aging and needs upgraded, and the people in charge of its security need ongoing training to deal with all of the regular attacks against the system.
Nicholas said that he issued the invitation to DHS after helping to develop a “test bed” to detect security problems with sets of industrial and utility controls. He quickly realized that the test bed could host cybersecurity training for anyone using industrial controls, and contacted DHS to offer their facility.
The training was conducted by two DHS personnel and two other people from US Department of Energy’s Idaho National Laboratory, Nicholas said. The Idaho lab is the country’s preeminent cybersecurity laboratory and conducts trainings across the country. This was its first training in Ohio.
The first invitees were from the local area, said Nichols.
"FirstEnergy, Rockwell, Goodyear, Sherwin Williams—Northeast Ohio got first dibs, and then we opened it up nationally and internationally,” he said.
Most of the training was secret, said Nicholas, who could only speak in generalities about the material covered.
The training covered four days. The first two days were spent talking about attacks that had occurred in the past (which Nicholas would not detail), and the last two days were spent in the lab working on counterattacks techniques, and with the participants trying to hack into the systems themselves.
“We used defined attacks, and also created attacks on a virtual plan,” he said.
Nicholas said that the training went over what the cybersecurity professionals in the government are seeing in the field, real attacks that have happened, different things that they are seeing and what to look out for.”
He said that the trainers are developing a particular interest in the Internet of Things (IoT) and automation devices as targets of attacks.
The hacking did not involve events as serious as destruction of the grid or shutting down a nuclear facility, but more along the lines of searching databases or planting false readings into control systems. Most of the large attacks, he said, come from “state actors. There were a lot of examples of people hacking into various manufacturing facilities.”
UA’s cybersecurity major is the first of its kind in an Ohio public university. Nicholas said that when the major was first announced last year, he expected “maybe 15 participants.” To date, 74 people have signed up for the major for next year, including 46 who switched majors to join the program. “It has been a whirlwind year. I wouldn’t have thought that we would be here a year ago.”
Nicholas said that the training itself was “wonderful. It was good training, good conversations all over with professionals able to meet face-to-face and compare notes.”
This first training should be just the beginning of a partnership with government cybersecurity agencies, said Nicholas, who said that he is “looking forward to a partnership with DHS moving forward and hopefully we will be able to do it again. I hope this training is the first of many to come.”