For four months leading up to the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE) organized Locked Shields exercise this spring, a team of six graduate students from the University of Nebraska at Omaha searched for ways to attack devices that would be used in the competition.
It was the first time a student group had performed an organized vulnerability discovery in the Locked Shields preparation phase, and their work for the NATO CCDCOE—along with the many other student contributions to the exercise—shows promising avenues for future academic cooperation with the NCI Agency-led NATO Industry Cyber Partnership (NICP) and overall NATO cyber defence.
Over the past year, NICP has evolved from words on a page into a set of significant partnerships that are honing how NATO and industry can better work together to defend against rapidly evolving cyber threats. Recognizing shared risks in cyberspace and the imperative of tapping the expertise resident in industry and academia, Alliance leaders endorsed the NICP at the Wales Summit in 2014 and launched it the following year.
Collaboration with academia on cyber defence
Student involvement in the run-up to the NATO CCDCOE Locked Shields exercise illustrates the possibilities for NICP to deliver on its goal of working more closely with academia on cyber defence.
"In general students have brought a great value added to every Locked Shields exercise," CCDCOE Chief of Technology Branch Raimo Peterson said. "We may say that Locked Shields is partly dependent on voluntary students' contributions."
Locked Shields is known as the world's largest and most advanced international live-fire cyber defence exercise, involving over 550 people from 26 nations and including NATO bodies, industry, and academia. A team from Slovakia edged out NCI Agency's NATO Computer Incident Response Capability (NCIRC) to win this year.
Graduate students have long played an essential role in the set-up of Locked Shields, forming the Blue Teams that compete with each other during the test run. Tallinn University of Technology has been a long-term partner of CCDCOE on Locked Shields, and several universities are involved every year. Their participation allows CCDCOE to realistically test their systems without exposing the networks and systems to the real training audience.
The main target audience for Locked Shields are the Blue Teams that must maintain the network services of a fictional country, taking into account social, political, and legal factors, as well as the media environment. This year, the Blue Teams also had to protect sensitive Industrial Control Systems (ICS) equipment from attackers. ICS equipment controls large industrial systems such as power plants, water treatment facilities, and pipelines in the real world.
The UNO team, led by Dr Robin Gandhi, Dr William Mahoney and Dr Matt Hale, was tasked with finding vulnerabilities in the "programmable logic controller" (PLC), which was controlling the temperature of the server room. They described different attack vectors exploiting the unsecure configuration of the PLC, developing potential game challenges and attack scenarios that the Red Team could use during the exercise. In essence, they "hacked" the devices beforehand to help the Red Team's work.
"As the technology was new in context of Locked Shields, the student work gave a good overview of different attack vectors," Peterson said.
Some of these attack vectors were successful during the Locked Shields competition.
A win-win collaboration
For their effort, the UNO students earned credit toward their Master's Degrees in Information Assurance, but also had the satisfaction of playing a role in advancing the Alliance's cyber defences.
"For students to be able to gain experience with and contribute to the premier NATO cyber security exercise was an amazing learning opportunity," Dr Robin Gandhi of UNO said. "Feedback from NATO CCDCOE personnel on student deliverables always resulted in interesting and deeply technical discussions."
This win-win collaboration bodes well for future efforts to tap into the energy, creativity and cyber expertise of students from across the Alliance.