Students in UW-Madison’s Computer Sciences Department are accustomed to firsts: the first PhD in computer science granted in the United States, or the nation’s first master’s program in data engineering.
Recently students in a UW-Madison software security course took part in another first: a cyber tabletop exercise facilitated by the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) — the first such exercise run by CISA at an academic institution, focused on students.
Professor Barton Miller, Vilas Distinguished Achievement Professor and Amar & Belinder Sohi Professor in Computer Sciences, and Senior Research Scientist Dr. Elisa Heymann teach CS 542, Introduction to Software Security, and wanted students to get real world experience with what a cyberattack might look like. So Miller and Heymann reached out to CISA to start creating a scenario for a ransomware attack on a community water utility.
Miller and Heymann also engaged other government partners who would respond to a serious cyber incident, in order to increase the realism of the information presented during the exercise. Participants from the City of Madison Water Utility, the Federal Bureau of Investigation, and the 176th Cyber Protection Team of the Wisconsin National Guard were all on hand to support the event.
On November 3 in Union South’s Varsity Hall, and with plenty of refreshments, 75 students split into teams responsible for working in the various roles that would respond to a serious cyberattack — cyber defenders, information technology professionals, city leaders, public information officers, federal, state, and local law enforcement, insurers, the Wisconsin National Guard, and more.
The purpose of the exercise is to provide students the opportunity to explore the coordination, plans, procedures, roles, and responsibilities of IT, operations, management, communications, and government liaisons in response to a significant cyber incident impacting a water utility and the surrounding community.
Patrick Skufca, an exercise planner with CISA’s National Cyber Exercise Program walked students through the tabletop exercise (TTX) scenario that had been developed over the previous two months. Various milestones or changes — called “injects” — were introduced, and the students then had to determine how they might respond and confront the issues that might arise during an attack where public safety is also threatened.
Supervisory Special Agent Amanda Knutson from the FBI’s Milwaukee Field Office and Captain Robert Saffell and Warrant Officer 1 Rebecca Johnson from the Wisconsin National Guard’s 176th Cyber Protection Team delivered cyber threat briefs throughout the event on topics ranging from cloud ransomware attacks, cybersecurity threats faced by Industrial Control Systems (ICS), and how federal law enforcement investigates cyber attacks.
The students worked through the scenario, gaining insight into the complexities of a response to a major cybersecurity incident along the way. The groups discussed topics like phishing, ransomware, incident response, insider threats, and talked about how to address protests and public messaging, as well as how to recover and secure systems to restore services.
At the end of the event, many students commented how surprised they were at how much of the response to an incident isn’t technical but also is about coordinating the response and organizing resources.
Miller says the events were a great success. “It’s a unique experience for a student getting to participate in this type of real world cyber incident response training. And to have such an incredible team of experts helping them really kicked this up to the next level. They came away from this event better understanding how their classroom activities fit into the real world.”
Dave Schroeder, National Security Research Strategist for the UW-Madison School of Computer, Data & Information Sciences (CDIS), said, “What our cybersecurity environment needs is more cooperation between academia, government, and industry. Attackers don’t make distinctions when they’re attacking, and we can’t afford to operate in separate silos. We need to work together.” Schroeder is also the Research Director for the Wisconsin Security Research Consortium and an Army Cyber Warfare Officer on the 176th Cyber Protection Team, and coordinated with Miller on the National Guard’s participation.
The next day, Miller delivered two invited talks at the Wisconsin National Guard’s Joint Force Headquarters in Madison. Maj. Gen. Paul Knapp, the Adjutant General of Wisconsin, opened the first talk on the ransomware landscape and presented Miller with a special challenge coin, awarded in recognition of Miller’s partnership with the Guard.
Miller first discussed the ransomware threat and how cyber defenders and leaders can be best prepared. The second talk moved to the Wisconsin Cyber and Intelligence Center and focused on malware reverse engineering. The talks were attended by senior leadership and military and civilian cyber professionals from across the Wisconsin National Guard and state partners.
Lindsay Kamnetz is a member of the 176th Cyber Protection Team and participated in both events. She is also a police officer with the Madison Police Department, completed her bachelor’s degree at UW-Madison in 2009, and earned her master’s degree in Library and Information Studies in 2022. “As cyberspace becomes the new battlefront both at home and abroad, it is critical that our future cyber defenders gain useful insight and experience before hitting the workforce,” said Kamnetz. “UW-Madison is now a model for other academic institutions to bring this kind of training to their own students. I couldn’t be prouder to call it my alma mater.”
On the broader collaboration, Kamnetz sees a bright future. “The Cyber Protection Team and UW-Madison each bring unique expertise and capabilities to the table. We both can leverage this partnership to improve our own organizations while enhancing our effectiveness in responding to active cyber threats. Being co-located in the City of Madison, this is a logical, strategic collaboration.”
In January 2022, UW-Madison became a charter member of the U.S. Cyber Command’s new Academic Engagement Network in order to help address the nation’s growing challenges in cybersecurity, and to help build the next generation of the cyber workforce. This kind of engagement with partners in government creates new opportunities for UW-Madison faculty and students to become part of novel solutions to the cyber challenges we face.