UW–Madison expands government and academic cyber cooperation with cyber tabletop exercise for second year

Students respond to a simulated cyber attack scenario with government and industry partners

University of Wisconsin–Madison Computer Sciences students aren’t waiting for the new School of Computer, Data & Information Sciences (CDIS) building to be complete before getting together in large numbers to work on today’s most challenging cybersecurity challenges. Over 130 students in CS 542, Introduction to Software Security, taught by Professor Bart Miller, gathered for several hours in Union South’s Varsity Hall on November 7, 2023, to learn about the real world challenges they will face when implementing secure software and systems.

Students at tables listen to presenter
Students listen as Patrick Skufca of CISA’s National Cyber Exercise Program talks about one of the cyber attack events — or “injects” — during the exercise in Union South’s Varsity Hall.

For the second year, the Cybersecurity and Infrastructure Security Agency (CISA) led an exercise — the only of its kind conducted at a university, and focused on students — simulating a ransomware attack against an electric power utility in Wisconsin. Students took on roles of the various organizations that would respond to a real-world cyber attack, such as electric utility officials, information technology staff, cybersecurity incident responders, law enforcement, investigators, and other federal and state agencies and regulators. Before the event, students researched the responsibilities of the roles.

Known as a “tabletop exercise” — or TTX for short — the event is designed to provide a structured way to walk through a complex cyber incident from beginning to end. “These students are tomorrow’s professionals who will be creating the next generation of secure systems,” said Miller, Vilas Distinguished Achievement Professor and the Amar & Belinder Sohi Professor in Computer Sciences. “This exercise gives context to the important work they will be doing.” The exercise was led by Patrick Skufca and Rebecca Faustina of CISA’s National Cyber Exercise Program (NCEP).

Amanda Theel gives presentation
Amanda Theel, Cybersecurity Workforce Development Group Leader at Argonne National Laboratory in Lemont, IL, briefs students on Operational Technology (OT) threats and the Department of Energy’s CyberForce program.

Because of the success of last year’s event, the number of students attending nearly doubled. Miller realized that the students would benefit from more guidance in their

simulated roles. With the help of Dave Schroeder, National Security Research Strategist at UW–Madison, a team of over 20 subject matter experts was assembled from the Wisconsin National Guard, Wisconsin Emergency Management (WEM), the Department of Energy’s (DOE) Argonne National Laboratory, the Federal Bureau of Investigation (FBI), the Department of Homeland Security (DHS), UW–Madison’s Division of Information Technology and Office of Cybersecurity, and an electric utility operating in Wisconsin. The experts traveled from around Wisconsin — and from as far as Illinois, Maryland, and Idaho.

Fueled by ample coffee and snacks, the students worked through the cyber attack scenario and discussed options for how best to respond — and how best to recover.

Lindsay Kamnetz talks to table of students
Lindsay Kamnetz, of the Wisconsin National Guard’s 176th Cyber Protection Team and a Madison Police Officer, talks with students in law enforcement exercise roles. Kamnetz is also a graduate of the UW–Madison iSchool Master’s in Library & Information Studies program.

The team of subject matter experts provided threat briefings throughout the exercise, and worked directly with the student roles matching their areas of expertise, such as cyber incident response, law enforcement, or Operational Technology (OT) and Industrial Control Systems (ICS) — the technology which drives much of our nation’s critical infrastructure, from power plants and water treatment facilities to healthcare and manufacturing infrastructure. These systems are especially attractive targets for attackers ranging from criminal hacking groups to nation-states.

The kind of collaboration this exercise enables is critical. “Our country has a critical shortage of expertise in cybersecurity, and one way to address this gap is through partnerships. When people understand just how important cyber is to so many areas and the scope of the threats we face, they want to learn more about how they can contribute to the solutions,” said Schroeder, who also serves as Research Director for the Wisconsin Security Research Consortium.

Rebecca Johnson talks to table of students
Rebecca Johnson, of the Wisconsin National Guard’s 176th Cyber Protection Team and an OT cyber threat analyst at Idaho National Laboratory in Idaho Falls, ID, talks with students working in OT/ICS exercise roles.

Schroeder said UW–Madison’s participation in events like this exercise and the U.S. Cyber Command Academic Engagement Network, another program designed to engage students with cyber leaders and opportunities in government, is key to developing the cybersecurity workforce. “That’s exactly what we see today with this exercise and the excitement the students have talking with the experts here. Bart’s willingness to develop and embrace creative solutions means these students will be tomorrow’s leaders in cybersecurity.”

Group of students work on Industrial Control System
Students work with an Industrial Control System (ICS) trainer provided by the Wisconsin National Guard’s 176th Cyber Protection Team, which simulates real world OT/ICS systems such as those found in power plants.

The students worked together to defeat the threat, and discussed lessons learned throughout the exercise before dispersing across campus. Miller says he looks forward to hosting CISA and other partners again next year as a part of the course. “The success of this exercise and just how engaged the students are really shows the value of getting different stakeholders together to guide students through thinking about a real world cybersecurity problem,” says Miller. “This gives them more tools to think about the threats.”

Do you want to learn more about the ransomware threat and how to protect yourself? Visit the CISA #StopRansomware site for information and resources.