Last year, Eastern Washington University students tasked with monitoring Spokane Valley's municipal computer networks noticed something unusual — repeated pings from Russian IP addresses.
Stu Steiner, an assistant professor of computer science at Eastern Washington University, says the hackers were likely trying to find backdoor access to the system so they could install ransomware and steal data. As soon as they noticed what was happening, the students leaped into action.
"They analyzed that data, saw it was coming from Russia, figured out it shouldn't be coming from Russia, and then escalated help desk tickets immediately," Steiner says.
After seeing those tickets, city authorities were able to quickly blacklist the Russian IP addresses, permanently blocking them from accessing the servers.
The students were monitoring the network as part of the Public Infrastructure Security Cyber Education Systems project, or PISCES. The Washington state-based program pairs cybersecurity students with small, public-sector organizations, who often lack IT resources to monitor and detect threats. It's a partnership that everybody (other than the hackers) benefits from. Small municipalities get free student monitoring of their computer networks, while students gain real-world experience analyzing large quantities of data without being held liable if something goes wrong.
The threat of cyberattacks has risen dramatically in recent years, Steiner says. The Washington State Attorney General's Office reported 150 ransomware attacks last year — more than the total number of ransomware attacks in the previous five years combined. The total number might be higher, as organizations are often hesitant to publicly report attacks because it could signal their vulnerability to other hackers.
Steiner attributes the increased severity of the threat to three main factors: hackers getting smarter, tools getting better and a critical shortage of trained cybersecurity experts.
Demand for cybersecurity experts has grown rapidly, but the workforce is struggling to catch up. There are more than 600,000 open cybersecurity positions across the country, and the Biden administration has said that filling them is a top national security priority.
Steiner hopes Eastern Washington University's rapidly growing Center for Network Computing and Cyber Security can help address the industry's workforce shortage. The program started taking students four years ago under the school's computer science and electrical engineering department. The program had only four graduates in its first year, but Steiner says it expects to graduate 61 this year.
In November, EWU earned a designation from the National Security Agency as a National Center of Academic Excellence in Cyber Defense. Eastern was the first school on the east side of the state to earn the designation, and Steiner hopes it will help cement the school's status as a regional hub for cyber defense. Steiner says the center hopes to hire six to eight full-time faculty in the next four to five years and plans to offer a masters program in cybersecurity soon.
The program currently offers a cyber defense degree. Starting in the fall, the program will also offer a cyber operations degree. While cyber defense professionals typically focus on beefing up an organization's systems and putting tools in place to defend from potential attacks, cyber operations professionals focus on the other side of the equation — attacking.
Steiner says older students with families are typically more drawn to the defense side of cybersecurity, while younger students are more often drawn to attacking.
"It's more of a thrill to attack," Steiner says, "because you can see you've all of a sudden taken over this machine or you compromised this network. And now you can do whatever you want."
Steiner stresses that when his students do attack a system, it's always in an ethical fashion. It's known as penetration testing. Basically, an organization agrees to let the attackers try to hack into their systems and find any places to exploit or weaknesses. Once those vulnerabilities are identified, the cyber defense professionals can step in and try to patch the holes in the system.
Most ransomware attacks are done by criminals hoping to steal data and hold it for ransom. When an organization falls victim to a ransomware attack, it generally has two options: pay the hackers, or go through the time-intensive process of rebuilding their systems from scratch and hope that the data is recoverable.
It's an age-old dilemma in the cybersecurity world, Steiner says. Private businesses will generally choose to pay, while public sector organizations — less keen on negotiating with criminals — will typically choose the latter option.
It's a tough spot to be in, and neither option is ideal. But Steiner hopes the work his students are doing at Eastern will help ensure that fewer organizations have to make that choice in the first place. ♦