AMES, Iowa – A security breach is detected at a small business. Teams of cyber analysts are briefed about the situation and given five hours to answer three questions: Are the cyber-attacks connected? Whose account was used to access the server? And did anyone open the malicious email?
This was the final task given to a team of Iowa State University students – and teams from eight other universities – competing in the National Cyber Analyst Challenge. And while it’s just a competition, it’s a scenario that businesses, large and small, must contend with on a regular basis. Identifying the threat and correctly answering the questions earned the ISU team a $25,000 prize for winning the challenge.
This is the first year for the competition, sponsored by Lockheed Martin and Temple University’s Institute for Business and Information Technology. It was developed to help students build their skills and generate interest to meet the growing demand for cyber security analysts. Members of the ISU team say it was a great opportunity to compete and work with professionals tackling cyber issues.
“The experience, the training and the assistance that Lockheed gives you during the competition is so valuable that it would have been more than worthwhile even if we hadn’t won the competition,” said Jason Johnson, team member and a graduate student in information assurance and political science.
A needle in a haystack
To compete in the final phase of the challenge on Nov. 6, in Washington, D.C., students had to complete an initial cyber analysis back in September. Instead of five hours, they had three weeks to comb through the massive amounts of data – approximately 75 gigabytes – and determine how an employee’s computer was compromised. It was truly like looking for a needle in a haystack.
Although students didn’t know it at the time, the evidence collected during that first phase would come into play during the final challenge. During the final briefing, they were given more data files, including hundreds of employee emails, to analyze. The pressure of a five-hour deadline meant students had to work quickly and efficiently.
“There was so much more of the data we could be looking through, but at some point we had to start going off the leads that we had and focus in on the questions,” said Matt Brown, team member and graduate student in information systems and computer engineering. “There were some rabbit holes that we could have gone down, but we realized we couldn’t go too far down a trail or we were not going to finish.”
It also helped that the team, a combination of graduate and undergraduate students, had a diverse mix of skills and academic backgrounds. Faculty team advisers say that was by design. Team member Angela McMahon says the chemistry they developed throughout the three-month challenge was a huge asset.
“It worked greatly to our advantage, because each one of us did something different that contributed to the project as a whole. Instead of everyone looking at network logs, some of us could look at memory dumps from a computer. That was helpful because time was our biggest challenge,” said McMahon, a graduate student in information systems.
Making their case
While time was a challenge, students say it’s very realistic of the pressure cyber analysts are under when there is a security breach.
“Companies that deal with these cyberattacks need to quickly figure out what happened and how they can at least temporarily fix it, so that they can get back to business as usual,” said Steffanie Bisinger, team member and a senior in software engineering.
Another realistic element: presenting their findings to the top corporate executives. As the team was analyzing evidence, it was also building a final presentation for the judges. A panel of industry experts scored the teams on technical proficiency, judgement and communication.
“We were to treat this exactly as if it were a real scenario,” said Sambhav Srirama, team member and a senior in computer science. “The fact that companies, like Lockheed, are sponsoring competitions like this is really a good way for students to apply their skills and get guidance from a company that has to be good at cybersecurity.”
Faculty advisers Jim Davis, an associate professor of information systems; Doug Jacobson, University Professor of electrical and computer engineering; and John Burnley, a lecturer of information systems, say the competition will give students a clear advantage with future employers.
“The students were given a very real scenario and an opportunity to practice their craft,” Davis said. “This experience will make them standout from other prospective candidates.”
The advisers say winning the competition also shows the strength and breadth of the Iowa State program. The $25,000 prize will be divided among the students on the team.