By Assefaw Gebremedhin, James Crabb, and Bernard Van Wie
The CySER Summer Workshop 2024 ran from May 20 to May 29, with a check-in and mixer event being held May 19. A recap of the workshop’s events follows.
Day 1 (May 20)
The workshop began with Dr. Partha Pande, Interim Dean for the Voiland College of Engineering and Architecture at Washington State University (WSU). He welcomed the CySER students and emphasized the importance of cybersecurity education and the role the CySER program has played in the development of WSU’s new BS in Cybersecurity. This was followed by remarks from Dr. Ananth Kalyanaraman, Interim Director for the School of Electrical Engineering and Computer Science at WSU, who highlighted the cybersecurity curriculum at WSU along with cyber-focused research projects and the need for graduate student researchers in cybersecurity.
Dr. James Crabb, Project Coordinator for the VICEROY CySER Institute, concluded the opening session with a brief overview of the CySER program and a look ahead at what to expect over the course of the summer workshop.
The second session of the morning was given by Daniel Brown, Inland Northwest Cybersecurity Advisor at the Cybersecurity and Infrastructure Security Agency (CISA). He discussed the role of CISA in securing national critical infrastructure and provided examples of why this is crucial to national security. He also explained CISA’s initiative to promote the concept of “Secure by design, secure by default.”
The final session of the morning was given by Dr. James Crabb, who spoke on his research into cybersecurity education in the United States. This included an analysis of cybersecurity degree programs, a comparison of various frameworks currently in use to guide curriculum development of cybersecurity programs, a review of cybersecurity education research, and a look at WSU’s own cyber program to see where it fits into the cyber landscape.
Dr. Rob Crossler, Department Chair of Management, Information Systems, and Entrepreneurship at WSU gave the first session in the afternoon. His talk looked at risks, threats, and vulnerabilities, and specifically asked students to think about and then discuss the benefits and risks of modern AI technologies such as ChatGPT.
The next speaker was CJ Maciag, Director of Cyber Technologies and Academic Outreach in the Office of the Undersecretary of Defense for Research and Engineering, and pioneer of the VICEROY program. He discussed his background in cyber, the importance of continuing to develop our cyber defense capabilities, and how the VICEROY program supports that mission.
The final events of Day 1 of the summer workshop were a poster session where CySER undergraduate participants presented the cyber research projects they had worked on over the past semester with their graduate and faculty mentors, and a certificate awarding ceremony to recognize students for their participation in the CySER program.
Day 2 (May 21)
The day began with Dr. Noel Schulz, Professor in the School of Electrical Engineering and Computer Science at WSU, who presented on the topic of securing the power grid. She explained what smart grids and microgrids are, and what some of the approaches are that can be taken to enhance security and resiliency in these systems.
This was followed by Tim Schulz, AI Red Team Lead for the Readiness and Proactive Security team at Verizon. The focus of his talk was on understanding modern AI platforms such as ChatGPT and what impacts, both positive and negative, they have on the cybersecurity field.
Nathan Kipp, Engineering Manager for Schweitzer Engineering Laboratories (SEL), presented on the topic of managing cybersecurity risk in industrial control systems (ICS). This included a discussion on physical security for ICS and examples of known threats to infrastructure in the US.
The afternoon of Day 2 was devoted to a hands-on demonstration on digital forensics given by Dr. Clemente Izurieta, Professor in the Gianforte School of Computing at Montana State University (MSU). The session was designed to allow students to actively participate and practice using Linux tools and Python applications to examine memory dumps.
Day 3 (May 22)
Students participated in a team building and leadership workshop led by Major John-Anthony Ford who heads the Air Force ROTC programs at WSU and University of Idaho (UI). The session began with a team building exercise, followed by a look at the team building process, and then discussions on effective leadership and followership.
Dr. Aaron Darnton, Chief Technical Officer at the Naval Undersea Warfare Center (NUWC) Keyport discussed the NUWC’s mission which encompasses a wide range of activities including cyber defense and naval warfare. He also highlighted internship and employment opportunities at NUWC.
The afternoon of Day 2 consisted of a series of talks on cybersecurity research. Dr. Feng-Hao Liu (WSU) discussed post-quantum cryptography. Dr. David Douglas (Central Washington University) discussed ethical considerations in cybersecurity. Dr. Jana Doppa (WSU) reported on his work with human-in-the-loop machine learning for anomaly detection. The afternoon was concluded with a presentation by Dr. Xu Lin (WSU), who explained web browser fingerprinting and stealth tracking techniques.
Day 4 (May 23)
On the morning of Day 4, students went on a field trip to SEL’s Pullman campus. The agenda was developed with Kelsey Cummings, and Merisa Hemingway hosted the visit. It began with a panel discussion on cybersecurity issues related to the power grid and how SEL addresses these issues. The panel was a group of cybersecurity experts at SEL, including former CySER undergraduate Nathan Waltz. After the panel discussion, students went on a tour of the production facility where they got to see first-hand some of the components critical to power grid safety and security being made.
The afternoon of Day 4 was another hands-on demonstration, this time given by Dr. Jim Alves-Foss, Professor in the Computer Science Department at UI. His demo was regarding the use of modern AI tools, namely ChatGPT, for identifying vulnerabilities in source code. Prompt engineering was highlighted in terms of how effective ChatGPT was at finding vulnerabilities given different prompts. Students were guided through this process and then allowed to explore it further.
Day 5 (May 24)
The fifth day of the workshop featured a full-day field trip to Pacific Northwest National Laboratory (PNNL) in Richland, Washington. Mark Rice, who served as the host for the visit, welcomed the students, after badging and check-in was completed, facilitated by Vanessa Whitten. The first stop was the 5G and Internet-of-Things (IoT) labs. In the 5G lab, students heard from Elena Peterson about the research they do there related to wireless communication security, and in the IoT lab, Penny McKenzie discussed security issues related to internet-connected household appliances and smart technology.
During lunch, Associate Lab Director Debbie Gracio spoke with the students about PNNL’s mission and its role in national security. After lunch, students got to see the “DHS Skids,” physical representations of, and cyber testbeds for, ICS of various critical infrastructure such as shipping/transportation, water treatment, and power generation; this part of the tour was given by Jeffrey Morrow. Students also got to see the Electricity Information Operations Center where they heard from Mark Rice about the work that goes into monitoring the US power grids to ensure their safe operation. Students also got a tour of the GPS Timing lab led by Erich Choi. The visit concluded with a presentation from Mark Rice, Dan Sanner and Tim Babcock about internships and employment opportunities at PNNL.
Day 6 (May 28)
The morning session on Day 6 was a series of presentations on cybersecurity research being conducted at WSU and MSU. Dr. Monowar Hasan (WSU) presented his work on defending cyber-physical systems that operate in real-time. Dr. Haipeng Cai (WSU) discussed using automated data augmentation for machine learning code vulnerability analysis. Dr. Fangtian Zhong (MSU) talked to students about practical adversarial malware attacks and defenses.
The afternoon focused on cybersecurity careers and professional skills. A panel of cybersecurity industry experts answered student questions about working in the cybersecurity field. The panel included Andrew Ginter of Waterfall Security Solutions, Jason Lee of Splunk, Dr. Matt Revelle of MSU, Dr. Jessica Smith of PNNL, and Tim Weaver of the Air Force Research Laboratory (AFRL). Students had submitted questions ahead of time on such topics as how to prepare for a career in cybersecurity and what the future of cybersecurity looks like. They were also able to ask follow-up questions during the panel. The panel was moderated by Dr. Assefaw Gebremedhin and Dr. James Crabb.
Day 6 concluded with a presentation by Dr. Olusola Adesope, Professor in the College of Education at WSU and Evaluator of the CySER program, who spoke on how to make the most of an internship and why it is important to be a lifelong learner.
Day 7 (May 29)
On the final day of the workshop, students went on a field trip to Fairchild Air Force Base near Spokane, Washington. Tech Sergeant Brittany Arnold hosted the group. A representative from the 141st Communications Squadron talked to the students about his job and life in the Air National Guard. This was followed by a group from the 256th Intelligence Squadron also talking about some of the things they do such as tracking the activities of specific threat actors against the Air Force Network. After that, leadership from the 242nd Combat Communications talked about their mission, and then the students went on a tour of their facilities including their cyber operations shop, satellite communications shop, and client services. Finally, recruiters from the Air National Guard spoke with students about opportunities in the Air National Guard and the benefits of working there.