The Department of Energy is expanding its CyberForce program by offering year-round competitions, webinars and career resources designed to prepare collegiate students to fill workforce gaps — especially around industrial control systems (ICS) and operational technology (OT).
Argonne National Laboratory leads the program and added two virtual, solo competitions, comprising a Conquer the Hill series, that allows students to hone cyber skills mapped to the National Institute of Standards and Technology‘s National Initiative for Cybersecurity Education (NICE) Workforce Framework.
Argonne launched a Cyber Defense Competition in 2016 to help address the national cyber talent shortage, predicted to reach 1.8 million workers by 2022, which has evolved into a program benefitting not only companies but government as well.
“The National Labs, Department of Energy and all the other federal agencies are obviously equally looking for talent that is interested,” Amanda Joyce, CyberForce program director, told FedScoop. “Bringing students on-site, or even bringing them in virtually, brings awareness to the national lab system.”
Tech giants like Amazon, Microsoft and Google attract the top cyber talent, but students forget DOE keeps the lights on for those companies — literally — and can give them the hands-on training in real-world scenarios involving ICS and OT they lack, Joyce said.
Argonne won’t hold the next in-person, team CyberForce Competition until 2022 because of the Covid-19 pandemic, which is why it started the Conquer the Hill series.
The Reign Edition set for September will be a timed, capture-the-flag event with non-traditional escape room elements that force competitors to think logically.
While the Adventurer Edition, which ran from July 16-18, gave participants 48 hours to complete 160-plus cyber tasks of varying difficulties in a question-and-answer format. University of Central Florida student Cameron Whitehead won.
While Conquer the Hill events try to admit all who register, the CyberForce Competition only allows one team per university to enter. The red-blue, attack-defend competition requires teams to perform daily tasks like examining log files while keeping everything from email to ICS operational, in what is a multi-lab event.
This year the CyberForce program also added a once-a-month webinar series highlighting key cyber topics; a virtual career fair for more than 1,000 students to meet with cyber companies; and is creating a workforce development portal that will report on students’ progress and let them engage with each other and government and industry experts year-round.
The need to have students fill cyber roles defending ICS and OT became more critical after a hacker breached a Florida water treatment plant in February and a ransomware attack on Colonial Pipeline in May, which led the company to shut the pipeline down temporarily and saw people panic-buying gas into scarcity across the Southeast.
“Why we push operational technologies so much is because the technology we’re using is very old,” Joyce said. “”The problem is none of these systems were ever really meant to be on the internet.”
The CyberForce program encourages students to think through the added cyber risks ICS and OT present and consider what constitutes the proper amount of security, how the networks communicate internally and with other networks, and how a hacker might turn them off.
Security isn’t just updates, patches and firewalls when it comes to such systems, Joyce added.
“The problem is that doesn’t work for everything and specifically for our operational technology networks,” she said. “And it takes a unique skillset to really understand that and to figure out that these systems are very sensitive in nature.”