Sandia-mentored high school team competes in national cyber defense competition

Publication Date:

Sandia news media contact

Stephanie Holinka
slholin@sandia.gov
505-284-9227

ALBUQUERQUE, N.M. — Students with La Cueva High School’s Marine Corps Junior ROTC program are competing in the finals of CyberPatriot V, a national high school cyber defense competition in National Harbor, Md., that ends Saturday.

The team, mentored for more than two years by Sandia National Laboratories cyberengineers, emerged as the top team in the All-Service Division.

CyberPatriot is designed to introduce students to the foundations of cybersecurity. In each competition, students are given GNU-Linux or Windows virtual machines with several vulnerabilities. Students work against the clock and other teams to eliminate the vulnerabilities. Teams that find and neutralize the most vulnerabilities in a set period advance to the next round.

Students compete in either the All-Service Division, which is open only to Junior Reserve Officer Training Corps, Civil Air Patrol and Sea Cadet Units, or the Open Division, for accredited public or private institutions or registered home school associations.

The contest provides participants with unsecure machines that have been compromised, both by turning on legitimate services that aren’t needed and can compromise security, and by introducing malicious executable programs. Students decide what to turn off, what to leave on and what malicious programs need to be removed and cleaned up after.

Chris Davis of Sandia’s Effects-Based Studies department  and Ted Reed of the labs’ Cyber Security Technologies department have worked with the La Cueva team for the past two years.

Reed said it’s not easy to train students on cybersecurity issues, partly because they need compromised computers to train on, but most school and home computers are locked down.

During after-school practices, Reed and Davis gave students basic security guidance about how to secure Windows and Linux machines and how to work with Linux. They helped students understand the problems and figure out how they could improve their security posture.

Reed said the program offers students an understanding of computer security, especially the most important principle: If you don’t need the service, turn it off.

Davis said the students didn’t know much about cybersecurity when they started, but now they’re able to fix things at the command line, and they do it naturally.

“Two years ago Ted and I were giving them very basic help. Today, they’re asking us questions that are out at the edges of my understanding of things,” Davis said.

Prior to Sandia’s help, previous La Cueva teams were eliminated in the first round.

“I grew up with computers in my house, but these kids are digital natives born within 10 feet of a cell phone. They think about things differently. Watching how they operate has been eye-opening and educational for us,” Davis said.

First Sgt. A.R. Griego, senior instructor for La Cueva High School’s Marine Corps JROTC team, said Reed and Davis have been a massive help to the team.

At first, the pair visited the school together. As work progressed, they alternated weeks, while assisting students in creating a playbook that documented the team’s progress and will help train future teams.

“It’s been rewarding watching them go from average, perhaps mildly unprotected, computer users to people who are securing themselves and their families,” Davis said.

Last year’s team passed their documentation to this year’s team, so the team started with the help and guidance of past teammates and experienced peers, Davis said.

Last fall, with support from Sandia’s Community Involvement Department, Reed and Davis organized a Cyber Boot Camp for high school students. About 25 La Cueva students attended the one-day boot camp, running through CyberPatriot-style practice rounds. Sandia plans future boot camps for other local high schools.

Tyler Morris, the La Cueva team captain, joined Sandia’s Center for Cyber Defenders (CCD) as a student intern last year. Using funding from the Department of Homeland Security’s Science and Technology Directorate and tools from The Deter Project and University of Southern California’s Information Sciences Institute, he and other CCD interns developed training courses that could go into a controlled test environment so they can be accessed online. He also worked to pass along the team’s knowledge and experience, helping develop an app for basic cybersecurity education.

Davis said a few other students from last year’s team have pursued college majors related to computer security. But the experience has been beneficial for all of the participants.

“Even if they don’t pursue it as a profession, their security hygiene has improved greatly. They know how to assess risks and protect themselves and their families. The more people protect themselves, the less governments and other officials have to intervene,” Davis said.

 

Sandia National Laboratories is a multimission laboratory operated by National Technology and Engineering Solutions of Sandia LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy’s National Nuclear Security Administration. Sandia Labs has major research and development responsibilities in nuclear deterrence, global security, defense, energy technologies and economic competitiveness, with main facilities in Albuquerque, New Mexico, and Livermore, California.

Sandia news media contact

Stephanie Holinka
slholin@sandia.gov
505-284-9227