UNIVERSITY PARK, Pa. — Thanks to participation from 59 students across several colleges, Penn State recently finished fourth in the National Security Agency’s 2017 Codebreaker Challenge. After several years of competing and placing in the top 20 of last year’s competition, Penn State’s fourth-place finish is the University’s highest.
The national competition challenged students to take on a series of six hypothetical cybersecurity scenarios, with each task increasing in difficulty. In this year’s scenario, students explored a situation where the Department of Homeland Security requested NSA assistance to investigate questionable activity in a supervisory control and data acquisition (SCADA) network system, which allows for the real-time gathering and analyzing of data. The compromised system controlled infrastructure for several cities, so if an outside entity were to infiltrate and take control of the system, it could cause denial of service attacks against other networks, rendering them useless.
Xinyu Xing, assistant professor in the College of Information Sciences and Technology (IST), and his doctoral students, Jun Xu and Wei Wu, were some of the first individuals representing Penn State in the competition. After taking the lead for the first task, Xing decided to get his SRA 221 class involved.
“After we got the first task, suddenly everyone got stuck,” Xing said.
Xing’s class, “Overview of Information Security,” focuses on the principles for and methods of information security. The course uses hands-on and real-world experiences, so Xing decided to leverage the challenge to engage students with situations they’ll likely face in their careers.
To get students started on the challenge, Xing, Xu and Wu gave lectures to the class about the remaining challenges, and the students would use the information to solve the six tasks. These tasks included constructing an environment of the industrial infrastructure, then identifying and removing malicious traffic. Then, students used a provided code to identify malicious snippets in the existing code. From there, they hacked into the code to find the vulnerabilities and submit a payload to a remote server to shut down the infected network.
“I organized the lectures to be more hands-on,” said Xing. “I teach them how to use the virtual machine — which is part of the job of the codebreaker.”
Nationally, 290 universities had at least one student participate in the challenge. Though no Penn State student completed all six tasks — only three students nationally achieved that feat — three of the 25 students who solved the first five tasks were Penn State students.
Through the NSA Codebreaker Challenge, students in Xing’s class were not only exposed to the curriculum, but also to a common real-world scenario.
Chris Eyester, a senior majoring in both security risk analysis and international relations, said that the opportunity has made a positive impact and has taught him new skills that he might not have learned in a classroom setting.
“I had never competed or attempted a codebreaker challenge or hackathon, so it was a new experience for me,” he said.
Eyester shared that students had to use a software that many weren’t already familiar with, so they had to do their own research outside of class in order to complete the challenge at hand.
“I had to watch a bunch of videos and read up on it online,” he said. “That’s a skill I have now, and has sparked conversations during job interviews.”
Matt Chabala, a junior majoring in computer science and minoring in security and risk analysis, said he learned about computer hardware in previous classes but has never been exposed to ethical hacking until the competition.
“When I heard about the NSA Codebreaker Challenge I was really interested to see what a real-life example presented by the NSA was like,” he said.
Chabala said that going into the challenge, he didn’t know what to expect but realized he knew more than he initially thought.
“I learned that I still have a lot left to learn regarding hacking and how to perform some of the activities that I needed to do in the challenge,” he said. “But I also learned that there are still many problems with how we communicate over the internet.”
The experience also exposed Chabala to the potential dangers that exist in our connected world.
“I know that the internet can be an unsafe place and we have to be very careful when traversing it,” he said, “The challenge opened my eyes to the fact that there are still complicated ways to get around those safety measures.”