Saturday was Cyber Aces Day in Minnesota, by proclamation of Gov. Mark Dayton, and why not? One of his state’s biggest employers, Target, has been brought to its knees by a highly skilled computer hacker or hackers, and the world now holds its breath as it awaits new handiwork from the next Edward Snowden or Bradley (now Chelsea) Manning.
Who might have been in attendance Saturday at the all-day Cyber Aces competition hosted by Inver Hills Community College, where 25 of the brightest IT workers in the state competed for top honors in cyber security, but probably not: Sponsored by Sans and Unisys, and organized by the national nonprofit digital talent scouting agency Cyber Aces, the free day-long event drew expert computer programmers, analysts, students and thinkers, all of whom expressed concern about staying ahead of the bad guys.
And while the game itself – SANS NetWars, the same hands-on simulation used by the U.S. military to train its officers in network warfare – was about as exciting to watch as a bunch of dudes (and exactly one woman) staring intently at computer screens for a few hours can be, Minnpost collared a few Cyber Aces to get a pulse on the fast-changing state of cyber security, the groove of hacker chic, and the digital-security watershed moment we find ourselves in.
Tim Medin, Longview, Texas. “I work for Counter Hack, and we do a lot of this training throughout the country to find the next generation of people that are going to help us out with cyber security. The hard part now is that we’re in desperate need of people who can fill these positions. Our hope is that we can find the next generation of talent and encourage them in this field so that they can fill these positions and help secure all these various systems that are getting breached like crazy recently.
“It is [a watershed moment]. I mean, if you want to rob a Target [physically], you’re limited to how much you can take. But with [hacking], you can get tons of money from the comfort of your own home, and that’s just the way it is now. The game has changed. You’re a hundred milliseconds away from every bad guy on the planet, and it’s sad to say, but we’ve got so many employment opportunities because there’s so many bad guys and such a demand for skilled people in this field.”
Christopher Blake, Farmington, won the competition and a share of a $10,000 scholarship and future training. “Technology isn’t going to shrink, it’s only going to expand, and because of that, from a security standpoint, you’ve got to keep progressing with it because it’s constantly changing. You’ve got to stay on top, or you’ve got to try. The best you can do is be prepared and know what you’re dealing with and do your best to counteract it. There’s always the temptation [to use his knowledge for creating chaos], but it comes down to morals, and I would never want to harm others, especially with information and the damage that can be done. I personally see it’s more important to protect others, and help others, because if you won’t, who will? Especially in the security field, where you have to willing to do the right thing at all times.”
Keith Higgins, Chaska. “I’m retired military, I have 32 years in IT. I’ve done a lot of things, but I’ve never worked in security full time, and my goal is to work in computer security full-time. I think we need a lot more highly trained computer professionals, because sometimes companies leave things open so it doesn’t take much expertise, and some of these hackers are very good.”
Jason Lachowsky, St. Paul, took third place in the competition. “It truly is a global landscape, and when you have so many computers in play, you can’t control all of them. So it becomes not only a situation of, ‘Is my network secure?’ but ‘Is the rest of the world’s network secure?’ And that part is the difficult thing, so you have to kind of play defense and offense. You have to find the exploits before the bad guys find the exploits, because it becomes kind of a race where you can develop either good notoriety for yourself by finding that hole first, or if you’re going for the bad notoriety you can find the hole and run a Target-type scenario.
“A lot of what Bradley Manning was doing was going for the Internet cred that came with accessing these documents and leaking them out. And it’s the same thing: There’s this underground culture where [hackers] are competing against each other, and it can be very innocent, where you’re defacing a website or planting a fake story, whatever. But when you’re stealing credit-card information, it becomes a bit more nefarious.”
Jeff Sass, Blaine. “I’m pretty worried about the state of cyber security; that’s one of the reasons I’m here. I’m doing this on my own professional-development time, to see what’s going on in this area. I work in application development, and I’ve just been following what’s happening, and the incredibly high material that we’re working with here is incredible. I can’t believe it’s happening here in Minnesota.
“One of the things I’m interested in is, we want to make security secure, but we want to make it easy. I want my parents to be able to figure it out. Security right now is just too hard, it needs to be easier. Right now passwords are not the solution, we need something else. There’s a thing called Security Development Lifecycle, where you’re thinking security the whole way through the architecture, and we need to pay attention to that.”
Sean Meyer, Fridley. “This is my red box. I’ve had it for about six years. In there I have tools to fix anything. I have data transfer cables, I have network cables, I can pull out a hard drive … . Pretty much anything you need to fix or update or break a computer is in that box. There are so many possibilities for the crooks, and they’re getting so much more organized. I heard one scenario where the bad guys hired a psychologist to figure out how to make people click a box better; click this box, install this program, make money. It gets people to accidently install a virus. Never click. I’ve been doing this for 10 years. It used to be harder to get infected but now, you go to [the] CNN [website] and you’re infected and you don’t even know it.”
Dr. Kevin Gyolai, Dean of STEM at Inver Hills. “The doomsday scenario is that some group, some sophisticated collaborative group of criminals, would hack into our digital infrastructure and do things like shut down Wall Street, shut down the power grid. So we train the students that become the employees that help keep that from happening.
“I think the genie is out of the bottle, but we win that cyber defense battle the vast majority of the time. When you think about the people who are in that room, all different ages and all different backgrounds, but the things they have in common are that they like a puzzle, they like to think critically, they’ve got some competitive streak in them, they like to sit down and take time to work through something, and they just like the idea of doing something with computers.
“Part of why Inver Hills is hosting this event is because we’re looking to recruit some of those best and brightest to go into cyber security and IT. Hopefully at a MnSCU school, but not necessarily, because the state of Minnesota has dire IT work-force needs. There’s loads of cyber security jobs that go unfilled in Minnesota.
“We have a designation from the National Security Agency and Homeland Security as a national center for academic excellence, information assurance and cyber security. We were one of the first 10 in the nation, so what that means is that the curriculum that we teach our students is aligned to the curriculum that the feds say is the most current and relevant curriculum that is out there. They recognized us as one of the top community colleges in the nation for cyber security; in last year’s online Cyber Aces competition, Inver Hills students took five of the top 10 spots nationally. We dominated, and they reached out to us.”