Two students in Eastern Washington University’s computer science program recently played a critical role in blocking foreign actors from launching potentially serious cyber intrusions on two small Washington cities.
As part of their summer quarter curriculum at EWU, Tristen Greene and Nick Adams were working with the Public Infrastructure Security Cyber Education System (PISCES), which provides qualified students with supervised experience to act-as entry-level analysts. Participants analyze streaming data from small cities or communities that don’t have the resources to obtain their own cybersecurity.
“Our course teaches students the skills to hunt for threats and to understand exactly what live data is telling them —if it’s malicious or not,” says Stu Steiner, associate professor of computer science at EWU. “For our computer science students who graduate with a cybersecurity minor, their first job could be related to being this kind of analysis at a security operations center.”
That’s exactly why Greene was so interested in getting involved with PISCES. The Spokane native aspires to work in cybersecurity when he graduates next year. He describes his work with PISCES as both unique and rewarding because it afforded him the real-time experience of analyzing live streaming data and ‘threat hunting.’
“Threat hunting involves taking a potentially suspicious IP and running through them a few different tools that help us determine if the source IP is malicious,” says Greene. According to the U.S. Intelligence Community, the top threats — or foreign ‘bad actors’ — right now originate from China, Russia, Iran and North Korea.
While working a recent early morning shift, Green noticed a suspicious IP address probing a network used by the city of Kittitas in central Washington. Upon examination, the IP address was from one of those bad actors. Greene quickly filed a high priority report. After a senior level analyst confirmed the address was from China, the IP address was blocked.
The recently graduated Adams, who has dreams of being a software engineer at the Johnson Space Center, helped block a bad actor while monitoring data for the city of Liberty Lake.
“In the particular event I reported, a Russian IP was attempting to get an environment file from a server which was a critical asset,” says Adams. “What caught my eye about this interaction was that half of the source packets were not dropped, meaning they made it through with data to the server.”
“If it wasn’t for our students work, these municipalities would have had their files infiltrated with ransomware, resulting in thousands of dollars in costs to get their data back or restore records,” says Steiner.
Green says both he and Adams are grateful that what they’ve learned at EWU helped thwart these attacks. “By looking through traffic generated from these countries and using the skills and tools provided by Dr. Steiner, I was able to find a threat actor actively attempting to attack two of the municipalities I was monitoring and report them.”
EWU is one of almost a dozen academic institutions partnering with PISCES, most of them in the Northwest.
Read the story, and Assistant Professor Steiner’s words of caution to municipalities, in The Spokesman-Review.