Sandia LabNews

The elite cyber defenders of Sandia


When you first enter Sandia’s nationally recognized Center for Cyber Defenders — known as the CCD — you may find yourself wondering if you’ve inadvertently stepped into a university’s computer science lab.

As it turns out, the collaborative peer-learning environment of college is exactly the concept behind the Cyber Defenders program.

The large room, buzzing with the activity of students and the hum of computer workstations, is the place students of the Cyber Defenders program call home.

Ryan Custer (5616), now a full-time Sandia employee, was one of the nearly 90 students who have participated in the CCD to date. The teams of students have developed a reputation for their remarkable speed and effectiveness in completing projects — a direct result of their ability to instantly consult with their peers, says Ryan.

“If there’s something you don’t know the answer to, if there’s some code you’re unfamiliar with,” says Ryan, “all you have to do is shout out, ‘Hey, what do you know about this?’ and you’re guaranteed to get at least a few knowledgeable people right there helping you.”

While a student with the CCD, Ryan collaborated with fellow student Erik Lee (5616, now also a Sandian) to design a suite of tools that presents a human with a way to visualize events as they occur on a network. Together, Ryan and Erik developed a variety of ways to visually interpret the huge amounts of information flying across a network. By using these visualization tools, an operator can watch a detailed, real-time representation of a network, and thereby gain insights into the behaviors of that network.

This is a valuable tool because the human brain cannot quickly or easily interpret the massive amounts of data created by a network. As a result, nearly all network analysis, particularly intrusion detection, had to be done “post-mortem” and was time-consuming. Now, with these tools, a grouping of spheres and lines traveling across different planes of view represent ports and connections — views that make use of the rapid visual processing capabilities of the human brain — and can give instant feedback about a malicious distributed denial-of-service attack on a network, or a scan of network ports.

Through projects like this, the CCD is making significant advances in network security.

“Our goal is to address homeland and national security needs while providing a way for students who are interested in information assurance to be exposed to the challenges of those needs while in a research environment,” says program manager Bob Hutchinson (5616). “We looked at the caliber of students coming out of colleges, and how well-versed they were in today’s computer sciences, and thought to ourselves, ‘There really isn’t anyone more qualified than these people to take on the emerging challenges facing our technology.’”

As a result, the CCD currently employs nearly 20 students who represent the most knowledgeable and passionate students of those in their field. The mentors and staff of the Cyber Defender program have developed a unique environment that provides students from varied computer backgrounds with cutting-edge research projects while instilling them with new skills.

“By providing a collaborative pool for these students, they are able to solve the challenges presented to them incredibly efficiently and effectively,” says Bob.

The CCD has actually provided such a strong talent pool to Sandia that nearly a quarter of the students who participate in an internship with the program go on to be hired as employees by the Labs. Additionally, the work performed by CCD students has gone on to reshape the computer science curriculum at several universities across the nation.

“People may not realize how much we learn from these students, as well,” says Bob. “We’re here mentoring them, but so many times we hear back from people who have worked with our students as mentors on projects and have come away having learned more from the student than they had ever expected.”

The Cyber Defenders program began in 1998 at Sandia/California as a collaboration between the DOE Defense Program’s Education Department, faculty members at Las Positas and Chabot Colleges, and Sandia information security experts.

Today, the program spans both Sandia sites and employs between 20 and 30 students each year in a wide variety of information technology, information protection, and distributed computing projects.

Since the program’s creation, participants have racked up an impressive record of accomplishments that includes creating a database of known attack techniques and defense methods, analyzing hundreds of published attack techniques gleaned from Internet sites, and building prototype networks that demonstrate concepts now being used in cyber-infrastructure protection at Sandia.

The projects that the students take on come from a variety of places within Sandia. Through collaborative projects in digital forensics, supercomputers, and safeguards and security, the CCD has contributed to a broad range of work at the Labs.

“It has been rewarding to watch the CCD grow and evolve,” says Bob. “It’s really become an asset to the entire laboratory.”

Boot camp beginning

This year also marked the first pilot run of the CCD Cyber Security Boot Camp. The boot camp is a three-day, hands-on program designed to cultivate interest in computer science at the high school level.

In the inaugural run of the boot camp, six high school freshmen participated in a series of skill-building computer projects. The events began with an overview of how computers work, leading to a course during which students built their own computer from the ground up and then loaded an operating system onto their freshly built machines.

Over the remaining days of the boot camp, the students learned how to choose secure passwords, create their own network cables, and “ping” a computer to determine whether a specific Internet protocol (IP) address is accessible. Before wrapping up, the CCD gave the students a thorough explanation about how viruses, worms, trojans, and spyware take advantage of vulnerabilities to exploit, and even destroy, information on computers and the role that antivirus software and firewalls play in securing computers against such attacks.

“The kids were really amazed to see not only how capable they were of building something as complex as a computer, but also how easy it was to protect that computer against attacks through things like carefully designed passwords and antivirus programs,” says program coordinator Karen Shanklin (5616). “The boot camp has proven to be a very valuable resource.”