On April 1st,   I had the pleasure of participating in the Second Annual Cyber Defense Competition hosted by Argonne National Laboratory and my office, where I met some of the best and brightest college students on the path to a career in cybersecurity. Fifteen teams, over 100 students, coming from colleges as far away as South Dakota, Texas and New York competed against one another to develop and defend a computer network from simulated cyber attacks.   

At the competition, college teams were expected to answer one question: Can you defend your computer networks from attack and ensure your community still has access to power and water?

As Deputy Assistant Secretary for OE’s Infrastructure Security and Energy Restoration Division, this challenge is something I think about every day. I work with talented women and men whose job it is to help protect the systems controlling our Nation’s critical energy infrastructure including the electric grid.

We work with the Department of Homeland Security and other national, local and private sector partners to strengthen energy sector cybersecurity preparedness and coordinate cyber incident response and recovery. OE’s cybersecurity work also includes accelerating the research, development and demonstration (RD&D) of resilient energy delivery systems. With the number and sophistication of these attacks continuing to grow, this work is vital.

This is why this competition is important. It puts students in the very roles they will assume as the next generation of cyber professionals.

This competition was comprised of four different teams:

Blue team - all of the university teams and their networks

Red team - the cyber professionals positioned to attack blue team’s networks

Green team - the end user of the blue team’s system

White team - competition organizers that manage engagements and add in various anomalies during play.

This year, a ‘pink team’ was added to the competition for budding cyber professionals, an off-shoot of the Red team with an added just-in-time instruction component.

In talking to the students on the Blue team, those defending the networks, they told me this was an invaluable experience that helped them plot the course to their futures. According to the students, it was the ability to work in teams to use their collective knowledge base that was most exciting -- and helped paint a clearer picture of their careers to come.

The same could be said of the Red team, whose members played the role of the competition’s attackers. A mix of college students, cyber professionals and members of the Illinois National Guard, they were very effective at exposing and exploiting vulnerabilities in the Blue team’s networks.

Within the safety of this competition, the Red team performed a great service too. These “out-of-the-box” thinkers who were tasked with being malicious taught the Blue team what it means to be inundated with constant attacks with the goal of stealing information. I even got to teach a few teams this lesson, being recruited by the Red team to place listening devices on tables in order to gain valuable information.

It was very important for the teams to learn that not all attacks will be virtual. Many will be where someone makes direct physical contact with technology to get information they are not supposed to have. And as the people tasked to defend it, cyber professionals need a strategy to ensure that doesn’t happen.

Finally, the competition enlisted volunteers to act as “users.” Most users of networks are cyber novices, but they need these services to get their jobs done—so networks must not only be resilient enough to defend against attack, but open enough for people to access the services too.

I’m proud of the students I met. It was inspiring to watch them test their skills and develop unique solutions “on the fly” within a timed environment. I’m especially proud to be part of an organization that is supporting the development of a talented new generation of cybersecurity defenders for the Nation’s critical energy infrastructure.

To learn more about OE’s cybersecurity vision and activities, visit the cybersecurity section of the OE website.