Cybersecurity at the University of Maine

The digital advancements of 21st century provide a bounty of advantages, but there is a downside as well. Some computer programmers have chosen to take advantage of the public. These malicious programmers, commonly known as ‘hackers,’ create computer viruses or gain access to private information for nefarious purposes

The field that deals with understanding, preventing and responding to these threats to individual, corporate and government digital privacy and security is known as cybersecurity. It is a field that continues to grow in importance as people gain better understanding of ever-improving and changing technologies, including those who wish to use it maliciously.

This is why fostering an understanding of cyber security for our nations’ future is so important. And that is exactly what is happening for a small group of students at the University of Maine. Professor George Markowsky in the School of Computing and Information Science has dedicated his time and resources to creating UMaine’s own cybersecurity club and team.

The club consists of around 10 students from a variety of disciplines. The club’s president, John Woodill, believes that anyone who is willing to dedicate their time can learn the necessary skills to become an expert in cyber security.

“I’m a mechanical engineer and I’m the president of the Cybersecurity Club, so it’s not major-based,” says Woodill. “We have people who are business majors, computer engineers, [computer] science majors, electrical engineers…it’s a field that anyone can learn about and do.”

Most of the year the club focuses on preparing for the Northeast Collegiate Cyber Defense Competition (NECCDC). The competition is a weekend-long event involving cyber defense teams from universities throughout the Northeastern United States. There are four “teams” at the NECCDC: the White Team, or the judges; the Red Team, or the attackers; the Blue Team, or the students/defenders; and the Black Team, or the technicians.

The Blue Team is split up into different student teams from each college or university represented at the competition. The individual student teams consist of up to 12 members, but only eight may compete in the NECCDC. The remainder of the team consists of substitutes in case one of the main eight is unable to compete.

Each student team on the Blue Team has a their own station to defend from the attacking Red Team. Every team’s station is the same setup, which differs each year. There are a variety of devices included in each setup, including computers, servers, wifi routers, printers, and any other piece of technology which can connect to the internet. The devices are all connected to each other through a “secure” private network.

It is the students’ job to defend their network from Red Team hackers. The hackers are professional network penetration testers from the military, government and private contractors in the industry. Their role in the competition is to assess the security of the Blue Teams’ networks and attempt to break down their defenses in order to retrieve specific documents holding important information.

In return, the students try to make their network as secure as possible while actively defending against the Red Team’s attacks. In this simulation, the only real threat is losing; however, it prepares the students for jobs in the cyber security industry where these attacks can have serious consequences.

There are jobs in cyber defense everywhere from corporations to the government, and all of them are important. If a real hacker retrieves documents or information from a large corporation, huge groups of people may be affected. One of the most significant recent breaches of network security was the supermart Target.

The breach allowed the hackers access to credit card information for more than 400,000 Target customers. The cyber-criminals were likely able to access this privileged data for months before they were caught. Several customers had their bank accounts hacked and their information was used to steal their money and make unlawful purchases

Once the hackers were discovered, the breach was dealt with and the previously unknown hole in Target’s network security was fixed. To understand how the attackers gained access to this private, secure information and how to prevent similar situations in the future, we need experts in the field of cybersecurity.

And that’s why the NECCDC is more than just a fun competition for aspiring cyber defense experts. It is also an opportunity for them to practice and hone their skills against some of the best in the field. “They always win,” says Woodill, “that’s an important lesson, really. You will always suffer a breach or there will be some kind of data leak. It’s just, how do you best prepare so that when it does happen you can recover and stop it from happening in the future.”

In order to compete at the NECCDC, all colleges in the region must also complete a qualifying round. Only 10 teams may compete in the championship, and UMaine’s Cybersecurity team has made the cut every year. An impressive feat, considering the University of Maine does not have a dedicated cyber security or cyber defense program.

In fact, UMaine only has a single course on the topic: COS 430 – Introduction to Cybersecurity and despite Prof. Markowsky’s best efforts, the course is not available every year. Considering Northeastern University, RIT, and many of the other institutions which participate in the competition have academic programs focused on cybersecurity, UMaine has had remarkable success at the NECCDC.

This success is thanks to the support of Professor Markowsky and the dedication of the students. Members of the cybersecurity club meet twice a week, every week and work hard to improve their skills outside of the meetings as well.

Students meet on Wednesdays to discuss what each member learned in the past week, share their knowledge with the other members, and determine what they need to learn before the next meeting. Occasionally, the students also get a chance to learn from former UMaine alumni and former club members working in the field. Club members usually spend their Saturdays putting their skills to the test, either on their own or through smaller competitions like the National Cyber League.

The club’s members must be diligent with their learning to keep up with the constantly evolving threats to cyber security.