Infrastructure ProtectionProtecting Infrastructure from Hackers

Midwesterners fretting in dark kitchens after a storm have a pretty good idea about the real-world consequences of a cyberattack on the power grid.

“Other than intent and persistence, there isn’t much difference between a tornado and a hacker,” said Doug Jacobson, a University Professor of electrical and computer engineering at Iowa State University, director of the university’s Center for Cybersecurity Innovation and Outreach and the leader of a new effort to build a nine-state regional coalition to protect critical infrastructure from computer attacks.

When the winds blow or a hacker crashes the computers that run the grid, power can go out for hours, or sometimes days.

Thanks to all the real-life tornado drills every storm season, energy companies already have an “understanding of their systems and how they recover,” Jacobson said.

This new coalition will take that understanding to new levels.

The coalition has been dubbed ReCIPE – Regional Coalition for Critical Infrastructure Protection, Education and Practice – by its organizers at Iowa State and the University of Illinois Urbana-Champaign. A two-year, $2 million grant from the National Centers of Academic Excellence in Cybersecurity, a part of the National Security Agency, supports the project. ReCIPE is part of a larger effort to build regional coalitions led by universities, such as Iowa State and Illinois, which have been designated by the NSA as National Centers of Academic Excellence in Cybersecurity.

The idea is for the universities and other coalition partners to work together to develop the region’s cyber defense talent.

“Cyber defense takes a community”, said David M. Nicol, who holds the Herman M. Dieckamp Endowed Chair in Engineering and is director of the Information Trust Institute at Illinois. “This project brings together all the key organizations whose participation in cyber defense is essential, and with them identifies and addresses real-life needs in education and workforce development.”

The coalition, for example, expects to develop and provide hands-on training, realistic tabletop and testbed exercises, capstone design projects, cyber defense competitions and technical materials for students and professionals.

“Participating members of the current and emerging workforce will receive the most recent cybersecurity training to permit them to actively protect our infrastructure, utilities, industry, medical complexes and emergency services from increasing threat,” says a project summary.

A big coalition goal is to “strategically prepare emerging learners to step into roles prepared to make immediate impact on pressing issues in the region’s critical-infrastructure defense,” the summary says.

Jacobson said the coalition’s initial focus will be on protecting the Midwest’s energy infrastructure, particularly electricity providers.

The region’s rural nature is one of the coalition’s biggest challenges, Jacobson said. There are many small energy providers throughout the region and each one needs cybersecurity know-how.

But it can be hard to attract enough professional talent to small towns and rural areas. And so the coalition will work to “grow our own,” Jacobson said.

Working together will be one of ReCIPE’s main ingredients for preparing well-trained cyberdefenders.

“We’re bringing all these people together to train and upskill the current workforce while working with students to create a new workforce,” Jacobson said. “By bringing us all together, we’ll see how we can all solve these problems.”