One Washington State-based nonprofit builds cybersecurity skills in a real-world environment to help close today’s cybersecurity gaps.
The Expansion of Cybersecurity ReadinessThe Public Infrastructure Security Cyber Education System (PISCES) provides undergraduate students with supervised experiences to serve as entry-level cyber analysts. Students at partner colleges and universities analyze streaming metadata from small communities and government agencies that are unable to adequately fund a commercial cybersecurity monitoring service or hire qualified practitioners. Through PISCES, a reliable, high-quality pipeline of entry-level cyber analysts with operational experience is being developed to address the shortage of cyber professionals who are ready for the workforce while simultaneously providing a level of monitoring to critical infrastructure networks. PISCES grew out of the Public Information Security Event Management (PRISEM) regional monitoring system, a 2009 pilot from the U.S. Department of Homeland Security (DHS) Science & Technology (S&T) Directorate in the Puget Sound region. After nearly five years of successful operation, PRISEM was reimagined as PISCES, focusing on cyber event analysis for small public institutions using student analysts. DHS S&T provided initial funding to test and then implement the PISCES concept. With leadership from Critical Insight and in partnership with Western Washington University (WWU), PISCES established a data-sharing infrastructure, developed a curriculum, and provisioned participating communities. With the support of DHS Cybersecurity and Infrastructure Security Agency and the Pacific Northwest National Laboratory (PNNL), PISCES has expanded from Washington State to include Alabama, Colorado, and Kentucky in 2022 and aims to add more state partnerships in the future.
Real-World Threats & Educational OpportunitiesPISCES provides students with real-world operational experience working with and processing large volumes of live data, examining network flow data, and documenting suspicious activity. Through the course, students develop the capability to monitor for threats in real-time using live data from small communities. However, these streams are not small. A typical community generates over 20 million trouble reports that students must sift through in just one month. The course teaches students not only to find the “needle” in a giant stack of needles but to pinpoint irregularities and trends to determine the validity of an attack or malicious actor. In January 2021, for example, one of the participating communities was under attack by a group attempting to use brute-force password cracking. The attackers were attempting to break in to remotely control computers on the communities’ network. The students identified and reported the type of threat and the ports that were being attacked and recommended shutting off those IP addresses to stop the attackers before they could gain access. That same month another community came under attack by a group attempting to place a Trojan virus onto their network. Again, students identified and validated the attack. Based on the students’ recommended actions, the community took the necessary actions to remove the respective malware before the attackers could activate it. Although the dominant bad actors generally come from Russia, China, North Korea, Nigeria, and Germany, there also are plenty of domestic-sourced attacks. The attacks that students encounter span the entire range of denial of service to planting malware for theft of information or money, bitcoin mining, password cracking, phishing, spamming, etc. With these skills and experiences, students are more prepared to work in technology-driven careers across industries and business sectors. Since its founding in 2017, PISCES has worked with DHS and PNNL to establish, develop, and grow this nonprofit into a nationwide program. With 10 academic institutions – including universities, colleges, and community colleges as partners – and more than 20 communities sharing data, PISCES provides 300-400 students per year with this critical experience. However, as the program matures, PISCES seeks to expand its relationships and find additional partners. With students already sifting through hundreds of millions of alerts each month, PISCES must grow to meet this growing problem. Although this program does not replace commercial 24/7 analysis services, it does help to fill a critical cybersecurity gap and build a robust junior cyber analyst training force. In 2021, PISCES established its first state-level partnership in Washington and is now hopeful that the 2021 Infrastructure Investment and Jobs Act will empower other states to follow suit. The bill requires states to build all-of-state-plan offering services and capabilities that can be paid for by the grants. Once the plan is in place, communities can select services or capabilities they want supported to improve their protection. If PISCES is included in these plans, then small communities can easily access PISCES services while building the workforce. The infrastructure and processes are scalable. So, with adequate future resources, PISCES is striving to make this capability available across the nation.
Steve Stein is the executive director of PISCES. As such, he is responsible for the day-to-day business operations and expansion strategy for PISCES. He retired in 2017, after 38 years with Pacific Northwest National Laboratory where he served as a senior program manager and director of the Northwest Research and Technology Center providing new solutions to first responders and emergency managers. He can be contacted by phone at 206-335-1916 or by email at firstname.lastname@example.org. Website: Pisces-intl.org