Imagine if there was a virtual simulation where you could quickly and accurately assess threats to your network and practice defensive maneuvers in real time.
That is the challenge facing small to midsize companies when training their employees correctly and thoroughly in cybersecurity. However, when all threats occur on a virtual level, the challenge becomes creating training that fully incorporates the issues they will encounter in their day-to-day positions.
According to the National Institute of Standards and Technology, these types of businesses and manufacturing industrial control systems are most at risk for cybersecurity breeching.
Senior interdisciplinary engineering students from the Department of Multidisciplinary Engineering at Texas A&M University used their Capstone Design course to create a virtual training simulation for these types of clients. The team members included team captain Camryn Ochs, Connor McLaren, Martin Jimenez, Tristian Koster and Yajaira Puente.
The Texas A&M Cybersecurity Center suggested and sponsored this project for their Texas A&M Cyber Range (TxCR), which needed a virtual environment to conduct effective cybersecurity training for their public and private sector clients. John M. Romero, program director at the Cybersecurity Center, sponsored the team and suggested developing such a platform.
The capstone team was most interested in the cybersecurity aspect of their project and gaining practical experience. As interdisciplinary engineering students, they also specialized in technical disciplines, predominately cybersecurity. Through the capstone project, these students utilized the diversity of their technical skills as a team.
"We overcame many hurdles in the first semester of the design project, including getting the project approved and pitching the project to our sponsor at the Cybersecurity Center," Ochs said.
The team created a virtual model of a small- to medium-sized business network on the TxCR that includes operational technology connections to many industrial programming logic controllers and other interfaces. The team's model mimicked a typical medium-sized manufacturing company's network in a virtual environment. Within the virtual environment, individuals can practice defending against security attacks and how to prevent them while allowing leadership to plan and determine the level of risk they can accept in their company.
To create the overall network of computers, the team needed to utilize and integrate several software platforms, such as Xen Orchestra and XCP-ng (Hypervisor). Additionally, the team had to develop a means to monitor the network and report findings.
The team spent two semesters learning the needs and wants of the sponsor, mapping concepts and configurations and learning the software and system. They developed an assessment test to demonstrate the validity of their configuration. After receiving feedback from Romero throughout the development of the virtual platform, the team altered their network design numerous times and developed a viable proof of concept.
Dr. Andrew Conkey, a multidisciplinary engineering professor, served as the instructor for this capstone course. He noted the design process usually applied in this course is a top-down design process typically used for complex systems involving mechanical, electrical, controls and other subsystems.
"The challenge before us was adapting that framework for the project,” Conkey said. “Ultimately, the students combined a top-down process and a scrum design process."
Other challenges included interfacing with coding modules at different levels or hierarchies and working with general instructions and vague requirements, which required problem-solving to fill in the gaps. The team's final configuration simulated a small business network and an attack map as a visual for the project.
"Working together as a team has helped prepare us for working on engineering teams within the industry," Ochs said. "We gained valuable experience working within a truly interdisciplinary team of engineers with different backgrounds and strengths. It was a good learning process to figure out how to leverage each other's knowledge to contribute to the project's success."
For the students, project highlights included applying their engineering knowledge, problem-solving skills and design process to solving a real-world cybersecurity problem. They explored the real-world intricacies of information and operational technology by visiting a local engineering firm with Romero to assess their infrastructure.
"This hands-on visit offered the students vital insights into designing a virtual environment and revealed how susceptible a medium-sized business might be to cyber threats," Romero said. "Their innovative work has not only expanded the capabilities of the TxCR but has also created an exceptional tool for educating both our workforce and future students. I eagerly anticipate the continued impact this project will have on the field of cybersecurity."