Cyber Team Forms At The Coast Guard Academy
By Julia Bergman
The Day
January 17. 2016


CGA's Cyber Team practice in the Cyber Lab

Coast Guard Academy's second class cadet Patrick Ledzian, right, and fellow members of the Coast Guard Academy Cyber Team practice in the Cyber Lab located in McAllister Hall at the academy, Tuesday, Jan. 12, 2016. (Tim Martin/The Day)

New London — A newly formed cyber team at the Coast Guard Academy is providing a route for cadets to deepen their knowledge of computer networks — how they work, how to secure them, and how to identify vulnerabilities within them — while also earning sports credit for their participation.

Put simply, the cadets are learning about hacking, a term that can take on a number of different meanings including accessing a computer network legally or otherwise.

Higher-ups in the Coast Guard have already begun to notice the team.

"What they're doing at the academy is critical to the future of the Coast Guard Cyber Command," Capt. Michael Dickey, deputy commander of the newly formed command, said in a recent phone interview.

About a month ago, the command sent a team to the academy in response to a cybersecurity incident. Dickey did not offer details but said that cadets supported the incident response team in addressing the problem.

"We had fantastic support from the cadets," Dickey said. "There were a couple (of cadets) in particular who were just a fantastic contribution."

At the request of the incident response team, cadets will participate on the command's Cyber Guard team this summer. The two-week-long cyber defense exercise with a focus on protecting "critical infrastructure" networks involves several government agencies and the military.

The exercise will be the command's "first foray" into a relationship with the academy around cybersecurity, Dickey said.

The cyber team isn't guided by any formalized instruction. Instead, a core group of five cadets, who were already participating in cybersecurity competitions and are advanced in their ability, are teaching a handful of others who are just starting to learn.

"There's not really anything I can teach them beyond what they learn in their electrical engineering courses," said Lt. Grant Wyman, team coach and an instructor in the electrical engineering department.

The team captain, First-class cadet Caleb Stewart, an electrical engineering major, explained that this is a field in which many are self-taught. Stewart, who was homeschooled in Grandview, Texas, started computer programming when he was in high school.

"I started out with games, so I made real simple games like little Mario clones, Minesweeper," he said. "Then I was really interested at the lower level, how computers work and then how they operated."

A cybersecurity competition last year served as the jumping off point for the team. Since 2001, the National Security Agency has hosted an annual competition called the Cyber Defense Exercise, known as CDX. Stewart and several other Coast Guard Academy cadets competed against cadets and midshipmen from the four other U.S. service academies and the Royal Military College of Canada.

During the exercise, which is carried out through virtual, private networks, each team sets up a computer network and an NSA "red team" tries to attack them.

"Our job is basically to keep them out," Stewart said, explaining that "the network we set up is very similar to what you would see on a corporate network."

Teams receive points for keeping the NSA out, but also keeping the services on their networks up and running.

Generally, someone could hack into a computer network by cracking a password, creating a fake user account, exploiting openings such as ports that aren't properly secured, or crash one of the services running on the network, among other techniques.

Defending usually entails monitoring lines and lines of computer logs for "indicators of compromise," essentially any vulnerabilities such as an administrator logged on who shouldn't be or an unknown file showing up on a computer.

"Competitions allow you to put yourself in the shoes of the bad guy," Wyman said. Both he and Stewart emphasized that learning hacking techniques leads to a greater knowledge of how to defend a network.

In early February, members of the team will compete at the Defense Advanced Research Projects Agency's competition called CyberStakes in Pittsburgh. To prepare, they'll participate in online competitions.

The team met for its first official week of "practice" last week and is still in the beginning stages. In early November, Rear Adm. James Rendon, academy superintendent, gave his approval for those on the team to receive sports credit. The dean of academics, the commandant of cadets and the director of athletics also gave the go-ahead.

"Our job is to maintain and, hopefully, grow their relentless enthusiasm by continually placing them in challenging situations and getting the heck out of their way," Dr. Kurt Colella, dean of academics, said in a prepared statement.

Stewart wears a team captain badge pinned to his uniform, as do all other sport captains. By being an official sports team, it enables cadets who participate to have a dedicated two-hour window Monday through Thursday to practice and hone their skills.

Cadets are required to complete two sports credits in a school year, which they can earn through varsity, club or intramural sports — and now through the cyber team. Members are eligible to earn half a credit in the spring and half a credit in the fall.

But only those on the competitive team, who show up regularly and engage in competitions, will receive the credit, according to Wyman. The team currently features two types of members, "competitive" and "developmental."

Wyman said he plans to create a code of conduct for "ethical" hacking to ensure the cadets use their knowledge "for good," although he said he doubted that would be a problem.

The lure of private industry could prove a problem down the line.

Dickey acknowledged a reality faced by the Coast Guard and other government agencies: the potential for private industry to poach their members through more lucrative job offers. In the cadets' case, however, they are required to serve in the Coast Guard for five years after graduating, so the Coast Guard knows that they will have them for at least that period of time.

"I would love to create dozens of opportunities for young officers and enlisted personnel who are interested in cyber," Dickey said.

Funding, training and retention are the biggest challenges to accomplishing that.

A few cadets have already received "off-handed" job offers from private industry, according to Wyman, who described the offers as "'Hey, if you ever get out of the Coast Guard, give me a call' type of thing."