Five students from the Naval Postgraduate School (NPS) and their faculty advisor recently attended the inaugural Maritime and Control Systems Cybersecurity Conference, known as “Hack the Port 22,” which took place in Fort Lauderdale, Fla. and online from March 21-25.
The students, representing NPS’ Cyber Systems and Operations (CSO) program, were supported by the school’s Center for Cyber Warfare (CCW) and the National Security Agency’s National Centers of Academic Excellence program. During the conference, the NPS team participated in a Virtual Cyber Exercise Competition, testing the security of a fictional port.
NPS’ contingent was led by U.S. Army Capt. Paul Baker, a cyber warfare officer in the CSO program, and included U.S. Navy Lts. Daniel Batista, Matthew Finley and Seth Kyler and Scholarship for Service student Paul Duhé. U.S. Army Lt. Col. Michael Senft, a military faculty lecturer in the Computer Science Department, served as the faculty advisor for the team.
The joint service team which participated in the event reflected the diverse, interdisciplinary expertise available through the unique graduate education environment provided by NPS. It also illustrated the teamwork needed to holistically approach problems as complex as port security.
Ports are a vital intersection between the land and maritime warfighting domains, which are further connected by the domain of cyberspace. The “Hack the Port 22” event, conducted by the Maryland Innovation and Security Institute and DreamPort, helped to highlight these facts by bringing together representatives from military, government, academia and industry to raise awareness of cybersecurity challenges facing the maritime sector.
The event featured speeches, lectures and panel discussions from government and industry leaders, as well as the cyber competition with more than 30 higher education academic institutions participating. Keynote speakers included Secretary of Homeland Security Alejandro Mayorkas; National Cyber Director Chris Inglis; Jen Easterly, director, Cybersecurity and Infrastructure Security Agency; and, Lt. Gen. Charles L. Moore, deputy commander of U.S. Cyber Command (USCYBERCOM).
“Attending the conference brought home the importance of what we’re learning in our CSO program,” said Kyler, an intelligence officer in the CSO program. “We can sometimes get lost in academic projects but interacting with professionals in the cyber community and learning about the challenges they face, helps to refocus one’s attention on the overall picture, and the impact we can have by learning and honing technical cyber skills.”
This sentiment was echoed by Baker.
“Overall, the conference provided us a broader framework for our cyber-related thesis research topics," he said.
Batista, a submarine officer in the CSO program who participated in the Virtual Cyber Exercise competition, highlighted the opportunity for hands-on training.
"Hack the Port 22 allowed our team to use open-source tools for scanning targets, finding vulnerabilities and gaining access and privileges on modern systems currently deployed within port facilities and ships,” Batista said.
Finley, also a submarine officer, added, “The conference really demonstrated the importance of the intersection between the public and private entities and how industry and academia can work together to find new avenues of study in the cyber realm with respect to port infrastructure.”
“Hack the Port 22 succeeded at bringing together current and future cyber security professionals with the goal of learning, sharing, and competing in cyber related events,” said Duhé. “Teams from across the country had the opportunity to put their education and hard work in action working to exploit vulnerabilities in the virtual port.”
NPS’ participation in “Hack the Port 22” reinforces the defense-focused graduate education delivered to students through exposure to the vital role of critical infrastructure, including the Maritime Transportation System, in supporting Department of Defense (DOD) missions.
In addition to providing students hands-on experience with open source penetration testing tools, the Virtual Cyber Exercise Competition also gave students insight into the real-world impact of insecure systems. The NPS team complimented MISI and DreamPort on their efforts to bring together a group which worked to address the technical and non-technical challenges of maritime and control systems cybersecurity.
NPS and its cross-service educational programs build joint expertise and experience across multiple technological and operational domains. The difficulty and criticality of the cross-service and cross-domain challenges faced by ports across the United States are worthy problems for continued investment by NPS and the CCW.