BLOG

Cybersecurity professionals should pay close attention when news breaks about a hacking incident, as these events can indicate hacking trends and show which vulnerabilities are being actively targeted. This is an important element for students to learn in the classroom because it is valuable information that can be used to compare potential vulnerabilities on networks that they will be responsible for securing. Professors would be wise to assign projects that require students to look for this type of open-source information and to implement it in the real world as a standard methodology to correlate what hackers are doing around the world. 

Create a Complete Lesson for Students
It is not enough for a student to learn how to configure network security devices and apply patches. They should also be trained in how to gather information that will bolster the protection of the network. Professors already do a great job at teaching students to read releases from software manufacturers that detail vulnerabilities in their applications, so they are aware of potential threats, but this is just one piece of daily research a cyber security professional should conduct. They should also be trained to see which of those vulnerabilities are actively being targeted and to analyze real-world hacking incidents to learn how the perpetrator gained access. We can leverage this information to ensure our own networks are not susceptible to the same types of attacks. 

Take for example the ransomware attacks that became popular a decade ago and continue to be used today. If this was a singular attack that was never used again, it would have little value apart from historical knowledge. However, when students see from all the news reports that it has become a common methodology, they can consider how they would protect a network from being susceptible to ransomware attacks and how they could design recovery procedures for situations where the attack is successful. This type of training helps students to think forward and plan for potential threats they would not otherwise be aware of. 

Use Insights from Targeted Cyber Attacks
Another method professors could utilize is to look at past hacking incidents that were narrowly targeted toward a very specific network or system. The attack against the Iranian nuclear facility more than a decade ago is an excellent historical example of two things. First, it was an attack that likely could not be used against other targets because it appears to have been carefully formulated specifically for this singular use against Iran. Second, the level of sophistication points to the high likelihood that it was developed by a nation, not an individual hacker. Students can learn from this type of event that some vulnerabilities are unique to specific systems, and they should be aware of this in case they work on those types of systems in the future.  

The point here is that cybersecurity education cannot happen in a vacuum. We need to do a good job of teaching the fundamentals and then adding the practical application element as an additional layer. Too many students have left schools with a lot of technical knowledge and very little ability to apply that technical knowledge in a real-world environment. Studying news articles and developing strategies based on real-world incidents provides a higher degree of skill and creates a more formidable cyber security force. Professors should show that the news, in a way, is a type of intelligence-gathering tool that can be leveraged into greater defensive capabilities. So, how can this be practically established in a classroom?  

Put Students to the Test with Real-World Examples
The easiest way to implement this strategy is to create an assignment that requires students to look for hacking events in the news and write a report on any information that details what actions the hackers took, their level of success in their operation, any data they stole, the financial, political, or other fallout from the event, and what security methods could have been used to counter their attack. Students should then look for other reported hacking incidents that used similar methodologies or took advantage of the same vulnerabilities to determine if a trend exists or if there is a likelihood the same hackers are attacking different targets.

In my past role as an incident responder, we often looked for the hacks that showed the greatest degree of sophistication or the ones where we could not determine how access was gained. There was less interest in everyday well-known hacks that anyone could be successful with if a vulnerability was unpatched. We were more interested in these unique ones because they would typically yield information that was valuable for a greater degree of defensive measures. Students should be taught to differentiate between the different types of reported hacks and try to find the ones that stand out as being likely to occur again. Professors should also highlight the types of attacks that could have easily been stopped with simple measures.

One example of an easy-to-stop incident is the Chinese state-sponsored attack on the U.S. Office of Personnel Management (OPM) system that took place in 2014. It was a big one. Personal data for more than 21 million government employees was stolen (including my own). The hack was a long-term operation that continued into the following year with data being siphoned away each day. System vulnerabilities were involved and should have been patched, but there is a more critical question that should be answered. Why was a Chinese IP address ever allowed to access a U.S. government system? A simple set of blocks in a firewall could have kept this incident from ever occurring.

Every hacking incident reported in the news is a potential source of education. Professors can leverage this free information in the classroom to discuss all the involved variables and spur their students to develop strategies that can keep it from happening again. More long term, teaching in this way will instill an idea into students that they can continue to use for the rest of their careers in this field. The more information we have about hacking incidents, the better we can protect ourselves against future incidents. It all starts in the classroom.