Boise State University’s online cyber operations and resilience program sent Cameron White, an undergraduate student, to Idaho National Laboratory (INL) in Idaho Falls to participate in the Critical Infrastructure Security Administration’s (CISA) Industrial Control Systems (ICS) Cybersecurity Lab.
The ICS Cybersecurity Lab at INL is a multifaceted course spread across four intense days. Designed as a companion to CISA’s online ICS course, this instructor-led training provides hands-on experience, focusing on understanding, protecting and securing industrial control systems from cyber threats. The curriculum includes breakout sessions, several escape rooms and a unique red team vs. blue team exercise conducted within an actual control systems environment.
Seizing the Opportunity
The journey began when Sin Ming Loo, the cyber operations and resilience program director, received a unique invitation from INL for his students to attend the ICS Cybersecurity Lab. Despite time constraints and the usual prerequisites, Loo saw potential in White and extended the opportunity. Within hours, White found himself preparing for an intensive four-day training that would reshape his understanding of cybersecurity.
White shared his motivation for attending the specialized training. “One of my weak points is industrial control systems. I didn’t have a lot of background in them, so I figured this would be a way to find out more about what they are, their network requirements and how to defend them.”
Day One: Cybersecurity Fundamentals and Networking
The first day started with a welcome, followed by a brief review of cybersecurity for industrial control systems. A process control attack demonstration set the tone for the day. The morning also featured a discussion on the main differences between information technology and operational technology networks, emphasizing roles, responsibilities and strategies for collaboration. Afternoon breakout sessions focused on network defense, detection, analysis and exploitation using tools like Metasploit.
The training brought together 41 students. White highlighted the diverse backgrounds within the groups, including a mix of quiet and outgoing individuals, college students, seasoned cyber experts, chief information security officers, desktop support and even a career penetration tester from Australia.
“It was really interesting to see that even though we had extremely varying backgrounds, we could come together and work together in these breakout rooms,” White explained, emphasizing the strength of teamwork in diverse settings.
Day Two: Breakout Sessions and Cyber Escape Rooms
Continuing the breakout sessions from the previous day, participants explored network defense and analysis in smaller groups. The afternoon took an intriguing turn with cyber escape rooms — a mix of cyber puzzles and traditional escape room challenges. Debrief sessions followed each escape room, reviewing the skills and tools participants used.
White painted a picture of the experience. “Most of the rooms had a physical element like a traditional escape room, but they also had a digital element. One had four computer terminals because you were doing network discovery to try and find the HVAC controls for the space station you were trying to save. But you also had bottles of dirt and rocks, a camera with pictures on it, stuff to look at with a black light and keys to figuring out combinations.”
Reflecting on the nature of the escape rooms, White was happy to confirm, “Everyone was able to get out [by the end]. My group received high praise because we beat them under time and with the least assistance they’ve ever had to give a group. We blew them away, and it blew me away because we had such diverse personalities and skill sets.”
Day Three: Escape Rooms Continue and Red Team vs. Blue Team Prep
Day three continued the exploration of cyber escape room activities, fostering teamwork and problem-solving. On multiple escapes, White was credited with finding the wrong way to get the right answer. In the afternoon, trainees were divided into red and blue teams, receiving training and instructions in preparation for the upcoming red team vs. blue team exercise.
Out of the 41 participants, about nine or 10 were assigned to the red team. “The fun element was that they give you a binder — either a red or a blue binder. That’s the information you are given about the exercise. You can steal the binders to get advantages, but there are limits: you cannot unzip someone’s property or steal it from their hotel room,” White explained.
White was assigned to the blue team and planned strategic maneuvers with his teammates. “We made a couple of fake binders with fake network maps and intentionally let the red team steal them,” he shared.
Day Four: The Seven-Hour Red Team vs. Blue Team Battle
The training culminated with a seven-hour hands-on exercise where trainees simulated a corporate environment by either attacking (red team) or defending (blue team) information technology and operational technology networks. The blue team was tasked with providing cyber defense for a chemical batch mixing plant and monitoring an electrical distribution substation’s supervisory control and data acquisition system. The exercise presented real-world challenges as the red team attempted to breach defenses. After the exercise, a brief round-table discussion of lessons learned closed out the training.
“As blue team, we divvied up into different roles: firewall, technology support, intrusion detection system and operations. Operations ran the pumps and dealt with the physical element because the whole thing was we were manufacturing water. We started the exercise, and seven hours later, we finished the exercise.”
White lit up, describing the intense and dynamic exercise. “The red team was able to block us out of our active directory domain entirely. They were able to get down to our workstations, but we were able to kick them out. They tried to remote desktop in. It was a war for seven hours but a lot of fun.”
Just Say Yes
White emphasized how the training at INL prepared him for future career opportunities. “By gaining this new knowledge, I have more doors opened to me. By having a little more knowledge about ICS, I have more authority when I speak about ICS,” he reflected.
White insists that anyone new to cybersecurity should be in the habit of saying yes to new opportunities. When someone invites you to a training you haven’t been able to do the prep work for, he says, “Do it, make it happen. These bits of training might make you stumble onto something you might want to do for the rest of your life. There is no real downside to doing stuff like this.”
Learn More About Cyber Operations and Resilience
White’s journey through the ICS Cybersecurity Lab at Idaho National Laboratory is a testament to Boise State University’s commitment to fostering innovation and recognizing individual talents in the field of cybersecurity.
As the cyber operations and resilience program continues to evolve, stories like this demonstrate the transformative power of hands-on, collaborative learning experiences. Boise State celebrates White’s exceptional journey, highlighting the university’s role in shaping the next generation of cybersecurity professionals.
Written by Marissa Wilson.