The Cal Poly Digital Transformation Hub powered by Amazon Web Services (DxHub) in collaboration with the California Cybersecurity Institute (CCI) teamed up to launch a virtual ‘cyber range’ that combines real world cybersecurity scenarios with hands on, cloud based learning tools to teach and assess students according to the federally supported NICE (National Initiative for Cybersecurity Education) learning framework. Students interact with the range much like they would when playing a story based video game while competing against other student teams. In order to advance the story, accrue points and win the contest, students must follow the digital forensic clues in a 3D virtual world and then ‘hack’ into and analyze real cloud based computers and data streams to solve each level. This leads to tangible learning outcomes and skill development in alignment with federally endorsed frameworks.
Over the past three years the CCI has put on in-person cyber challenge events to excite and teach high school students cybersecurity and digital forensic skills. These events pit student teams against each other to solve ‘real world’ based problems using immersive and elaborately staged environments. In one example, students worked collaboratively as a digital forensics investigative team to collect and analyze a combination of digital and physical evidence from a staged physical set, in order to stop a healthcare themed cyber plot. In another competition, students collected digital and physical evidence from vehicles that were loaned to the California Cyber Innovation Challenge (CCIC) from a local car dealership to create a realistic scenario. Due to Covid-19 this year’s physical CCIC event had to be virtual. This required CCI to pivot to a fully digital solution that keeps the spirit of the immersive, real world scenario learning experience.
At the request of CCI, the hybrid Cal Poly DxHub and CCI team built a cyber range in just six short weeks that is scalable to thousands of simultaneous users. All users are authenticated to ensure that only legitimate students are allowed in while keeping any potential bad actors out. Students are guided through a satellite hacking and ransomware scenario that they must forensically investigate and mitigate. The scenario encompasses five unique 3D video game like scenes, each of which leads to a code that unlocks the ability to spin up virtual machines as if the real computer was sitting right there in front of the student. The participants must exploit and forensically analyze these virtual resources to accrue points and proceed to the next level. The cybersecurity skills students must use include exploiting operating system vulnerabilities, packet sniffing, log analysis, breach detection, encryption/decryption, and more.
The solution leverages Amazon Sumerian
for the interactive 3D scenes, Amazon Cognito
for user authentication, AWS Amplify
for web app content and scalability, and a custom built web interface that provides students with easy one click access to AWS EC2
virtual machines in the cloud while restricting runaway cloud service usage. This allows participants to navigate an immersive story line while accessing cloud based resources to simulate real world hardware as it relates to the scenario, such as analyzing a computer that was compromised at the satellite design facility.
“The DxHub team did an amazing job pulling together all of the moving parts in record time to allow us to preview this experience at Defcon. Using Amazon Web Services made it possible to build a production scale application in just 6 weeks.”
said Martin Minnich, Director of CCI.
To date, over five hundred students have used the range at three events including the Grayhat conference and Defcon Aerospace Village, one of the world’s largest hacking conferences. The best part about the solution is that virtually any hacking scenario can be created using these tools, for example, a city or hospital ransomware scenario allowing for a content expansion and learning scenarios that can adapt to fast moving real world trends.
The DxHub team was able to solve the CCI’s challenge promptly due primarily to the cohesive nature of AWS services. When used in combination, AWS cloud services enable developers to rapidly build and prototype ideas and then scale those ideas for production to solve nearly any use case. Services like AWS Amplify make not only provisioning back end resources easy to do but also provide integration code to use those services quickly and easily. Within six weeks, the DxHub team was able to satisfy their customer’s requirements and create a system tested out by some of the most experienced hackers worldwide. In turn, CCI is able to meet their mission of training the next generation cybersecurity workforce.