Construction will soon conclude on the second cyber threat range on campus at Grand Valley State University, one of the many efforts the university has invested in expanding the computing program.
A cyber threat range (CTR) is a high-tech computer lab for students that simulates cybersecurity threats. The cyber threat ranges at GVSU are hands-on learning resources dedicated for training students in cybersecurity. The new CTR, located in Mackinac Hall on the GVSU Allendale campus, is expected to be open following spring break. The CTR, among other initiatives to expand the computing program, allow students to learn cyber security in a more realistic setting.
The cyber threat ranges at GVSU were created in partnership with the Michigan Cyber Threat Response Alliance (MiCTRA), Michigan’s premier cyber/information security non-profit. According to GVNext, all of the software necessary for the range to be operational was provided to GVSU by MiCTRA, made possible by funds from the Grand Valley Presidential Innovation Fund. Similar to a shooting range, cyber threat ranges provide a digital “sandbox” of sorts where students can practice offensive and defensive cybersecurity response techniques.
“Students engaging with MiCTRA Cyber Range are presented with ‘targets’ allowing them to apply foundational knowledge from the classroom in a dynamic and vulnerable environment,” said founder of MiCTRA, Mark Tellier.
The cyber threat range operates on an isolated network, allowing students to safely practice cybersecurity exercises without threatening GVSU’s network. Because the network is isolated, students are able to complete a range of initiatives as if they were investigating a true cybersecurity threat.
“These simulations simulate real-world scenarios, offering participants opportunities to conduct penetration testing, respond to security breaches, engage in forensics analysis, configure network security and design security architecture,” Tellier said.
Students practicing their skills at the cyber threat ranges can hone in on analyzing digital evidence, configuring network devices, implementing firewalls, identifying and exploiting vulnerabilities in systems or networks, and configuring intrusion detection systems.
“MiCTRA aims to equip professionals with the skills and experience needed to address real-world cybersecurity challenges effectively,” Tellier said. “The intention is to make the mobile cyber range available to academia and industry partners for hosting training events.”
On Feb. 10, students from GVSU and the University of Louisville competed in a “capture the flag” exercise. Students from each university were on opposing teams, working against each other and putting their respective defensive and offensive cybersecurity skills to the test. The exercise involves participants having to locate text strings, referred to as “flags,” concealed within intentionally vulnerable programs or websites.
Having the cybersecurity training facilities on campus makes GVSU a standout university in cybersecurity in the area, and allows the university to host events like this. GVSU is among only a handful of schools to offer such a facility, according to Tellier.
“MiCTRA is one of five ‘sister’ cyber ranges across the country,” Tellier said.
The existing cyber threat range is located at the GVSU Cook-DeVos Center of Health Sciences (CHS). Because the lab is so far from where the School of Computing is housed, the Feb. 10 capture the flag event was held in a normal computer lab.
With the new CTR opening in Mackinac Hall, students will have more convenient access to cybersecurity training and no longer have to travel to the GVSU health campus to participate.
“Our undergraduate programs are here in Allendale, which makes it really hard to have our students use the (cyber threat range) in CHS,” said Andrew Kalafut, Associate Director for Curriculum in the School of Computing. “That’s not student-friendly.”
GVSU’s cybersecurity program recently received national recognition from the National Security Agency (NSA). Recognition from the NSA brings GVSU one step closer in the process of becoming a Center of Academic Excellence in Information Assurance Education (CAE).
“Essentially everything that relates to our academics has been done,” Kalafut said. “The next step toward the CAE designation evaluates things like collaborations, outreach activities and the university’s cybersecurity posture as a whole.”
If the university was able to achieve CAE status, graduates of the computing program would be recognized for completing an education in cybersecurity from an NSA-designated source. The validation process for approving a school’s computing program considers a variety of factors, including its curriculum and opportunities for faculty and staff. The collaboration between GVSU and MiCTRA aims to establish GVSU as a Center of Academic Excellence. GVSU is in the final steps toward finalizing its designation.
“We will have (the CAE) application submitted by the middle of April, so we hope to receive our designation after they’ve (the NSA) reviewed (it),” Kalafut said.
Additionally, GVSU President Philomena Mantella announced a split between the School of Computing and the School of Engineering, both programs of which currently reside together in the Padnos College of Engineering and Computing, through an email address following approval by the Board of Trustees. According to the announcement, the university hopes that the split will open more course offerings to students within the computing major and expand resources, funding and space for the individual colleges’ needs.
GVSU aims to create opportunities for growth within computing and software engineering. The new cyber threat range in Mackinac Hall is a step to committing to that growth both in facilities and in proximity to students.