Originally created 02/16/02

Students on front lines of cyber defense



LIVERMORE, Calif. - Justin Averill can reduce your hard drive to rubble in five minutes. Give him an afternoon and he just might bring down the Internet.

But Averill isn't a hacker, cracker or terrorist. He's a cyber soldier, one of three dozen students at Sandia National Laboratories in Livermore who are training to guard the nation against high-tech crime.

Cyberterrorism is a top concern among security experts, who warn that vast computer networks, such as power grids or air traffic control systems, are vulnerable to attack.

So great is the threat that the Office of Homeland Security includes an office of cyber security and infrastructure protection. President Bush's proposed budget would increase cyber security spending from $2.7billion to $4. 2billion.

Five of the 70 or so students at Sandia's College Cyber Defenders Institute have landed full-time jobs there. Another is with the CIA and still another at the FBI's National Infrastructure Protection Center.

Since 1984, some 40,000 computer viruses have been identified. One of the most infamous, the "Love Bug," affected 15 million Americans when it coursed through cyberspace two years ago.

Fred Cohen, Sandia's computer security guru, has seen the danger coming for almost two decades. Three years ago, he started College Cyber Defenders to protect Sandia's computers. The Livermore lab does top-secret research and works with Los Alamos National Laboratory on the nation's nuclear arsenal, making it a tempting target for hackers.

At the time, Sandia couldn't compete with the fat salaries being paid to anyone skilled in "infosec" - computerese for information technology security.

"We couldn't buy what we needed because we couldn't afford it," said Cohen. "So we decided to build the talent we needed."

Learning infosec from Cohen is like learning theology from the pope. He created one of the first computer viruses - a term he is generally credited with having coined back in 1983 - and is an expert in infosec and tracking digital crimes.

Cohen scours the Internet for hacker programs and gives them to his students, who figure out how they work and how to defeat them. All told, they've tackled more than 1,200 "attack codes."

The program and its students have a good track record with the police, although details of the cases they have helped crack are confidential.

They have helped police in New York decipher encrypted images of child abuse and aided authorities in California and elsewhere while investigating child pornography cases.

But the program focuses on making computer networks more secure. The students also develop firewalls to protect computer networks from outsiders, create methods to recover damaged data and work on dozens of other projects intended to foil hackers and clean up the messes they make. Students spend more time in front of a monitor than a blackboard.

"It's hands-on," said Darrian Hale, 22, a San Jose State University student who joined the program two years ago. "You have the ability to mess things up and repair it."

Many students, who earn between $12 and $20 an hour, said working at Sandia is a unique opportunity to learn from the best while earning invaluable professional experience.

Getting into the program isn't easy. Participants endure long interviews and must provide references. A 3. 0 grade-point average is required.

Some of these kids have forgotten more about computers than most people learn. They pepper conversations with acronyms like LAN, VPN and NAT while discussing things like UDP packets and TCIP stacks.

And then there's the first test.

"They have to assemble two computers," Cohen says. "They have to know everything about a computer from soup to nuts."

Although students do most of the learning, they've done some teaching as well, Cohen said.

"We've had things where Ph.D.s have said, 'We don't think anyone can do that,' " Cohen said, "and a student's done it in two days."

On the Net:

For online information about College Cyber Defenders, go to education.ca. sandia.gov/ccd.