The National SecureUS Collegiate Cyber Challenge Exercise for National Centers of Academic Excellence – Cybersecurity (NCAE-C) Institutions, hosted by Norwich University Applied Research Institutes (NUARI) on 19 November 2024, was funded and coordinated by the NCAE-C Careers Preparation National Center (CPNC). The CPNC is a NCAE-C grant program led by Norwich University. Dr. Sharon R. Hamilton, Norwich Vice President of Strategic Partnerships, is the CPNC Principal Investigator. The SecureUS exercise serves as a vehicle to equip NCAE-C students with real-world Incident Response (IR) skills to set them apart in the workforce upon graduation. Students and faculty from across the country worked to resolve cybersecurity incidents presented within a relevant and timely elections-based scenario.
The SecureUS exercise brought together diverse participants, including students and faculty from NCAE-C designated institutions, such as the University of Maryland Baltimore County, DeVry, and Middle Georgia State University.
This event was a virtually facilitated exercise led by NUARI’s Cyber Exercise Team in a Tabletop (TTX) exercise format utilizing NUARI’s DECIDE® Platform for exercise play and MS Teams for facilitation and administrative tasks.
The focus was on cybersecurity incident response skills presented in an elections-based scenario. In the simulation exercise, participants took on the role of Director of IT for the Elections Office of a large metropolitan county. They respond to various hazards, including ransomware and website defacement, using an incident response plan based on NIST Incident Handling Guidelines. The scenario involved two primary cybersecurity incidents: ransomware impacting an internal email server and loss of control of a public-facing website server, leading to defacement. Supporting elements include citizen complaints, information requests from senior officials, and interactions with simulated cyber insurance providers.
The SecureUS exercise yielded outstanding results, with participants successfully achieving both exercise objectives. Players effectively translated their academic expertise into real-world skills by bridging the gap between theoretical knowledge and practical application. Participants demonstrated their ability to identify indicators of compromise, respond to complex cybersecurity incidents, and implement effective incident response strategies, showcasing their growth as future cybersecurity leaders.