The 2023 Cyber Recon Symposium was the latest high-profile event recognizing the outstanding cybersecurity research being conducted by the UC Santa Cruz Baskin School of Engineering. Cyber Recon is part of the U.S. Cyber Command’s (CYBERCOM) Academic Engagement Network (AEN), a group of 114 colleges and universities that includes UC Santa Cruz. The AEN institutions were selected by CYBERCOM to help advance national cybersecurity priorities and operations.
At the inaugural, invitation-only event, a team of UCSC engineering researchers led by Associate Professor of Computer Science and Engineering Alvaro Cardenas received two awards for their innovative cybersecurity research project, which involved developing a secure cyber environment to assess a specific malware designed to attack an electrical grid.
They received the Commander’s Award, the highest honor at the event, and the Guardian Award. Presented by General Paul Nakasone, commander of CYBERCOM and director of the National Security Agency (NSA), the Commander’s Award recognizes the most innovative and promising research. The Guardian Award recognizes “research with defensive cyberspace operations applications.”
The symposium was the culmination of a year-long Cyber Recon challenge, which tasked 16 CYBERCOM AEN universities to carry out original research in the area of cybersecurity. The UC Santa Cruz project involved two parts. First, they had to study the inner workings of two cyber weapons designed to attack Ukraine’s power grid. Then, they had to figure out how to develop a safe and secure cyber environment to study the malware while also keeping it contained.
The team—Luis Salazar, Sebastian Castro, Keerthi Koneru, and Juan Lozano, all engineering Ph.D. students in Cardenas’s Cy-Phy Security Lab—had to think strategically and innovatively, as there were no existing tools to safely execute and interact with this malware.
“At one point, we said ‘Hey, there is not a tool for that, so let’s build it—let’s make our own tool, let’s make our own sandbox, and let’s take the malware and fool it into thinking it is running on a power grid,”’ said Salazar in a CYBERCOM press release.
By the end of the challenge, team UCSC successfully developed and designed a cyber environment that would allow them to safely test the malware used during the attack.
“We are very honored to receive the top award at the first research event of CYBERCOM’s Academic Engagement Network,” Cardenas said. “Our performance positions UCSC as a top strategic partner to the U.S. Cyber Command as they expand their academic collaboration efforts. The importance of cybersecurity is growing within the Department of Defense, and we expect to work together with CYBERCOM to further our participation in helping keep our critical networks safe from attacks.”