The University of Idaho has launched its Cybersecurity Training and Operations Center, in Post Falls, where it hopes to educate and certify 350 information technology security specialists through hands-on simulated cyberattack response training in the next two years.
The CTOC is partnering with the Information Systems Security Certification Consortium, more commonly referred to as (ISC)2, to provide training to meet its globally recognized credentials, says Karen Thurston, director of the university’s new center.
Florida-based (ISC)2 is the largest nonprofit membership organization of software security professionals.
More locally, the 200-member Spokane chapter of the Community Security Coalition also is supporting the CTOC’s mission, Thurston says.
CTOC provides concentrated training and certification programs, on-the-job training, and hands-on security in a functional security operations center, Thurston says.
High-profile corporations like Target Corp. and Home Depot Inc. aren’t the only prey for hackers, Thurston says. Small and medium businesses also are attractive—and too often easier—targets, she says.
Thurston says businesses and organizations need to implement hacker prevention practices and to know how to recognize cyberattacks, which usually avoid detection by consumer software.
“If you’re not monitoring your network, or your Internet services provider isn’t monitoring it, you might not be aware of cyberattacks,” she says.
A successful cyberattack can compromise or steal sensitive data and alter software coding.
Employee awareness about potential cyber vulnerabilities also is critical, she says, adding that hackers are finding a growing number of ways to exploit vulnerabilities.
“You used to have to be plugged in,” she says. “Now, mobile devices present new attack points.”
The CTOC is a cooperative effort between the university, industry partners, and the state of Idaho, she says. It’s being funded through a $463,000 grant through the Idaho Department of Labor with support of the Idaho Department of Commerce.
Coeur d’Alene-based Kootenai Health, Fatbeam LLC, Highpoint Medical Inc., and Boise-based Idaho Power are providing a $155,000 match.
Kootenai Health and Spokane-based Avista Corp. are among industry partners helping to develop an on-the job training curriculum for cybersecurity specialists.
So far, the CTOC has certified 31 people, most of whom work for Kootenai Health. As mentioned earlier, it hopes to train 350 people during its two-year grant period.
The CTOC had scheduled two free seminars earlier this week focusing on best cybersecurity practices for businesses. Thurston says she likely will schedule the next seminars by May.
Other entities showing early interest in the certification training include the Coeur d’Alene Tribe, the city of Coeur d’Alene, a Spokane security company, and a Coeur d’Alene hospitality company.
“We want to bring in businesses and show them who’s trying to attack their networks,” Thurston says.
The CTOC is located in a 1,200-square-foot classroom in the Jacklin Science and Technology Building, at 721 S. Lochsa, in the UI Post Falls Research Park. As of early this month, it was finished only with a few rows of chairs, a whiteboard, and a bare table.
Thurston says she expects to set up a computer lab in a corner of the room in coming weeks. The lab will have the capability to simulate cyberattacks in real time, she says.
Fatbeam, a fiber-optic network provider, and Ednetics Inc., a Post Falls-based provider of integrated information technology products and services for education and government operations, have installed a high-speed fiber connection that’s isolated from the university’s network.
“The fiber connection is ready, and we hope to have the equipment in the first quarter,” Thurston says.
The university’s Center for Secure and Dependable Systems, directed by computer sciences professor James Alves-Foss, is assisting the CTOC in an advisory role, she says.
Alves-Foss also is leading a team that’s a finalist in the Cyber Grand Challenge, a competition sponsored by the U.S. Department of Defense to develop automated cybersecurity systems.
While the University of Idaho offers undergraduate and graduate degree programs in computer science programs through its main campus in Moscow, Thurston says the CTOC’s program is aimed at technical education and professional development.
“This program is more workforce-oriented, as opposed to a degree program,” she says.
Its primary targets are cybersecurity specialists and information-technology professionals with a minimum of two years of experience.
“That includes everything from computer help desk to programming to primary IT,” Thurston says.
The CTOC has contracted with two instructors, one of whom is Michael Meline, head of data security for Kootenai Health. The other instructor is based in Boise.
“The grant is a statewide grant, but the lab will be here,” Thurston says.
The Post Falls CTOC location is ideal to attract people from Eastern Washington and farther west into the Seattle area because of the training program’s comparatively low cost, she says.
The (ISC)2 training course, for example, is initially offered for $2,150 per participant and can be scheduled over five weekdays or three weekends.
Thurston asserts there will be 21,000 job openings this year in the U.S. that require Certified Information Systems Security Professional or equivalent certification in the next two years.
While the program courses are open to anyone, Thurston says the goal of the Idaho Department of Labor is to attract and keep more cybersecurity jobs in Idaho, she says.
Thurston, who wrote the grant request for the CTOC, was hired by the University of Idaho in 2014 and has lived in North Idaho since 2004.
Her background is in a variety of software-related analyst and project-management positions, including managing a company that provides postal presort software to large mailers.