The NSA is taking on a more public role trying to boost U.S. cybersecurity defenses
The hope for the camps is to attract the interest of young people to consider pursuing cybersecurity careers
Summer camp evokes memories of nature hikes and canoeing in bucolic woodsy settings.
But for about 200 high school students from 30 states, camp this summer means rigorous hours spent in classrooms learning everything from how to exploit computer network security and writing code for rudimentary websites to automating a robot made of Legos.
Instead of late night camp fires, some campers spent hours with their faces lit by laptops as they tried to fix lines of computer code to catch up on the day’s lessons.
Welcome to summer camp, NSA-style.
The spy agency was once so ultra-secret that old hands in national security still call them by the nickname No Such Agency.
Now, the National Security Agency is taking on a more public role trying to boost U.S. cybersecurity defenses.
The GenCyber camp at Dakota State University, one of 43 camps the agency sponsors around the country in conjunction with the National Science Foundation, is one small part of that effort.
In a summer dominated by news of major cyber breaches at the Office of Personnel Management, the NSA is hoping to spot the next generation of white hat hackers and computer security whizzes.
The hope for the camps, NSA officials say, is to attract the interest of young people at a key point in their lives to consider pursuing cybersecurity careers. Young white hat hackers are prized by the NSA and private industry. If they don’t end up working for the NSA or other U.S. government agencies, perhaps they’ll work for big companies to help secure networks from criminals and foreign spies.
Steve LaFountain, who started as an NSA analyst in 1982, is now the dean of the agency’s College of Cyber. He helps oversee the agency’s efforts working with 29 universities that are hosting the 43 camps this year, which are free for the teens, who apply to get in.
“We just want the kids to walk away with a better appreciation of cybersecurity. Just so they’re more aware of what is online and what is on the Internet. What they can do and what they can’t do,” LaFountain said.
For the kids at the camp, NSA controversies over mass surveillance programs – brought to light by disclosures by former NSA contractor Edward Snowden – appear to take a back seat to their thrill at using new technology. This year campers were each given small Raspberry Pi devices, which are small computers about the size of a credit card, to take home and to keep working on their skills.
The campers have few distractions on the small quiet Dakota State campus, located amid the flat big-sky farmland expanse in the southeastern corner of South Dakota.
Regina Van Driel, a high school senior who is one of a handful of girls at the camp, is attending for the second consecutive year.
She arrived at Dakota State last year intimidated because she knew little about computers. At home, in Mitchell, South Dakota, she doesn’t have access to the same type of equipment. But by the end of the week she had built her first website. “I definitely like the idea of being able to look at somebody’s website and try to figure out whats wrong and help them,” she said.
In a hacking exercise, she learned how easy it is to compromise someone’s data with minimal information and how vulnerable many networks are to cyber attacks. “It was crazy scary how fast we were able to get their information just by hacking their IP address,” she said.
In one exercise, students are shown how they can use antennas and computers to intercept common wireless data commonly found everywhere. Cars made in recent years have tire stems that send out unique codes to tell onboard computers when the tires need to be inflated. Aircraft in the sky broadcast unique identifying codes that can be used to find out ownership and other data.
“We have a lot of wireless technology around us, things we don’t think about. We think of some data as meaningless” said Michael Ham, a Dakota State instructor at the camp. “Pretty much everything that transmits wirelessly happens on some frequency. So if we can pick up on what the frequency is, do some analysis on that data, we could maybe intercept or replace that data.”
The Dakota State instructors running the camp are aware outsiders might view with skepticism the idea of teaching kids powerful skills that could be used for harm. That’s why sessions on exploiting computer vulnerabilities also come with a dose of ethics lessons, they say.
“Everybody kind of asks us that. Like, ‘Geez, you’re teaching them network exploitation or software hacking’ or something. And that’s true. We do that under two different, kind of shadows. We do it under the shadow of, ‘You need to know how this happens so you can better protect,’ and then we do that under a very heavy ethical shadow,” said Josh Pauli, associate professor at Dakota State who helps lead the camp.
Many of these lessons could be applied to other aspects of their lives as more technology becomes available and more data is produced, camp officials say.
“Even if they are just at home. In order to protect themselves at home, they need to have this awareness,” LaFountain said.
Then again, these are teenagers, and it is summer camp.