Small Army Of Cybersecurity Warriors Trains To Digitally Defend Energy Industry

The Idaho National Laboratory sets up trainees in a virtual "escape room" — immersive digital scenarios where students must solve cybersecurity puzzles under pressure.

“It’s the coldest and stormiest night of the year,” the escape room scenario reads. “The roads are closed. No one is around except you and your team. Then the unexpected happened. An adversary hacked into your electric utility, installed a Remote Access Trojan (RAT) and shut off all the power to your customers while you watched the lights go out, disbelieving and helpless.”

This is exactly the kind of high-stakes cyber emergency that Jeff Hahn, project manager with the cybersecurity training at INL, uses to prepare the next generation of energy defenders.

"You've got one we call ‘Black Start,’" Hahn told Cowboy State Daily. "It's a town called Barnesville, and they've just hired a bunch of people. You're in there on your first day of work, and all of a sudden there's a cyberattack that blacks out the entire area.

“And so, what you've got to do is bring these power plants up online, solve the problems of this cyberattack created so that you can actually get to the systems."

As Wyoming positions itself as a leading energy exporter — from coal and natural gas to wind, solar and by the 2030s nuclear power — this state-of-the-art cybersecurity training represents a critical, but often overlooked, component of any energy boom.

Top Training

Hahn's training focuses on detecting attackers before damage happens. 

"Our real effort right now is on helping people identify how to find the attacker," Hahn said. "There's people that get into the network, and then they have to get around and figure out what systems you have and things like that. During that time, if you're looking, you can find those telltale signs of what's actually happening."

The lab has trained Wyoming energy workers, including oil and gas personnel who brought their own control systems to exercises. 

"They brought their own control systems and we let them plug that into our network,” said Hahn, who ran through challenges presented by different sectors of the industry. 

"Windmills for example. They are a control system out in the middle of nowhere. There's nobody really watching and they're all operated remotely,” said Hahn, contrasting wind and solar with oil refineries. 

“That's a completely different system than a windmill because the windmill, as long as it's working and operating, you're just going to kind of watch it maintain it, make sure everything is OK,” he said. “But it's kind of a little sleepy job compared to an oil refinery. You actually have to really watch closely because anything can be upset at any time.”

Time On The Cyber Range

At Laramie County Community College, Dan McIntosh oversees Wyoming's only National Security Agency Center for Academic Excellence. 

"What that means is our program has been designated by the NSA as being capable of training the next generation of workers to go into those three-letter agency (FBI, CIA) positions," said McIntosh.

The college uses hands-on training with real scenarios played out in a miniaturized town called Cyber City. 

"We have a cyber range, so basically … it's a physical space. You've got, like, little miniature buildings that are basically networked,” said McIntosh. "What that effectively allows is, let’s say you have a red team and a blue team.

“The red team, you're going to try to attack a natural gas (plant) or you're going to try to attack the data center at the edge of town. Blue team, you're gonna try to defend against that."

McIntosh emphasized Wyoming's particular vulnerabilities due to its economic dependence on energy. 

"I think first and foremost, we have to look at it in terms of the role that natural resources and energy plays in our economic model, right?” he said. “So, the fact that we are so largely dependent on these resources, it’s a vulnerability not just to that industry, but to the entire state.”

Real-World Threats

Wyoming has already experienced cyber-related threats. 

In June 2021, Eastern Wyoming College in Torrington was the target of a cyberattack that disabled the institution's computer, phone and email systems for several days.

The attack happened early June 22, a Tuesday, forcing the college to operate at limited capacity while working with local law enforcement, the Department of Homeland Security and IT professionals to investigate and restore services. 

All employees at the college’s Torrington and Douglas campuses were affected and unable to access email, phones or computers during the outage. College officials later stated that no student or employee data was breached during the incident. 

“They suffered immensely because of that," McIntosh said.

Also in 2021, the Colonial Pipeline attack demonstrated national stakes when hackers forced a six-day shutdown that created natural gas shortages across the Eastern seaboard. And in March 2019, Western Utility had a denial-of-service attack. 

A lessons learned document produced by the North American Electric Reliability Corp. highlights the need for continuous monitoring and employing redundant firewall configurations. 

Beyond the tech fixes, McIntosh warns that human factors often create the biggest vulnerabilities. 

"Sometimes it can be through the internet, but oftentimes, if you think about some of the attacks where they've done, which basically you just toss a USB on the ground and then someone will pick it up and wonder what it is and plug it into their computer,” said McIntosh. 

CyberWyoming's Outreach

The CyberWyoming Alliance works to build cybersecurity awareness across the state through programs supported by Idaho National Lab.

The nonprofit organization runs initiatives like the Cyber in a Box School Video Challenge, where students create videos about securing Wyoming's critical energy infrastructure.

Laura Baker, executive director of CyberWyoming, told Cowboy State Daily the mission focuses on workforce development and community education. 

"One of our goals for years has been to try to keep our young at home," Baker said, noting that cybersecurity careers offer "really good jobs" that don't require leaving Wyoming.

The organization's school video challenge, funded through an Idaho National Lab grant, engages students in learning about energy cybersecurity. 

"The challenge topic this year is critical energy infrastructure, how to secure it, what some of the pros and cons are,” explained Baker in one of the educational videos. 

The video features Scott Haynes, a wind energy expert who describes how turbines are ultimately connected to the web.

"Every single turbine, with very few exceptions, has what they call a SCADA (supervisory control and data acquisition) system in it, and they monitor signals from hundreds and hundreds of channels,” said Haynes. “I mean, the modern turbines can have 400 channels of data coming off of them at a time.

“And each one of these channels is a data signal that travels over fiber optics to a plant controlling computer and that plant controlling computer is typically hooked up to the internet."

In another video, John Jorgensen, vice president and chief security officer at Black Hills Energy, emphasized what’s at stake.

“Our company provides life-saving energy because we're powering hospitals,” said Jorgensen. “If you think about what happens, with folks that have health issues in their home, they may have an oxygen concentrator and they may need that oxygen to survive.

“And then heating and cooling, for example, on extreme temperature days. You're in Wyoming, you know how cold it gets. What happens if there's no heat, right?"

As Hahn at INL put it, "You turn off an email server for 10 minutes and it's OK, no big deal. You turn it off to a refinery for 10 minutes and you've got a world of hurt."

David Madison can be reached at david@cowboystatedaily.com.