Students and faculty from 11 cybersecurity clinics joined to learn about cyber careers and tackle a scenario on hacktivism

BY SHANNON PIERSON, PUBLIC-INTEREST CYBERSECURITY FELLOW, CENTER FOR LONG-TERM CYBERSECURITY

On November 9, the Consortium of Cybersecurity Clinics hosted its semesterly “Clinic of Clinics”, a virtual event for students participating in cybersecurity clinics around the world to network, hear from experts in the field, and engage in tabletop exercises and other activities. This fall, 87 students from 11 university-based cybersecurity clinics participated, our largest turnout yet.

The event kicked off with a briefing from Matthew Grote, Senior Lead for Cyber Defense Innovations at the Cybersecurity and Infrastructure Security Agency (CISA). Grote provided a comprehensive overview of the agency’s mission and responsibilities, plus an in-depth analysis of the cybersecurity challenges posed by some of the most pernicious state and non-state threat actors operating in cyberspace. 

Grote explained that CISA’s cybersecurity mission is to reduce the most significant cyber risks across domestic cyberspace by providing guidance, coordination, policy actions, no-cost services, grants, and leadership focus. The agency is devoted to securing critical infrastructure, fostering operational collaboration with industry partners to ensure the security of their technology, and disrupting threat campaigns orchestrated by advanced persistent threat (APT) groups from nation-states and ransomware entities.

He also emphasized that CISA allocates a significant portion of its efforts and resources to understanding, monitoring, and countering cyber threats originating from a handful of state and non-state actors. These actors include the People’s Republic of China, Russia, North Korea, and Iran, as well as criminal ransomware groups. These threat actors are becoming increasingly sophisticated and aggressive, capitalizing upon the vulnerabilities of an increasingly interconnected society composed of devices and systems that are inherently difficult to defend.

Grote said that students interested in pursuing a cybersecurity-related career in the federal government can explore job opportunities on CISA’s career page, and they can pursue federal internships and scholarship and fellowship programs through CISA’s annual internship program, the CyberCorps: Scholarship for Service, the Presidential Management Fellows Program, and the Presidential Innovation Fellows Program.

Grote underscored the risks posed by adversaries in cyberspace to U.S. critical infrastructure, emphasizing CISA’s pivotal role in thwarting and safeguarding against imminent threats. 

“China is almost certainly capable of launching cyber attacks that could disrupt critical infrastructure services in the U.S., particularly against oil and gas pipelines and rail systems,” Grote said. “That capability is something we worry about at CISA. Our work focuses on hardening these networks to ensure we are prepared.”

Following Grote’s presentation, staff from the Atlantic Council’s Cyber Statecraft Initiative led students in a tabletop exercise based on a fictional scenario in which a cyberattack on a desalination plant in Los Angeles during the 2026 FIFA Men’s World Cup threatens the water supply in the region. In the narrative, an anti-capitalist hacktivist group claims responsibility for the attack, stating that its primary objective is to raise awareness about the cost-of-living crisis and housing insecurity in Los Angeles.

Students were assigned to smaller groups in breakout rooms. They analyzed the cyber incident by scrutinizing both facts and assumptions in the scenario, identifying relevant stakeholders, and formulating policy recommendations. They also outlined short-, medium-, and long-term objectives and evaluated worst-case versus likely outcomes. Finally, students deliberated on effective public communications strategies and reflected upon the increasing role of software and technology in society, proposing interventions that could prevent such incidents from occurring in the future.

The Atlantic Council’s learning activity, which was based off of scenarios they previously ran for the Cyber 9/12 Strategy Challenge, provided students from the cybersecurity clinics with a deeper understanding of the policy and strategy challenges associated with managing trade offs during a cyber crisis.

“We were debating back and forth about whether covert or overt action was the best practice initially,”  said Kincaid Keating, a student from the University of Alabama. “We eventually concluded that we should keep incident response covert and public communication about the attack limited until we obtained more information, scoped the damage, and obtained concrete facts about the incident. From that point, we discussed pulling in the appropriate agencies and building a team to look into this cyber incident to determine what assets were compromised and how this attack happened, and to begin system recovery.”

The exercise debrief concluded what was the most well-attended Clinic of Clinics in the Consortium’s history. Students who participated in the event will receive a custom mint-green challenge coin. They can collect a new coin for each Clinic of Clinics they participate in.

CLTC sends our sincere thanks to CISA, the Atlantic Council, and everyone who participated! Stay tuned for more from this community of public interest cyber defenders.