IDAHO FALLS, Idaho -- It's called the "Dark Side" because the 50 workers there prefer to keep the lights low so they can dim the brightness on their computer screens.
Or maybe it's because of what they do in cyber research and development.
Questions about what goes on at the heart of one of the United States' primary cybersecurity facilities, the Idaho National Laboratory, aren't always answered, and photos by outsiders aren't allowed.
What is shared is that the U.S. is rushing to catch up with what cybersecurity experts say are threats by hackers to systems that operate energy pipelines, hydroelectric projects, drinking-water systems and nuclear power plants across the country.
Scott Cramer, who directs the lab's cybersecurity program, said current efforts mostly involve "bolting on" cybersecurity protections to decades-old infrastructure-control systems amid concerns that they've already been infiltrated by malicious entities waiting for the opportune time to strike.
"This is no joke -- there are vulnerabilities out there," he said. "We're pretty much in reaction mode right now."
The Idaho National Laboratory is mainly known as the nation's primary lab for nuclear research. But in the past decade, its cybersecurity work has put it on the leading edge there as well, and it's expanding.
A new 80,000-square-foot building called the Cybercore Integration Center will hold 20 laboratories and 200 workers. Another 67,000-square-foot building called the Collaborative Computing Center will house one of the nation's most powerful supercomputers. The buildings are expected to be finished next fall at a cost of about $85 million.
"We're almost out of space, and we're hiring like mad," Cramer said. "So having that [integration center] building in a year is going to be incredible for us."
The lab's focus is on what are called critical infrastructure-control systems, as opposed to cybersecurity systems intended to protect information, such as banking or personal health records.
Its employees work to prevent threats like one that occurred in 2013, in which the Justice Department said seven Iranian hackers working at the behest of that nation's government gained access to the controls of a dam in the suburbs of New York City. Prosecutors said the hackers would have been able to remotely access the dam's gate, but it was disconnected at the time for maintenance. Prosecutors in an indictment made public in 2016 called it a "frightening new frontier in cybercrime." The hackers remain wanted by the FBI.
The Dark Side room is in one of multiple buildings that house the lab's cybercore. It's decorated with workers' "alter egos," life-sized cardboard cutouts of Star Wars heroes and other famous characters such as Sheldon, the genius and socially inept main character of the comedy show The Big Bang Theory.
"That workforce is a unique culture with brilliant minds," Cramer said.
The Idaho National Laboratory's cybersecurity staff also has an electronics lab to dismantle and examine computers, including pulling information off severely damaged storage drives. The electronics lab contains a map of the U.S. West's electric grid and a car-sized computer that helps test the security systems of Western utilities, including Idaho Power, which serves an estimated 1.2 million people in southern Idaho and eastern Oregon.
Brad Bowlin, an Idaho Power spokesman, said the company as a matter of policy doesn't comment on its cybersecurity efforts.
In general, hackers can include foreign entities and nation-states, malicious computer geeks, and even kids with no intent to do harm but just a curiosity to see whether they have the skills to breach a system's security. Those kids, it turns out, are candidates for the lab's Dark Side room.
"Those are the kids we're looking for," said Darren Stephens, a cyber-researcher at the lab.
The Idaho National Laboratory makes efforts to find those youths beginning in middle school. It also looks for junior and high school students and has competitions that it plans to expand to nudge tech-savvy youths toward cybersecurity careers.
The lab recently held a contest among college students involving Idaho universities and other national labs and colleges, in which workers in the lab's Dark Side attempted to hack into systems the students tried to defend.
It's seen as a fun competition, but it's also a proving ground to find the next generation of cybersecurity workers as a shortage of more than 1 million employees by 2020 is estimated. Cramer said the nation's universities don't even have coursework to train future cybersecurity workers.
That's something he's working to change with Idaho universities that could ultimately offer degrees to draw those students and become a main supplier for good-paying jobs in cybersecurity.
"The problem is so new and challenging that we don't have the workforce right now to challenge the problem efficiently," he said. "We're in a bit of a scramble mode to help get caught up and train folks to get our arms around a big national challenge."
Business on 12/25/2018
Print Headline: Lab works to guard U.S. infrastructure from cyberattacks