Rural Idaho is vulnerable to cyber attacks. Here’s how Boise State is building defenses
Cyber attacks aren’t just a big city problem — in the eyes of a hacker, rural communities are often vulnerable and enticing targets.
Boise State University’s “Cyberdome,” a new skill development program, is providing free security services to Idaho’s rural and remote communities and attempting to protect them from cyber crime. The program also aims to fill the state’s cybersecurity talent gap by employing and training Idaho’s university students.
Contrary to common belief, rural areas aren’t inherently protected from cyber attacks, Edward Vasko, director of the Institute of Pervasive Cybersecurity at Boise State, told the Idaho Statesman. Vasko has over 30 years of experience in the cybersecurity industry.
“Rural communities don’t necessarily have the people or technology to protect critical infrastructure and critical data,” Vasko said.
If a rural community is at all connected to the internet, it’s open to attack, Vasko explained. Residential information, such as tax and health data, as well as critical infrastructure — water, sewer, electrical and trash systems — are potential targets for hackers, he added.
Sun Valley was the Cyberdome’s first partnership. In just one year, the list of clients has grown to nine cities. The team started a waitlist for more cities that would like to join.
These communities are receiving support from experienced cybersecurity professionals alongside Idaho university students, who use a suite of tools in Stellar Cyber’s Open XDR platform to support rural clients. Any student in a two-year or four-year public institution in Idaho can apply for the program’s internships, Vasko said.
The Cyberdome aims to fill a hole in the market by training future tech professionals and hoping some stay local. Idaho currently has over 5,000 cybersecurity job openings, with only about 4,500 employed cybersecurity professionals in the state, according to Cyberseek.
“We have an opportunity to help Idaho businesses, government, and citizens reduce risk by directly attacking this workforce need,” Vasko said.
It’s also a national opportunity, as there are over 700,000 job openings in the U.S., with only about 1 million employed cybersecurity professionals.
Cyber criminals threaten rural areas
Cyber attacks typically come from three major categories of adversaries, Vasko said — hacktivists, nation states, and cyber criminals.
Hacktivists attack computer systems as a form of political or social protest, Vasko said.
And countries that are adversarial to the U.S. are looking to impact critical infrastructure, Vasko added. Rural communities, which might have connections to state systems and under-resourced cyber defenses, could be an ideal target.
“It comes back to the old adage that the weakest link in the chain is the one that breaks first,” Vasko said.
While nation states pose a real risk, rural communities have been most impacted by the third category of adversaries: cyber criminals, Vasko said. Cyber-criminal organizations have been forming for over a decade now, gathering in what is effectively a corporate structure, he added.
In ransomware attacks, they hold electronic infrastructure hostage for money. Schools, hospitals, and governments can’t work if they can’t access their data, Vasko said.
“It’s no different than a robbery,” Isaac Bard, a Boise State computer science undergraduate and Cyberdome engineer, told the Statesman. Bard joined the Cyberdome last summer and helped perform risk assessments for rural Idaho communities.
Rural areas tend to have weaker cybersecurity defenses, Bard said. Third parties can target those rural areas and conduct risk assessments, which are cybersecurity audits that evaluate a community’s digital vulnerabilities.
“A formal risk assessment would just butcher any small municipality anywhere in Idaho and most states if you were to do a really, really formalized one,” Bard said.
No stone is left unturned. In one assessment, the Cyberdome even evaluated the computer networks used by the city’s rodeo grounds and skate park, Bard said.
Rural clients have already started making changes, Bard added, and following through on the recommendations is a matter of time and manpower.
Bard’s experience has shown him that the need for cybersecurity workers isn’t going away. All technology requires robust security, Bard said.
But even with high job demand, it can be difficult to break into the field, Jeff Crawford, a Boise State cybersecurity graduate student and lead student Cyberdome analyst, told the Statesman.
Crawford’s interest in cybersecurity comes from a lifelong motivation to serve and protect. He began studying cybersecurity after leaving the U.S. Army in 2016. With a master’s degree and multiple certifications, he wants to support Idaho’s computer security.
“I can then help protect people and serve the people of Idaho because I love this state,” Crawford said.
