PISCES
Public Infrastructure Security Cyber Education System (PISCES)
Free Network Monitoring for Kentucky Jurisdictions
Local governments need more resources, like network monitoring support, and cyber students need experience working with real data. And that’s where PISCES comes in. Interested in participating as a government or education partner? Use this form from the Kentucky Office of Homeland Security.
For more information you can visit the Kentucky Fusion Center and Kentucky Office Homeland Security or PISCES - International.
Press Release: Murray State University Press Release on PISCES Partnership
Questions on PISCES
Click on the question below for more information regarding PISCES.
The Public Infrastructure Security Cyber Education System (PISCES) provides qualified students with curricula and supervised experiences to act as entry-level cyber analysts. Students analyze streaming data for small communities or municipalities who may otherwise not be able to obtain cybersecurity to the extent needed. Through PISCES, a reliable high-quality pipeline is being developed to address the shortage of cyber professionals ready for the workforce.
PISCES trains a future workforce of entry-level cyber analysts to meet the ever-growing demand for businesses to adapt to and protect against dynamic cyber threats. Municipalities and communities facing similar vulnerabilities need these services but in many cases are unable to secure the resources to meet their needs. For municipalities, collaboration with universities and students helps them meet these needs and remain protected.
Through their involvement in this program, students have their information distributed to top-tier companies who seek to hire. This symbiotic relationship serves a dual purpose: Students gain an advantage in the job market upon graduation, companies gain access to valuable and well-trained new employees, and universities gain the benefit of name recognition, potentially higher employment statistics for alumni, and a strengthened academic program.
Students will be prepared to work with and process large volumes of live data. They have worked with network flow data and developed alerts from an embedded intrusion detection system. These students are capable of monitoring real-time, live data streams in abundance and detect irregularities from expected data, pinpoint those irregularities to determine the validity in an attack or malicious actor, and through this screening, they report credible threats. With these qualifications and experiences, these students can work in diverse industries and sectors.
PISCES ships collectors with a network tap to avoid situations in which customers lack networking switches capable of spanning or mirroring ports. Deploying the collector with the tap causes an approximately 10-second network outage.
Volunteer efforts as well as support from the Department of Homeland Security have supported the establishment and operation of PISCES. As the program grows, a goal is to partner directly with hiring organizations (public and private) to meet funding and sustainability goals. PISCES has initiated a team to focus on this issue.
The data collected are limited to packet headers and alerts from an intrusion detection system embedded in the collector. This is metadata about how content is delivered but not the content itself (no email, health records, criminal justice data, financial transactions, or privacy information). Within the collector system, a Suricata intrusion detection system is updated daily with detection patterns. The monitoring stack itself is located at the Western Washington University Poulsbo Cyber Range and is both physically protected and monitored for security events just like any other PISCES customer.
PISCES uses a community liaison to oversee tickets and conduct outreach to the data sharing partners to validate student findings. Additionally, notifications and alerts are sent to all the participating communities highlighting any suspicious activity the students observe.
Currently, the data is retained for 90 days in a first-in, first-out stack.
No.
No. Since PISCES is not a data originator and the monitoring stack is not the system of record, we will not be responsive to public records requests and will direct any received requests back to the data sharing partner.
No. Data collection is passive and the monitoring stack itself is not located on the customer premise.
PISCES International maintains the infrastructure with engineering operations provided by Critical Insight along with resources from Western Washington University that maintain hands-on access to the monitoring stack hosted at the Cyber Range.
The monitoring stack housing customer metadata is protected by strong access control, which includes both technology (e.g., firewalls) and process (user provisioning and deprovisioning). Each PISCES “chapter” (which may be an entire state) uses physical and virtual network isolation. The Cyber Range is also monitored by PISCES itself, along with an additional intrusion detection system for redundancy. Access is provided through VPN tunnels only. Dedicated OpenVPN and DNS servers are provisioned for each chapter. All services are authenticated against a LDAP server. Dedicated OpenLDAP servers are also provisioned for each state.
Additionally, dedicated physical and virtual network isolation is established for each state via the firewall and cloud network virtualization. TLS is enabled on all services. The services are also protected by rotating TLS certificates via Let's Encrypt. All services run on stripped down and hardened Docker containers as non-privileged user processes.
In addition to the protections listed above, the Elasticsearch product has built-in protections against data loss and corruption, including:
-
Collectors connect and deliver metadata to the Cyber Range via a nested SSH tunnel.
-
Communications are encrypted to, from, and within the Elasticsearch cluster with SSL/TLS.
-
Role-based access control is established for Elasticsearch users.
-
Elasticsearch nodes authenticate users as they join the cluster using SSL certificates.
Thanks to the PISCES partners
For more information you can visit the Kentucky Fusion Center and Kentucky Office Homeland Security or PISCES - International.
Connect with us
Subscribe to our Murray State Cyber Center Youtube Channel
Like us on Facebook @Cyber at Murray State University
Follow us on Twitter @MSUCyber
About the Cyber Center at Murray State
Murray State University received funding in 1998 for a Program of Distinction in telecommunications, using resources made available through the Regional University Excellence Trust fund. Specifically, a Center for Telecommunications Systems Management (CTSM) was established through which the University is to address regional and national public and private sector needs. As technology has evolved, so has Murray State's approach to technology education. As of December 2021, the center changed its name and focus. The Cyber Education and Research Center (Cyber Center) will provide education, research, development and outreach support for Murray State's cyber-related programs.