Hacking for Diplomacy Team Highlight: RIT Students Propose Solution for More Efficient DOS Data Analysis

The Department of State (DOS) is considering enhancements to its data architecture thanks to the work of a Hacking for Diplomacy (H4Diplomacy) student team from the Rochester Institute of Technology (RIT). Earlier this year, four RIT students worked with DOS cybersecurity specialists to find a way to more effectively streamline and analyze the massive amounts of event data - such as network log-in attempts and operating system information - created by United States domestic and overseas offices. Their semester-long project brought fresh perspectives to the Bureau of Diplomatic Security (DS), the problem sponsor said, and their proposal has the potential to help DOS respond more effectively to cybersecurity incidents and make better decisions in the interest of U.S. national security and diplomacy.

H4Diplomacy is a for-credit university class that engages students in solving critical DOS challenges at startup speed. Common results include but are not limited to, impactful insights about the problem and solution space, solution recommendations, DOS employee morale boost, a career pipeline for DOS, and student continued engagement with the problem space (forming a company, continuing an independent study, applying for an internship or fellowship with the DOS, etc.).

In collaboration with colleagues across the federal government, DOS works to protect America’s cyber interests through international engagement and deterring adversaries to better protect the federal government and the American people from cyber threats. The DS mission is to protect people, information, and critical infrastructure at more than 270 posts worldwide, according to a DOS public affairs official.

Given the size of the organization and its global operational landscape, data needed for security monitoring is spread far and wide across department networks. This creates a unique challenge for DOS cybersecurity specialists, the frontline cyber defenders, and incident responders: They must spend valuable time querying data and risk missing key insights.

“The goal is for DOS to be able to collect data a lot faster and process it a lot faster,” RIT student Jenelle Salazar explained, ”so that they can have the incident response as good as it can be.” Danh Nguyen-Huynh, a technical director within DOS’ Directorate of Cyber and Technology Security (CTS), said that the H4Diplomacy students’ project provided a pathway to upgrading their data architecture to address this technical challenge and showcased to senior executive leaders why solving this problem is worth the business investment.

Getting to the Root Cause of the Problem

The student team engaged in a rigorous process of interviewing 59 DOS end-users and industry experts to learn more about the data analysis challenge and iterate on potential solutions. The students honed in on the firsthand experiences of the cybersecurity teams tackling threat detection and response.

“Each person we interviewed came with a different set of expertise and that gave us a different take on the problem,” RIT student AJ Musacchio said.

Using insights from these interviews, they mapped out the flow of data from creation at embassies to analysis at security operation centers and pinpointed exactly where in the process intervention was needed - the creation, storage, and analysis of event logs. They also discovered the need for vendor-agnostic software and the potential for segregating incoming data based on its relevance to cybersecurity investigations. Musacchio said that meeting with senior DOS personnel, including Deputy Assistant Secretary Gharun Lacy and Division Chief Roy Matthews, highlighted the importance of collaborating with embassies to obtain all the necessary data for cybersecurity specialists to analyze.

The students also conducted extensive research into the private sector to learn how industry experts tackle similar cybersecurity challenges. One of the team’s DOS problem sponsors, Jake Trigoboff, said the students' unbiased assessments of commercial software products provided valuable insights for DOS in selecting suitable solutions.

“We have had the luxury of designing solutions over the course of years,” Trigoboff said, “RIT students took on the challenge and found solutions within weeks.”

Recommendations & Results

At the end of the semester, the students outlined a plan in which data from all posts could be analyzed more efficiently and effectively by DOS cybersecurity specialists. In their recommendation, specialized software tools would filter incoming data based on their significance to cybersecurity investigations and present cybersecurity specialists with only the most relevant data. The team provided commercial software recommendations for each step of their recommendation and included plans for technology onboarding, budgeting, and training personnel on their proposal.

IT Specialist Nick Swindell was the DOS primary point of contact for the student team - he said the students’ recommendations prompted his team to start looking into improvements that “nobody ever talked about.” Should the student recommendations be implemented, cybersecurity personnel in DOS will be able to respond more effectively to cybersecurity incidents and be able to make better decisions in the interest of U.S. national security and diplomacy.