Luther Burbank Navy JROTC case study
Luther Burbank Navy JROTC cadets protect online accounts with YubiKey
About our customer Luther Burbank Navy JROTC
Luther Burbank High School is located in Sacramento, California and is part of the Sacramento City Unified School District. Three years ago, Senior Naval Science Instructor, Commander Tom Jones of the school’s Navy Junior Reserve Officers’ Training Corps (NJROTC) took a strong interest in cybersecurity with the assistance of the CyberPatriot Program.
The CyberPatriot National Youth Cyber Education Program was created by the Air Force Association to inspire high school students toward careers in cybersecurity or other science, technology, engineering, and mathematics (STEM) disciplines critical to our nation’s future.
At the center of CyberPatriot is the National Youth Cyber Defense Competition. The CyberPatriot competition puts teams of high school and middle school students in the position of newly hired IT professionals tasked with managing the network of a small company.
Introducing strong authentication
Since the introduction of the CyberPatriot program, the cadets have learned about the evolving landscape of cyber threats and the technologies to mitigate those risks. The importance of cybersecurity education is vital to those who have been raised online.
“It is clear that the future of our nation is at risk if we don’t have better cybersecurity. This program is helping our cadets to build valuable skills, increase their job opportunities, and also establish a strong foundation and understanding of cybersecurity in our youth.”
As part of the program, technology consultant Ben Kownack was working with Commander Jones to present the newest technologies to CyberPatriot cadets. In March, 2015, cadets were introduced to strong two-factor authentication with the YubiKey.
“U2F support being incorporated into the Chrome browser created an extremely easy demonstration of how effective, and easy, two-factor has become,” said Kownack. “When we took out some YubiKeys and set them up on Gmail accounts, the cadets were speechless with the simplicity of registration and single touch authentication.”
The NJROTC CyberPatriot cadets are using FIDO Alliance Universal 2nd Factor (U2F) supported YubiKeys to protect their Google accounts from phishing attacks and unauthorized access. Yubico’s U2F-compliant YubiKeys provide an additional secret beyond the password for cadets when accessing their Google accounts. Cadets simply plug the Yubico device into their USB port, enter their existing username/password, and touch the YubiKey button when prompted.
The extra layer of protection is the second factor. So even if a username and password (first factor) is stolen, hackers cannot get into an account without having possession of the YubiKey (second factor).
Security roadmap with the YubiKey
With an understanding of the technology, the NJROTC cadets are looking forward to expanding their uses of the YubiKey beyond U2F.
“With advanced protocols available in the YubiKey NEO, cadets understand that they can raise the implementation ceiling for the keys,” continued Kownack. “From encryption, cloud login, virtual machine, corporate network security and many other uses, they are excited to expand their understanding and development.”
In a single device, the Yubikey NEO has both contact (USB) and contactless (NFC, MiFare) communications. It uniquely supports One-Time Passcodes, smart card functionality, including OpenPGP and PIV, and the U2F protocol.
User experience and feedback
“We believe that YubiKey is a major step toward an all-encompassing cybersecurity strategy,” said Darin Nguyen, Luther Burbank Navy JROTC Cyberpatriot Team Commander. “Text messages work as a form of two-factor authentication, but using the YubiKey is much more effective. The YubiKey is hassle-free.”
Luther Burbank Navy JROTC is working to increase the size of its CyberPatriot team, further strengthening the importance and knowledge of cybersecurity awareness to our nation’s youngest generation.