Sierra Vista, Arizona, will let college students try to hack its computers

The City of Sierra Vista, Arizona, announced an agreement with the University of Arizona and a cybersecurity company on Friday to give students and city staff real-world experience in understanding cyberattacks.

Students at the University of Arizona’s College of Applied Science and Technology, which is based in the 43,000-person city located just south of Tucson, will have the option to enroll in a course that allows them to attempt non-malicious cyberattacks on city employee computers through the new partnership.

The idea is to both improve employee recognition of cyberattacks and grant students experience in understanding social engineering, a form of manipulation that uses peoples’ lack of knowledge to exploit them online. Cities are increasingly enticing targets to hackers; at least 45 cities across the country have reported ransomware attacks this year, according to the antivirus company Emsisoft.

“This partnership will help protect our people and give them a world-class education on recognizing and avoiding cyber attacks,” Sierra Vista Chief Information Officer Abe Rubio said in a press release. “Real attacks can be costly, time-consuming, and difficult to repair. This partnership will not only save the City money but will make all of our employees much more secure.”

The course was developed by the college and Social-Engineer, a Florida cybersecurity training and services company. Christopher Hadnagy the CEO of Social-Engineer and an adjunct professor of social engineering at University of Arizona, will teach students the psychology and social-engineering methods that hackers sometimes use, according to the city.

“One of the hardest tasks in educating students about social engineering is finding ways to provide skills practice that are both legal and ethical,” Hadnagy said in the press release.