Community Partners FAQ

Service Overview and Setup

How does the service work?

A collection device is activated on the customer network. It includes an embedded intrusion detection system that generates security alerts and collects metadata (packet headers: source and destination addresses, port, protocol, timestamp).

Do I need to buy anything?

No, the collector hardware is provided at no cost.

Are there infrastructure requirements?

Yes, if the community partner does not want to use the network tap, they will need an edge switch or router that supports port mirroring (“spanning”), which copies all traffic to a single monitoring port where the collector is connected. Ideally, rack space is provided for installation. Certain internal details (e.g., internal addressing, wire speed, internet connection) must also be collected.

How much work is involved in setting up the monitoring solution?

The collector is pre-configured and shipped to your location. You only need to connect it to the designated port. Instructions are provided, and a cyber engineer can assist remotely if needed.

Data Collection and Analysis

What type of data is pulled from the network for analysis?

The system collects intrusion detection system alerts (similar to anti-virus alerts) and packet headers (metadata). No content such as emails, web pages, or financial transactions is accessed. Collected metadata includes source/destination address, port, protocol, flags, timestamp, and traffic direction.

What types of things do the analysts find?

Analysts detect:

Malware that has bypassed preventive security measures
Suspicious internal network activity (e.g., scanning, cryptocurrency mining)
Criminal and nation-state scanning operations that target Internet-facing servers
Organized crime command-and-control communications
Indicators of compromised assets and data exfiltration

What is the PISCES data retention policy?

Data is retained for 90 days in a first-in, first-out stack.

How are security incidents reported?

A communication escalation tree is established during provisioning. PISCES notifies the affected jurisdiction using this process and provides as much detail as possible to aid in remediation, and follows up with any data or response requests.

Can you offer assistance in incident response?

PISCES provides limited assistance but can connect organizations with state Cyber Security Analysts or other free state resources..

Do the communities have any insight into the data?

Yes. A community liaison oversees findings and outreach, and alerts are sent to participating communities regarding suspicious activity. Community partners may request data extractions for internal investigations.

Beginning in 2026, community partners will also be given access to data from the on-premise device.

Security and Privacy

Will students be able to read emails or access sensitive content?

No. Only metadata is collected and analyzed at the Cyber Range. Students, instructors, and PISCES staff cannot view content such as emails, financial transactions, or web pages.

Do students go through a background check?

No, but they must sign a non-disclosure agreement. Since only metadata is collected, there is minimal risk of exposure to personally identifiable or regulated information. Collectors are also one-way, meaning data flows only to the Cyber Range and cannot be accessed from the outside.

Are international students involved?

Yes, international students participate under the same guidelines as domestic students. The program focuses on cybersecurity defense and does not teach network attack methods.

How secure is the data pulled from customer networks?

Security measures include:

90-day data retention
Physical security of the Cyber Range facility
Network-level access controls
Time-limited student access authorization
Data center security monitoring

Service Agreements and Participation

How long will my jurisdiction receive this service?

Jurisdictions with fewer than 150 employees receive the service for 3-year terms. If the organization remains under this size limit, the agreement may be renewed..

What if my organization is too large?

Organizations with more than 150 employees may receive 1-2 year agreements, with the expectation that they will transition to a commercial cybersecurity solution..

Will you respond to a public disclosure request for data?

No. PISCES does not originate data and will refer any public records requests to the originating jurisdiction.

How long is my data retained?

Data is retained for approximately 90 days for forensic analysis. If agreed upon, PISCES may hold data longer for academic research purposes.

Ensuring Security and Accuracy in Student Work

By sharing access with multiple students and universities, how is information security maintained?

Students only work with header data, not sensitive information.
Student Analysts only work with a “view” of the data, and cannot directly access it.
Strong network and user access controls.
The Cyber Range and data collection devices are periodically tested by the National Guard.
Students sign a non-disclosure agreement ensuring confidentiality.

How do we ensure the accuracy of student results?

Students are trained to detect anomalies in header data.
Anomalous findings are verified before being flagged as a credible threat.
Professors review and validate findings.
A professional cyber analyst from PISCES conducts a final review and, if needed, reports validated threats to the data-sharing partner with mitigation recommendations.