A few taps on his tablet computer and Justin Roberts sends a pair of trains loaded with hazardous materials on a collision course.
Or forces a nuclear plant into meltdown. Or shuts down the power grid for the entire Eastern Seaboard.
OK, the University of Nebraska at Omaha senior is really just sending malicious signals to a series of computerized controllers along the wall of a university lab, turning their winking lights from green to red.
But it's through such exercises that students at the Nebraska University Center for Information Assurance examine how terrorists, hostile countries or simply bored hackers could inflict massive damage by infiltrating the nation's critical infrastructure systems.
"In here, it's just lights, but when you think about how many things that could be connected to ... rail systems, water treatment centers, traffic control stations ...," said grad student Casey Glatter. "(It's) the idea of him sending a single message to a single one of these devices, but causing a catastrophic failure."
The school is creating defenders to join the cyberwar's front lines, with careers at major private-sector companies, government security agencies or military operations such as the U.S. Strategic Command.
The center is looking to expand its activities with a new master's degree program specific to information assurance. It's also seeking additional federal scholarship funding for students who agree to take government positions after they graduate. The program already has graduated 35 such scholars.
Glatter is off to Sandia National Laboratories in Albuquerque, N.M., after he finishes his studies next month. Another student, Tory Cullen, is joining Facebook.
Roberts is sticking around to continue his work in graduate school.
He recalled how he figured out —as a 12-year-old — how to get free access to HBO programming through his computer.
"Then I figured out UNO has a degree program that lets me do that," Roberts said.
He added that he now pays for his premium cable programming.
The students are working on how to simulate critical infrastructure systems, then launch cyberattacks to see how the systems react.
They want to know what happens if a particular part of the system gets hijacked. How does that affect the rest of the system? How does that affect the public?
It's like staging a virtual Armageddon.
They would like to connect their software models of power grids into actual computerized controllers and eventually hook up the whole thing to the Internet. Then they will watch the hackers tear into it and find weaknesses in the defenses.
They've already taken an early stab at that by putting online a system that appeared to the outside world to be a simple power controller.
This was not the kind of site someone would stumble upon while searching for the latest Kardashian news. You would find it only if you were looking for something to hack. And people were looking.
The students were able to track cyberattacks against the site from across the globe, many from China. Those attacks were particularly concentrated in an area around a university closely tied to the Chinese government.
That revelation underscored the importance of training U.S. students in ways to defend from cyberattacks. While the United States is believed to have been engaged in some offensive cyber-operations, such as the one that damaged Iranian nuclear facilities, these students are focused for now on the defensive side.
The UNO cyberscholars do compete sometimes against students at other universities in "capture the flag" contests, which can involve trying to hack into each others' computers, but they said that's more about understanding the way attacks work to design better defenses.
One defensive mechanism they're working on is a "gumstick" encryption device — so named because it's the size of a stick of gum — that could easily be popped into existing systems.
Ken Dick, research fellow of IT innovation, said that would be helpful, because the typical controllers that hackers could target don't have enough computing power to include encryption. By popping the gumstick into the system, companies could block intruders.
In many cases, it's simply not clear how vulnerable U.S. systems might be, because utilities and businesses generally don't volunteer information about their security designs or their experience with cyberattacks.
And things are ever-changing. Robin Gandhi, UNO assistant professor of information assurance, quoted one expert who says the country gets smarter on Tuesdays because that's when Microsoft regularly releases security patches to its software.
There's enough concern about the situation that Congress is examining different ways to tighten the country's cyberdefense.
Nebraska lawmakers such as U.S. Rep. Lee Terry have visited with the UNO center about the situation. Terry is among those leading House Republican efforts on cybersecurity.
Bill Mahoney, UNO assistant professor of information assurance, said it's not clear how effectively utilities and companies are protecting their new systems.
He noted that it's not unusual to simply open your laptop and find an unsecured wireless network, often just labeled "linksys." That means someone bought a router, plugged it in and never bothered to set up a password.
"You have the same possibility of that happening in equipment that controls things that have a very profound impact on people's lives," Mahoney said.
You might imagine a terrorist with a bomb that is set to take out the power grid, but Mahoney said all someone has to do is figure out the correct substations to hack into, and they could cause the system to go down like a line of dominoes.
"You hack into New York, and it trickles all the way west from there," he said. "You don't even have to leave your cave. ... It's cost-effective terrorism."
Contact the writer: