WASHINGTON — A cyberattack took place recently in a darkened classroom at the U.S. Naval Academy.
The target was a computer demo a set up by Ensign Justin Monroe, a recent academy graduate who was instructing first-year midshipmen on the basics of website attack and defense.
But someone in the class was ahead of the game, defacing the fictional web page he’d set up as a teaching tool. Monroe, 23, the first naval information warfare officer to be commissioned out of the academy, squinted as he scanned lines of code that students had injected into the website.
“OK, who the hell turned everything blue?” he said. “Turn it back, please.”
Monroe laughed along with the students, but the mission of the class is seen as deadly serious. That’s why for the first time, incoming students this year take a mandatory cyberwar class.
The requirement was born of the growing concern that even if no power on Earth can challenge the U.S. Navy head on for control of the seas, a backdoor attack on Navy computer networks might neutralize seemingly overwhelming physical and technological superiority.
Part of the Navy’s response to the risk is the Center for Cyber Security Studies recently set up at the Naval Academy. Starting this academic year, it’s directed by seasoned cybersecurity expert, Capt. Steven “Doc” Simon, the professor of the “Foundations of Cyber Security” class where Monroe’s website was attacked.
“Our objective is not to teach them to be hackers,” Simon said. “In Cyber 1, we want to teach them the dangers that are out there and how to cope with them.”
The required courses will ground every graduate in the basics of security, he said, and they also might help swell the ranks of midshipmen who choose it as a career path.
That’s key, because the Defense Department needs thousands of skilled operators to counter forces ranging from lone hackers sniffing around DOD networks to foreign intelligence services intent on stealing classified data. Experts warn the same vulnerabilities used for theft could be used to disrupt operations in a conflict or even launch destructive attacks against people and infrastructure.
The head of U.S. Cyber Command and the National Security Agency, Army Gen. Keith Alexander, in March painted a grim picture in congressional testimony.
“We are finding that we do not have the capacity to do everything we need to accomplish,” he said. “To put it bluntly, we are very thin, and a crisis would quickly stress our cyberforces.”
Cyber Command, which oversees DOD cyberoperations and network defense, did not supply a representative to talk to Stars and Stripes about current staffing levels. But Air Force Gen. Robert Kehler, the commander ultimately in charge of Cyber Command as head of U.S. Strategic Command, told reporters earlier this week that there remains a shortage of skilled cyberwarriors.
The other service academies are also working to fill the demand. Both the U.S. Military Academy and the U.S. Air Force Academy have had research centers up and running for years, and both require students to learn the basics of computer security.
Lt. Col. Robert Fanelli, a West Point professor who runs West Point’s cybersecurity academic track, told Stars and Stripes earlier this year that cadets learn cybersecurity essentials in a number of classes.
“It’s nearly mandatory now for the cadets,” he said. “If they don’t take my [cybersecurity] course they have to take some other courses in things like network management that teach the basic principles.”
Educators at the Air Force Academy, which has long had a cyber component in required computer science courses, say interest in the area is growing. More cadets are using the academy’s “cyber range,” an isolated computer network for testing simulated operations, and more are enrolling in courses and programs that teach state-of-the-art cyberwar tactics and techniques.
And in a telling development, said computer science professor Martin Carlisle, “We’re seeing a growing number of cadets listing cyber ahead of being pilots as their career choice.”
The service academies programs are sure to help fill in the gaps, but a major, ongoing effort will be needed before DOD has some sense of assurance its networks are not vulnerable to foreign powers or cyberterrorists, said Simon.
“What we’re doing here is one answer to the staffing problem,” he said. “It’s not the answer, because there’s no one answer. This is a solution set that’s going to be dealt with for a long, long time.”
By Chris Carroll
October 24, 2011