image title
August 23, 2017

Questions include what is critical infrastructure, who should defend what, and how to best train workforce to fight it

Cybersecurity is a slippery thing, hard to define, train for and fight against.

And it may be the biggest threat of the 21st century.

Is a cyberattack on a movie studio an attack on the United States? What is the Department of Defense responsible for in cyberspace? How do you train a sorely needed workforce when the diploma they earned a month ago is already outdated? How do you deal with a threat that outpaces legislation? What should people in government know?

Six members of Congress, one senator and representatives from academia, business and the military gathered at the first Arizona State University Congressional Conference on Cybersecurity on Wednesday to frame questions and paths forward.

“An unbelievable economic and military threat,” ASU President Michael Crow called cyberthreats. “I don’t think any of us, including those in this room, understand how important it is.”

Invisible, with minimal resources and maximum speed, cyberattacks are a “bloodless way to disrupt democracy,” Crow said. Because the internet was designed with none of this in mind, cyberattacks are “not easily solvable.”

The entire information domain has become a battle space. Hackers have attacked everything from NASA to businesses to a dam north of New York City.

Cyberattacks are a blend of conventional and unconventional power projection, said U.S. Sen. John McCain (R-AZ), chairman of the U.S. Senate Committee on Armed Services.

There is no plan from the White House on cybersecurity, McCain said.

“I can assure you our enemies are not the junior varsity,” he said. “If they’re able to change the results of a presidential election, then they’re able to change democracy. ... We must make sure our adversaries pay a price for these attacks.”

The current system is overgrown with bureaucracy and poorly defined authority, McCain said. Compounding the problem is a lack of personnel and trained workforce.

“There is no widespread definition of what people in government need to know,” said retired Lt. Gen. Robert Schmidle, former deputy director of U.S. Cyber Command. “The biggest vulnerability in any network is us.”

Schmidle described a Marine field exercise in the desert using a wireless internet network. He had cyber experts hack it. The biggest problem with it wasn’t being shut down; it was sowing doubt about enemy and friendly positions. Officers simply didn’t know where red forces were.

ASU Cybersecurity Congressional Conference
Panelists discussing what is cybersecurity listen to retired Lt. Gen. Robert Schmidle at the first annual ASU Congressional Cybersecurity Conference on ASU's Polytechnic campus Wednesday. Panelists incuded (from right) Matt Salmon, vice president of ASU's Office of Government and Community; Nadya Bliss, director of ASU's Global Security Initiative; Jamie Winterton, director of strategy for the Global Security Initiative; and Jai Galliott of the University of New South Wales in Australia. Photo by Charlie Leight/ASU Now

Every major weapons system has to undergo a cyber resiliency assessment for the Department of Defense, said retired Brig. Gen. Linda Medler, cyber director at Raytheon Missile Systems and former director of Capability and Resource Integration at U.S. Cyber Command.

She described cybersecurity as the nexus of information systems and hardware. None of the panelists could agree on a definition of the term. The word “attack” suffers from the same handicap.

“Is an attack on Sony an attack on the country?” Medler asked. “In my mind the Department of Defense has a responsibility to protect the nation in air, land, sea and space. That should extend to cyberspace.”

Should corporations have offensive capabilities? “I don’t know,” Medler said. (McCain said yes, they should.)

Policy and technology are speaking different languages, and they need to come together. There is a lack of communication between parties that need to communicate most.

“In order to make good policy, you have to understand the technology,” Schmidle said. “It’s not enough to rely on the one article you read in Wired magazine on the plane.”

Schmidle described meetings at the Pentagon where no one understood the geek speak in one meeting nor the policy wonks participating in the discussion from 64,000 feet, “with no idea how their return key works,” he said.

Intelligence and the military have different authorizations.

“I would suggest the line go away altogether,” Schmidle said.

Congress should update what is considered critical infrastructure, and then who should defend what should be delineated.

“I would suggest Sony is not going to make the list,” Schmidle said.

ASU Cybersecurity Congressional Conference
Retired Brig. Gen. Linda Medler speaks as one of the panelists on "Scoping the Problem — What is 'Cybersecurity?" at the ASU Congressional Cybersecurity Conference. Photo by Charlie Leight/ASU Now

Holding a hairdresser’s data for ransom is different than monkeying with a nuclear power plant.

“What is an attack?” asked Jamie Winterton, director of strategy for ASU's Global Security Initiative. “Understanding a little bit more of what we’re talking about would help.”

There are currently more than 200,000 vacant cybersecurity jobs, with an estimate of up to 1 million vacancies in the field by 2020.

“Skills are having a hard time keeping up with our requirements,” said Maj. Gen. John Baker of Network Command at Fort Huachuca. Baker commands 15,000 people around the globe working in cyberdefense.

“I’m not looking for the person who is just better,” he said. “I’m looking for the person who is a hundred times better.”

There is a dire need to build skills in the current and emerging workforce.

“When we teach our students, we teach them not only the white-hat"White hat" refers to a person who hacks into a computer network in order to test or evaluate its security systems. "Black hat" refers to a person who hacks into a network with malicious or criminal intent. perspective, but the black-hat perspective,” said Raghu Santanam, a professor of information systems at ASU’s W. P. Carey School of Business and a cybersecurity expert. “That’s where you learn the real warfighting skills.”

“You cannot practice defense unless you have a good understanding of offense,” said Adam Doupe, assistant professor in the School of Computing, Informatics and Decision Systems Engineering at ASU.

Business has discovered some ways of speeding up the pipeline of qualified cyberwarriors.

Brian Johnson, senior director of global security at PayPal, outlined a few ways his company is building a talent pipeline. Paypal retools and reskills its existing workforce, uses academic partnerships and teaches K-12 kids basic coding and cybersecurity fundamentals.

The company also job-trains underprivileged young people.

“Out of these we get a great group of candidates,” Johnson said. “That’s a good pipeline.”

 

Top photo: U.S. Sen. John McCain, chairman of the U.S. Senate Committee on Armed Services, talks about the universal threat of computer hacks and attacks at the first Arizona State University Congressional Conference on Cybersecurity on Wednesday at ASU's Polytechnic campus. Photo by Charlie Leight/ASU Now

Scott Seckel

Reporter , ASU Now

480-727-4502

 
image title
August 24, 2017

Arizona team one of 17 to compete at hyperloop event after powering through challenging final weeks

The future of transportation left Phoenix in the back of a truck last week.

After two years of work, thousands of man-hours, almost $1 million, hundreds of pages of documentation and one baby, Arizona’s multicollegiate effort to build a hyperloop pod left for competition in California.  

“Fastest pod to the end without crashing wins,” team co-lead Josh Kosar said.

The hyperloop is a high-speed mode of transportation envisioned by entrepreneur and SpaceX founder Elon Musk. If it comes to fruition, the result will be a pod traveling through a vacuum tube, without friction, at speeds up to 700 mph. A trip from Los Angeles to San Francisco would take 35 minutes to travel the 350-mile distance.

The Arizona team, made up of students from Arizona State University and its Thunderbird School of Global Management, Embry-Riddle Aeronautical University and Northern Arizona University, built and tested the pod at ASU’s Polytechnic campus.

AZLoop is one of 17 teams selected from a field of more than 1,000. The team is seeded second. Competition is slated for Sunday at SpaceX headquarters in Hawthorne, California.

“We’re fairly certain we’ll be running,” Kosar said.

Video by Ken Fagan/ASU Now

Not every generation gets to work on a completely new mode of transportation.

“It’s kind of unique,” Kosar said. “We’re having a lot of fun with it.”

As the time to competition neared, work and testing on the pod literally continued around the clock. Team members didn’t go home other than to shower. Students slept on couches and under tables as work continued around them.

The final assembly phase “is actually really difficult,” team co-lead Lynne Nethken said. “You plan and you have this idea in your head of how it’s going to go, and then you put bolt to wrench and for whatever reason it just doesn’t quite fit like it’s supposed to. Those are all the little things we’re working through right now.”

It has taken two years of work, including eight months with the full team of 120. All team members were required to work at least 10 hours per week. The core group put in about 30 hours each week; Kosar has worked on the pod for about 70 hours a week since October. (He also welcomed a baby boy into the world, factoring into the gray bags under his eyes.)

Co-lead Nethken has also been putting in 70 hours per week. “Just between the two of us, you’re up to thousands of hours,” Kosar said.

No one got away with resume stuffing. Kosar fired 160 students over the course of the project.

“It was hard at first,” he said. “It gets easier and easier.”

The pod, a sleek black bullet packed with electronics, batteries, magnets and wiring, cost just under $1 million to build. Funding came from in-kind donations, faculty members and the ASU Foundation. The Polytechnic School and the Ira A. Fulton Schools of Engineering heavily supported the project, Kosar said.

“These are the final weeks,” Nethken said. “No matter what we do or how hard we plan, there’s something called Murphy’s Law. In fact, the last week I always refer to as Murphy’s Law Week. Something will go wrong. It will throw off the plans. But that’s the importance of having this wonderful team we have. It doesn’t matter what it is. We’re going to figure it out, we’re going to tackle it, and we’re going to be ready to go when we ship out for final competition.”

They did the engineering and analysis, then moved into a production team. “We have to make this into one final unit, so our team needs to be one final unit,” Nethken said.

Documentation for the final design package ran at about 400 pages. Safety procedures were incorporated into a separate 150-page document submitted to SpaceX. The magnets used for levitation are so powerful they can crush fingers and break bones.

“We’ve had to outline all of those details so we make sure we’re doing so in a proper fashion that’s safe and efficient,” Nethken said.

Ernest Poteat is production manager. His job is to think 10 steps ahead and identify problems before they appear.

“It’s basically me running around like a chicken with its head cut off, trying to solve problems that aren’t there yet,” he said.

“As with any large group of people working on one project, there’s always the slight shortfalls or the little things here and there that nobody thought about or thought to think about, and we’re meeting those challenges and for the most part we’re exceeding them,” Poteat said. “We’re trying not to let that stuff stand in our way. As an overall assessment of the team, this is one of the finest teams I’ve ever worked with. I see us doing great things.”

“Every piece of this is because we made it happen,” Kosar said. “It’s definitely a team effort.”

Poteat said a lot of people are going to be surprised at the end of the day at what ASU is capable of.

“It’s a direct relationship between the people who are supporting us from the top, and the leadership that they’ve instilled here at this level,” he said. “It’s exciting. I’m interested to see where it’s going to go.”

 

Top photo: Members of the AZLoop team pose with the competition pod at the group’s 150-foot test track on ASU's Polytechnic campus in the pre-dawn hours of Friday, Aug. 18. Photo by Ken Fagan/ASU Now

Scott Seckel

Reporter , ASU Now

480-727-4502