In the January 2012 “Priorities for the 21st Century Defense” report, the Department of Defense listed cyberspace operations as one of the 10 primary missions for the armed forces. The growing threats posed by adversaries within the cyber domain have the DOD placing a renewed focus on advancing the nation’s ability to defend its networks and create resilient systems.
To help meet those objectives, a number of faculty at the Naval Postgraduate School have joined together to form an interdisciplinary Cyber Academic Group (CAG), dedicated to building the school’s cyber program curricula, and helping further collaboration in the field.
Leading the charge are Professor Cynthia Irvine, Chair of the CAG, and Distinguished Professor Dorothy Denning, Associate Chair. Born from the Cyber Systems and Operations Academic Committee, the CAG brings together expert faculty from across departments and disciplines to determine the best inter-disciplinary curriculum for the school’s new Master of Science Degree in Cyber Systems and Operations.
“Cyber is a domain of warfare that has become increasingly important to all of the services,” said Denning. “We need to excel in that domain.”
The group started with a blank slate, and based on feedback from the Deputy Chief of Naval Operations for Information Dominance, developed a list of courses – both existing and new – to help the program meet the Navy’s and DOD’s cyber needs. Irvine explained the CAG’s 15 faculty members bring with them a wide range of expertise, from defense analysis to computer science.
“The cyber ‘question mark’ didn’t fall directly into one department at NPS. That’s why we created the academic group,” explained Irvine. “The topic is too broad for any single department.”
Irvine noted that in addition to Computer Science and Electrical and Computer Engineering, which provide the technical foundations that support cyber operations, the Defense Analysis, Operations Research, Mathematics, and Information Sciences departments also have an integral role to play in the CAG.
“If you are planning a cyber activity that is going to involve using cyber tools and methods to accomplish a larger Navy mission, you need to understand all of the associated laws, rules, policy and strategy. Those are the types of things that people in the Defense Analysis department know and understand and appreciate,” explained Irvine. “So there is a strategic aspect to the use of cyber. In mission planning you need to ask, ‘Do I use a cyber bullet or do I use a conventional bullet?’ Do I use cyber as supporting the mission or do I use it as the way that the mission will be accomplished? Those in operations research might model such considerations. There are many ways to look at cyber.”
In addition to building a robust curriculum to help support the future DOD leaders in the cyber domain, the CAG is looking to help connect and update members of the cyber community on relevant issues.
“We’re reaching out across the spectrum. Ultimately the CAG is also going to support Navy executive education programs in cyber. We are also exploring the idea of an annual update course,” said Irvine. “This is a technology area where things are not standing still. The way we use cyberspace is changing, so new material must be incorporated on an ongoing basis. Ten years ago, we would have never thought that mobile devices would be so popular. You’d be surprised how much changed from 2000 to 2010.”
Another task being taken up by the CAG is the establishment of a Cyber Battle Laboratory on campus. The lab will be comprised of both classified and unclassified facilities, and will be essentially an “erector set for building cyber scenarios,” according to Irvine. The facility can be configured to be a physically isolated network to prevent activities from exercises and training from leaking out and compromising other networks.
NPS’ ability to conduct classified research and education is a critical component of the effort, with military cyber operations generally kept classified. Civilian institutions generally don’t have faculty and facilities for classified material.
“Right now in the commercial sector, there is a lot of activity in what we call information assurance, which is largely a defensive and often plays a cyber supporting role. For the military, conducting cyber operations may go beyond defense and may also require classified work,” explained Irvine. “You may target something that’s unclassified, but the techniques that are involved in certain cyber operations have to be kept closely held until used.
“It’s not like normal bullets where the physical vulnerability of people remains constant,” she added. “When the vulnerability is constant, it means that your ‘bullets’ can be used again even if the adversaries know about them. In contrast, once a ‘cyber bullet’ is out there, people can figure out what you did and create software and hardware patches to mitigate vulnerabilities. The ability to do this sort of work allows NPS to offer a unique program combining education and research.”