A new U.S. Naval Academy major in cybersecurity, and its new building, could become the base of our nation's defensive tactics in cyber warfare
By Barbara Pash
The preliminary drawing shows a gleaming modern building, all glass, chrome, and concrete, overlooking the Severn River on the U.S. Naval Academy campus in Annapolis. If approved, construction of the five-story building is scheduled to start in 2016 and finish in 2018, along with an accompanying parking garage.
But the building already has a price tag, $120 million, a name, Center for Cyber Security Studies (CCSS), and the promise of being an anchor in the military’s warfare against unknown and unseen enemies.
The proposed 206,000-square foot CCSS building is intended to “provide dedicated classrooms, laboratories, faculty offices, and secure project spaces for the new cyber curriculum” at the academy, states the academy’s environmental assessment released earlier this year.
This project and its long term implications confirm what the U.S. Department of Defense (DOD) recognized in 2011, when it declared cybersecurity an operational domain. That made it a “domain of warfare,” alongside the traditional land, sea, air, and space.
“We need to be able to fight in cyberspace as well as the traditional domains,” says Captain Paul Tortora, director of the CCSS. “The Naval Academy is positioning itself as the cyber-point person” for education and research.
Even before the CCSS’ building foundation is dug or the concrete poured, the Naval Academy is well on its way to that goal.
In 2013, the academy initiated an academic major in cyber operations, the first of the military academies to do so. The Class of 2016 will be the first to graduate with that major. Currently, 33 midshipmen in the 2016 class are majoring in cyber ops, a number that jumps to 60 midshipmen in the Class of 2017.
Cyber education is not new at the academy. But it was folded into other disciplines like computer science and electrical engineering. Cyber ops doesn’t merely ing together the pieces taught elsewhere. Instead, it is a total rethinking of how to approach the subject, and from a military perspective.
“All cyber ops majors should know why they are learning the subject and what is the application,” says Andrew Phillips, the Naval Academy’s academic dean. “Determining where the attack is coming from and whether you should respond, those are the hard questions. They’ll keep you up at night.”
The cyber ops major combines technical and policy aspects from a number of sources, among them the National Aeronautics and Space Administration and universities with top-notch computer science programs. The U.S. Fleet Cyber Command, operating out of Fort George Meade, was consulted as well.
The result, Phillips says, is a curriculum that is unique, and uniquely suited to its use. “We created something different from the other military academies. We wanted the human factor piece,” he says. “Our goal is to graduate officers who are involved in policy decisions.”
The academy is not limiting the cyber op classes to majors. All midshipmen are required to take two mandatory core courses per year, regardless of their majors. There are new cyber-related courses in other departments. Internships in the intelligence community are available.
“We are enhancing the pipeline of people educated in the cyber-area,” Phillips says.
Tortora echoes the sentiment. “We graduate 1,000 officers a year into the fleet and marine corps who are now cyber-educated. They have knowledge and awareness of how cyber operates and what to look for.”
The CCSS will house three academic majors besides cyber ops. But Phillips and Tortora envision it serving a wider audience than midshipmen. They talk of activities and conferences for naval and other military officers. Tortora has already discussed that possibility with the U.S. Army’s West Point.
“We’d like the Navy to be the focal point for cyber education. We have created a physical venue at the academy to educate people,” Phillips says. “They’re busy doing the (cyber) work at Fort Meade.”
Phillips is referring to the U.S. Fleet Cyber Command, which serves as the Navy component command to the U.S. Strategic Command and U.S. Cyber Command. The U.S. 10th Fleet is the operational arm of Fleet Cyber Command, operating through the Maritime Operations Center at Fort Meade, in Anne Arundel County.
The U.S. Navy is funding the CCSS. “The new center will be an integral part of developing future cyber warfare leaders for our Navy and Marine Corps team,” Captain John Gelinne, U.S. Fleet Cyber Command/U.S. Tenth Fleet Chief-of-Staff, says in a statement.
U.S. Navy Lt. Joseph Holstead, Fleet Cyber Command spokesperson, reiterates the point. “The backbone of this warfighting capability is a motivated workforce of uniformed and civilian teammates who are the foundation of our efforts in the cyber domain and across our mission sets,” he says.
Experts in cybersecurity agree on the Naval Academy’s vital educational role. “This is the first effort in education within the military,” Todd Moore says. “The academy is giving people the skill set to design a military cyber defense system.”
Moore is vice president of encryption product management for SafeNet, a leading data protection firm for commercial enterprises and government agencies headquartered in Belcamp, Md. Like the other experts, he foresees consequences of the academy’s initiative reaching far beyond the military sphere.
Moore identifies three types of cyber attackers: nation-states, criminal organizations, and individual hackers. Each type may be seeking different kinds of information, from industrial secrets to classified military information, from credit card numbers to financial records.
Last year, for example, a Virginia cybersecurity firm released a report that, over the past decade, traced 115 cyber attacks on companies critical to the American infrastructure— from gas lines to water plants—to the Chinese Army. The military is focused on nation-states, a scenario that requires people who are educated to recognize the threat, like the unloading of files, and move to protect the data. Whatever the military develops is likely to benefit commercial enterprises as well, says Moore.
Jeffrey Wells, executive director of the State of Maryland’s Office of Cyber Development, a state agency that encourages cyber companies and a cyber workforce, seconded the idea.
“The threat vectors in cyber are the same, whether they’re being used by a criminal gang or a country. The players may be different but you’re dealing with the same issue,” he says.
Federal government and defense spending appears to be focusing on cyber security. In 2012, federal contracts for cyber security amounted to $10 billion. In 2016, that figure is predicted to rise to $14 billion. And while some areas within the DOD saw budget cuts, funding for cyber increased, from $191 million in FY 2013 to $447 million in FY 2014. For FY 2014, too, the U.S. Department of Homeland Security budgeted $810 million to support and protect the federal computer systems, plus an additional $44 million for cybersecurity.
To Wells, the DOD’s designation of cyber as an operational domain translates to more personnel and resources, a major plus for Maryland’s economy.
“It means continued economic growth for those industries and subcontractors that support the DOD’s missions. It means continued workforce demand in education and staffing,” Wells says.
The Office of Military Affairs and Federal Affairs is the liaison between Maryland and the military installations in the state. Mike Hayes, program director and retired igadier general in the U.S. Marine Corps, says the Navy has been active in the cyber sphere via its US. Fleet Cyber Command.
Now, the navy is expanding beyond those parameters. The academy program serves as a foundation for young officers and an entry point into naval intelligence.
“It establishes within the navy, recognition of those who work in cybersecurity,” Hayes says. “It gives them a level of importance they didn’t have before.”
