The Naval Academy is changing its core curriculum to include two courses on cyber security. These are the first major changes to the curriculum in ten years:
The first course will be required next spring for freshmen, or plebes, in the Class of 2015, Academic Dean Andrew Phillips told the school’s civilian oversight board during its meeting in Annapolis.
The second required course will start during the Class of 2015′s junior year.
The plebe course will focus on recognizing cyber risks and threats, Phillips said.
The mandatory junior course will be more technical, and emphasize computer network defenses.
Phillips said the classes will teach cyber defense, and some existing computer classes already teach midshipmen specializing in computer warfare how to launch an attack.
“The goal is for midshipmen to come away from the (new) course with an understanding of how cyber flaws are exploited,” Phillips said.
Cybersecurity and cyber warfare have become major concerns for the military and federal policy makers.
This is certainly a growing and important field of study, and I wouldn’t be opposed to a computer science degree that emphasized cyber security. I do question the logic of making these courses obligatory for all students.
Today, DoD military, civil servants and contractors are required to take annual information assurance computer-based training to avoid social networking schemes such as phishing, allow them to identify insider threats (always the most dangerous) and ensure against the compromise of our networks through benign neglect. It’s painful, but pretty effective at stopping the most obvious holes. But even two semester-long courses in cyber warfare will be at best an introductory level discussion – the real work of cyber is done by mathematical and computer science PhDs and wild-haired autodidacts.
Anyone with the wits, desire and resources can become a cyber warrior. For those lacking any of the three – probably the majority of midshipmen when it comes to “desire” – these courses will probably be a waste of time.
Cyber Warfare can be as much about how people interact over the networks as it is about how the ones and zeros make their way about the wires, i.e., it is a science of the squishy brain matter along with silicon. Think of these courses as teaching how to operate in a new kind of terrain, the networked world, analogous to operating on the sea, air, or land.
If the middies are like my enlightened tech-savvy customers I’m betting that will 95% go thru all 4 years – including the cyber-course – and never change their password for email, facebook, linked in, itunes, and any other crap that mandates their time.
Eh, the second course may be a waste of time but the first sounds basic enough to be useful for anyone. The people inside of a network are often one of its most vulnerable spots. One or two mistakes on their part and the whole thing blows wide open. Raising awareness about what constitutes a “mistake” is definitely worthwhile, even if it’s not everyone’s favorite class.
There is an opportunity cost to adding this to the core. Yes it is “nice to have”. But in my opinion the real question, reflecting values and priorities of the institution, is what is being dropped from the core to make room for this?
What knowledge should be common to all Naval Officers?
What issues are enduring issues?
Everything else should be elective.
I’m sure the same thing was said when CS100/101 was introduced. Based on the makeup of the fleet now, I’m thinking all those classes I took about 1200psi (and 600 psi) steam plants could be condensed a little. I also am led to believe that celestial now is not nearly what it was when I took it. So there you go. Room made in plebe year and 2nd class year. Or perhaps add it to PROTRAMID instead of, say, public speaking.
Hey, every submarine and carrier runs on a 600# steam plant. It’s what gets you off the boat (and yet you keep coming back, one would think you’d take the hint).
I view these classes similarly to the non-EEOW training watches officers stand at Prototype. It’s not so much about learning to do the job, it’s so that they have a basis for understanding those who do.
You guys should read the USNI blog more…they’re giving up Naval History. They’ll teach it in the fourth year now, instead of first. That way they can tell the mids, “Oh, by the way, this is your history…”
That’s pretty scary . . . I might be missing the big picture but I’m more worried about history becoming taught less and less to the population as a whole than cyber threats needing to be taught to, as our host says, all that much wider an audience than Science PhD’s and wild haired auto-didacts.
It would be nice if everyone were a certified paramedic too you know, but between teaching history in our schools or first aid, I’d go with history. Likewise history over cyberwar in our military academies, except as courses unique to a major field.
The takeaway from both courses will probably end up being “don’t stick a flash drive in your nipr or sipr machine(s).”
Can a guy with 40 years in the IT/data processing world (goes back to paper tape and card punch)chip in with a thought, Lex? In my experience, one of the major obstacles to cyber security is the leader who has no real concept of how it works. All you need is one Abominable No-Man and security goes to the back of the list. Until you get hacked; then guess who’s on your case asking why we didn’t implement with maximum effort.
If you don’t have at least a basic knowledge of the threat everything spent on security looks like waste.
Stupid example: had an executive who exempted himself from mandatory password changes because “my password is completely unguessable – nobody could crack it.” His password? “Password”.
“Stuxnet is the Hiroshima of cyber-war …. We have crossed a threshold, and there is no turning back.”
“America’s own critical infrastructure is a sitting target for attacks like this. …. Because cyber-weapons pose an almost unsolvable problem of sourcing—who pulled the trigger?—war could evolve into something more and more like terror. Cyber-conflict makes military action more like a never-ending game of uncle, where the fingers of weaker nations are perpetually bent back.
The wars would often be secret, waged by members of anonymous, elite brain trusts, none of whom would ever have to look an enemy in the eye. For people whose lives are connected to the targets, the results could be as catastrophic as a bombing raid, but would be even more disorienting. People would suffer, but would never be certain whom to blame.”
Vanity Fair
Good Get, Flit. Vanity Fair is on my inst-scan, but hadn’t got around to it yet. But of course, all of this is pretty much intuitively obvious to anyone with even a nodding acquaintance with computers, IT and the state-of-play of this nation’s commercial/civic IT structure/practices.
For DOD and similar nets, serious security is a must. Where it isn’t it can become a nightmare when the person in charge insists on it anyway.
Our IT chief is former DOD and she has lost control of the network because of competing interests. Part of the net covers finance and they have their server accessible on the net. Engineering is also on there, and often we can’t even get to our file server because IT can’t keep up with all the ins and outs they’ve placed on the net. Right now, to get much done I’ve had to copy all my project files to a local drive and disconnect the network from my system. I connect long enough to check my email a couple times a day, and leave it at that.
The lesson here is, if you need absolute security, get your network and keep it small as possible. The state of NC did not have 10% of the problem we have where I work now. But their IT people aren’t DOD trained either.
You know that’s an interesting catch indeed Flit.
For some odd reason this whole thing reminds me of “The Forbidden Planet” (which Crichton re-packaged into my favorite book of his, “Sphere”) wherein if man’s subconscious (or even our fleeting impulses that we consciously reject) could be made reality the sum of all our hidden desires and ambitions would soon add up to utter destruction and desolation.
Take away any traceability to an attacker who can do serious damage to a civil society and while the actions will be conscious I think the results could very well be similiar. Someone in Russia, or China or Pakistan doesn’t like the concept of the West? Well, let’s collapse the NYSE and as many power grids as possible in the US. Complete secrecy means security, means anonymity, means the removal of inhibition, and when mankind’s mind and soul are stripped naked in that way it’s usually not a pretty sight.
Flit, the problem is, cyber IS the ultimate force multiplier — and field leveler. In a world of non-state adversaries, five guys in a dingy hovel in Pakistan, can create debilitating attacks. It wasn’t Stuxnet that gave them that ability, or that idea — they are already working on it.
Just changed jobs and am now working right in the middle of this, with one of the service components. It is eye watering to see just how pervasive the threat is. The head of NSA said at a conference I attended that there are seven billion devices on the internet — five of them are not computers. What happens when an adversary figures out a way to intrude onto one of the ATM networks, such as Plus, and either freeze it, or worse yet, just show zero balances? Or an attack on our industrial control networks? The problem now isn’t IF you will have intruders on your net — it is how you will contain the intrusion, control the exfiltration of data, and prevent any introduction of destructive code.
[I write the following somewhat facetiously. But my real fear is that there might be a kernel of truth in it. Let us hope not!]
Perhaps we should keep sextant training, and other basic skills like sword and saber training as part of the USNA curriculum.
When the non-sovereign terrorist gomers figure out how to zap our GPS satellites, when they develop an EMP weapon, when they finally learn how to totally crash our binary dependent world for most everything we depend upon, and when they finally spread weaponized plague and poison gas…. we will need the talents and skills taught at the Academy 100 years ago, because we will suddenly become a third world country, despite all our almighty military might.
Maybe not tomorrow, but a possibility in one’s lifetime… fortunately, not mine.
My understanding is the Navy is not teaching Celestial Navigation anymore. That’s quite foolish. You then have a possible single point failure if GPS goes out and no one knows how to use a sextant and reduce a star shot.
Seamanship can not be bought over a counter.
Cap’n Aubrey is turning over in his grave!
So’s Lord Nelson and Chet Nimitz.
Condensed steam training?
Seriously ProwlerGuy, you really should come back to take a bow and a token rimshot from the band.
I read a description of how a Nuke powered ship is driven in a news article in the last couple of weeks. The author said the tea kettle produced “saturated steam” which then drove the turbine. When I suffered through Thermodynamics we saw that saturated steam is what was left after you drove the turbine.
Condensed steam though?
No, they’re 600# saturated systems, it’s hard to rig a superheater into a coolant loop. You are correct that turbine exhaust is also saturated, but at a much lower temperature, pressure, and quality (the percentage of vapor vice liquid water).
The IT security manager’s handbook is the same as the division officer’s handbook. Lesson 1: The answer to any question is, “No.”
Lesson 2: See Lesson 1.
There cannot be too much wrong with making young officer candidates aware of potential security threats in everyday military ops, be they the girls in liberty ports or high tech infiltration of their Blackberries.
Likewise, navigation by “old school” compass, map, chrono and sextant may be a redundant art, but when the batteries go flat, he who can do it will be the most important man aboard.
Even sword or saber training has its use in the modern world. Aggression, fitness, confidence and willingness to overcome an opponent.
Perhaps these qualities may be considered old fashioned and outdated in the modern naval officer, but generations of training in Western countries suggest otherwise.
We still have weapons in the inventory that can have a bayonet mounted to it…which is really crazy when you consider that this makes a weapon just like one of the oldest: the spear.
“If we don’t look at it, it will go away”. (To use a recently penned quote of yours.
)
The Internet is the fastest growing stomping ground for crime and terror.
That is not going to change.
We need to learn to fight on its field, frankly. Even if it’s not where you focus primarily, people (not just in the military) need to start learning to swim in the waters of it and be aware of the pitfalls, how to combat and prevent the things that can happen online, even if they don’t have a compelling yearning to.
I just can’t put these courses into the waste of time category. As a civilian it personally makes me feel a lot better/safer to know it has been added to the curriculum.