When the new Central Coast Cyber Forensic Lab (CCCFL) was unveiled at Camp San Luis Obispo March 1, new opportunities in cybersecurity were revealed to Cal Poly students.
The CCCFL is a part of the California Cyber Training Complex (CCTC) that will include the CCCFL, academic and field training facilities, cyber range and a cyber red team — a group of white-hat hackers who attack their employers’ cyber infrastructure as if they were an actual intruder.
Key stakeholders in the project include Cal Poly, the California Military Department, local and state law enforcement agencies, district attorneys and the California Office of Emergency Services.
The complex was funded by the California Attorney General’s office via a Privacy and Piracy Fund grant awarded to the San Luis Obispo County District Attorney’s office March 1, 2016. The funds, amounting to $68,358.71, in addition to $60,000 in matched funding provided by Cal Poly, were passed through the university so it could coordinate the purchase of materials.
As a Cal Poly driven endeavor and only less than a 10 minute drive separating the new lab and the university, the CCCFL will offer unparalleled access of cybersecurity tools to the university.
All local law enforcement agencies will have access to the lab, including the University Police Department (UPD). According to Bill Britton, Cal Poly’s interim chief information officer and visiting director of Cal Poly’s Cybersecurity Center, the CCCFL aligns with goals set by CyberCalifornia. This initiative to further the development of connections between cybersecurity and economic development in California aims to localize cybercrime fighting infrastructure, according to its website.
“If you look at it today, there’s five high tech crime regions, which is really where the basis is for cyber,” Britton said. “It’s San Diego, Los Angeles, Sacramento, San Francisco and San Jose. You go a half hour outside of those cities and the support to the local police departments drops off significantly. So the idea is: What about the rest of California? … We have the opportunity now to really take advantage of a lot of things we have — Cal Poly, National Guard and the other law enforcement agencies — to really combine to come up with a solution set.”
One of the primary reasons San Luis Obispo was chosen as the location for the lab is its proximity to the second largest fiber hub in the United States.
San Luis Obispo County has major fiber cable landing stations in the towns of Grover Beach, Morro Bay and San Luis Obispo, linking it directly to telecommunications networks in Asia, Oceania and Central America.
Britton cites this proximity as critical to the lab’s mission.
“It’s huge,” Britton said. “Most of the places have to share bandwidth or they have to put bandwidth in — fiber optic bandwidth — to go get it and have access to it … We don’t have to worry about access to it; we have complete access to it … What would normally be a very large expenditure for fiber optics and switches and computer pipes and all those other things to be put in, [are] already there pre-existing. So it’s a humongous savings.”
Cybersecurity opportunities for students
Cal Poly was identified as a thought leader in cybersecurity by CyberCalifornia. The opening of the CCCFL at Camp San Luis Obispo comes three years after the dedication of the Northrop Grumman Cyber Lab in Engineering IV (building 192) on Jan. 23, 2014.
Cal Poly’s Learn by Doing philosophy bleeds into how it approaches cyber. Britton references how the CCCFL sets Cal Poly apart from other universities and their cyber programs.
“A lot of universities and other schools, they have a Learn by Doing, but it’s a little different,” Britton said. “It’s a lab that they have … that’s on the university property. This is off-site. This is real world things that they’re interacting with … The technology used to dissect information, how it’s done and the real people doing it is the connection there.”
Students have been involved in the lab since the beginning. Ryan Jones, the IT operations manager of CCTC, said Cal Poly students were instrumental in constructing the lab.
“The biggest part about the student interaction is … being able to get access to new research, being able to participate in internships out there,” Jones said. “Without the students, we [wouldn’t have been] able to get the lab done in the time frame that we did.”
The lab currently employs three student-interns who aid in the instruction of first responders, military personnel and students. In addition to teaching, Jones speaks of future opportunities to put interns at CCTC to work on issues in cybersecurity.
“What we’re able to do with the student-intern side of things is going, ‘Okay, they’ve identified a problem set — a real world problem set — that we know we have students with the intellect and the skills to be able to solve some of those problems,’” Jones said.
One intern is computer science senior and U.S. Army Cadet Connie Ho who took on a position at CCTC after graduating a program designed for first responders.
“I serve as teacher assistant for multiple forensics training classes, which included the creation of forensic images and tools,” Ho said. “I also assist students with the practical exercises. I develop training materials for the CCTC website and maintain open source forensic tools. More recent work I have done is to support in the development and configuration of the Central Coast Cyber Forensics Lab at Camp SLO.”
She teaches officials from various agencies, including the Department of Corrections, U.S. Air Force and county and municipal police departments. Course participants learn how to use the tools Quick Hash GUI and FTK Imager.
Quick Hash GUI is a program that rapidly hashes files and passwords. Hashes are strings of letters and numbers that are generated by an algorithm to encode data. Hashing, combined with salting — inserting random and unique data into a hash — is a cryptographic technique used to keep data secured. In forensics, it can be used to ensure data integrity.
FTK Imager takes a forensic image of a hard drive — essentially cloning the original data — and verifies that it is exactly the same as the data on the original drive by comparing the hash values of the copied data and original. This allows officials to review data evidence without modifying or destroying the original data.
As a Cal Poly ROTC cadet intending to compete for a commission as a second lieutenant in the U.S. Army Signal Corps, Ho cites her internship at CCTC as critical in her professional development.
“I have learnt a lot from this jobs in terms of digital forensics, computer security, and [teamwork],” Ho said. “One can never finish a mission by him/herself in the army.”
This sentiment was echoed by Cal Poly’s Professor of Military Science and former U.S. Army Cyber Command member Lt. Col. Joshua Gillen.
“[The Signal Corps is] only one branch out of 17 in the Army,” Gillen said. “But I do think that anything a cadet can do in their undergraduate degree that exposes to operations in that domain will improve their understanding and capabilities once they become a commissioned officer.”
Despite the fact that not every cadet will pursue the Signal Corps or cybersecurity, Gillen acknowledged that even soldiers who do not specialize in cyber have to have a fundamental understanding of cyber operations and cybersecurity.
“Nonsignal or noncyber officers and soldiers need to understand operations in cyberspace,” Gillen said. “It is warfighting domain from our perspective. An infantry brigade commander needs to understand cyber operations. He doesn’t need to be an expert. He doesn’t need to be a technical guy … but he needs to understand the capabilities that cyber operations bring …”
Though there have not been any detailed conversations about whether Cal Poly’s ROTC program is involved at the CCTC, Bill Britton alludes to future cooperation.
“We’re hoping to push that agenda,” Britton said. “The TAG, Adjutant General for the California Military Department, clearly articulated that the California Cyber Protection Team will be stood up at Camp SLO and be part of the instruction staff. That gives us a right to get ROTC, not just here but other programs, to use this as a summer camp.”
In addition to current internships and potential ROTC participation, the CCCFL will serve as the host of the California Cyber Innovation Challenge (CCIC) in June involving the White Hat Club. Britton compares it to CyberPatriot — a competition created for high school and middle school students by the Air Force Association that involves teams finding flaws in operating systems while keeping them functioning.
“It’s a cyber capture the flag game played out through across the state of California,” Britton said. “So we’ll have students from the White Hat Club, from different other clubs, different other organizations supporting that opportunity.”
An interdisciplinary approach
When Cal Poly President Jeffrey Armstrong spoke at the dedication of the Northrop Grumman Cyber Lab in 2014, he framed cybersecurity as an inherently interdisciplinary issue encompassing fields of study beyond computer science and engineering.
“In a world where the problems are becoming more and more complex, solutions rarely come from one approach,” Armstrong said. “A comprehensive polytechnic education challenges students to search for answers outside of their own areas of study. Cybersecurity is a great example of this. The challenge of protecting our information systems from critical threats isn’t just an issue for 0s and 1s. It’s ethics, it’s psychology, it’s business, it’s math, it’s public policy.”
This new strategic outlook on cyber issues and STEM in general has been reflected by a shift in the College of Liberal Arts (CLA) to a more interdisciplinary and science, technology, engineering and math (STEM) oriented curriculum.
One of these avenues is the Center for Expressive Technologies (CET). CET director Brian Beaton describes the center as a clearinghouse for connecting students and faculty looking to conduct research with resources in science and technology. Further, in recent years CLA has created four interdisciplinary minors under its science, technology and society (STS) program.
Beaton, who is also an associate professor in the college and teaches courses related to STS, describes CET and the STS programs as exciting developments for CLA and a field of study that is only now beginning to become engaged in STEM.
“I would argue that CLA, prior to the development of CET and STS, was not as directly engaged with digital culture as it might want to be,” Beaton said.
As much as the CCTC and CCCFL will provide opportunities to students in computer science and computer engineering, Beaton said that liberal arts students and faculty will be given the opportunity to conduct research and carry out projects at the center as well.
“The idea is to create a kind of cross traffic between the [CCTC] and campus,” Beaton said. “One of the main ways that the CET’s gonna benefit and work with the new CCTC is to help develop new kinds of interactive simulations and immersive environments for both law enforcement and military personnel. And so that involves interactive design, issues of user experience, HCI [human-computer interaction], issues of immersive environment design. The idea is that students would be actively involved in all of those projects.”
Beaton said the CCTC will provide a slew of resources to faculty and students, providing access to police and military personnel engaged in cybersecurity and the real life problems they are posed with. This contributes not only to the humanities and cybersecurity, but to the public’s understanding of both.
Beaton mentioned the lack of case studies regarding “street level problems” specific to cybersecurity in California. One of the interdisciplinary projects being conducted is the case study library.
The program pairs an engineering student and a non-engineering student together to write an article on a cybersecurity issue. Britton described the multidisciplinary project as an effort to increase the accessibility of information on cybersecurity issues to the layman.
“Most things that you read in cyber are pretty jargonesque and heavy reading and you got to be a computer science major to understand it,” Britton said. “What we’re trying to do with the case study is have the technical person relay it into non-technical speak to understand what the incident really means to that university element.”
The interdisciplinary approach to cybersecurity is an agenda being pushed heavily by both CLA and the Cal Poly’s cybersecurity community. Beaton defends this point, citing interdisciplinary perspectives as critical in the understanding of cybersecurity and STEM in general.
“You can’t just say that cybersecurity is something that touches all of us, but then not have a way to actually season and socialize people to the technologies and to the problems and challenges in that domain, and CET and STS are doing that work for a whole bunch of fields,” Beaton said.
This position on different perspectives and approaches in cybersecurity was reinforced by Jones who cited the multifaceted dimensions of the field.
“Even to be a forensics officer, it’s not about hardware and the geek speak, if you will,” Jones said. “It’s about somebody being able to connect the dots. That’s not necessarily a computer engineering mindset. That’s a multidisciplinary mindset.”
Triage in the cybersecurity industry
According to a Gallup poll, Americans worry about identify theft and having their personal electronics hacked more often than being burglarized, mugged, carjacked or murdered. Based on data reported by the Identity Theft Resource Center, the number of data breaches in the United States has increased by almost 600 percent from 157 million in 2005 to 1.1 billion in 2016.
Despite the rapid growth of cyber threats, the industry remains undermanned. According to Britton, there are currently 500,000 unfilled cybersecurity and data science jobs in the United States alone. Due to the infancy of the fields, there are few experienced individuals who can fill these slots. Many are self-taught. According to Beaton, this is a significant problem.
“That conversation is like triage,” Beaton said. “It’s like just to catch up to even hope that we’re addressing the number of challenges that exist on a daily basis.”
The combined threat levels and need for qualified employees in cybersecurity means lucrative opportunities for students who invest themselves in the field. Beaton believes that CLA graduates will play a significant role in the future of cybersecurity.
“I would argue that right now the distribution that you see where we think cyber as mostly [computer engineering] or [computer science] folks and then maybe some liberal arts folks sprinkled in. I actually think that just numbers-wise it’s going to flip,” Beaton said. “I think what you’re going to see is cybersecurity come to be populated primarily by graduates from the liberal arts and from interdisciplinary programs like STS.”
With STS and cybersecurity programs and proximity to the CCTC at Camp SLO, Cal Poly may be at the forefront of this interdisciplinary shift, according to Beaton.
“The reason [the cybersecurity industry] is not fully populated right now by people who are experts in human behavior, psychology, specific nation-states or regions, communications, is it’s places like Cal Poly that are going to fill that void,” Beaton said. “We’re just now at the moment where we’re actually trying to advance the conversation.”
Thus, the new CCCFL will not only bring significant opportunities in the research and practical application of cybersecurity to Cal Poly students and faculty, but make Cal Poly an attractive institution for future prospects.
“It’s not just about faculty and students that already are here,” Beaton said. “It’s about recruiting new kinds of faculty and new kinds of students who are going to drawn to the fact that we have this major STEM research park that happens to focus on cybersecurity.”