Starnes Walker leads UD’sCybersecurity Initiative, which trains students to track cyber terrorists.
Cyberspace is the frontier of modern convenience, efficiency, speed—and peril. Experts concede that, with cyber attacks of increasing frequency and sophistication being inevitable, the challenge will be to contain them. Such attacks can cause devastating damage in a short period of time.
“An hour is infinity,” says StarnesWalker, who heads the University of Delaware’s Cybersecurity Initiative (CSI), an ambitious undertaking designed to train a new generation of leaders and technicians to track and counterpunch would-becyber terrorists.
Hackers—homegrown and international—have proven their ability to steal information from large corporations and the federal government. Those are targeted thefts whose impact may be deferred. Should they progress to disruptingelectricity transmission and banktransactions, the chaos would be widespread and immediate.
Such disruptions may be, analysts say, the principal tool of future warfare.“Cyber attacks could have the same kinetic effects as bombs using non-kinetic means without the collateral damage,” says CSI associate director Bill Stegemerten, who focused on cyber matters as a lieutenant-colonel with the U.S. Air Force and Delaware Air National Guard.
An alliance of the military, federalgovernment, private industry and colleges has formed to parry cyber offensives.UD has added both an undergraduateminor and a master’s program in cybersecurity, and it has joined forces with theU.S. Army research center at Aberdeen Proving Ground in Maryland.
Walker has been at the vanguard ofdigital technology and security research for several decades. He understands well the complexity of 21st century infrastructure and financial systems. During his 20 years at Phillips Petroleum, he computerized the company’s refining process, tested for cyber vulnerabilities, and launched a program that evaluated nuclear fusion as an energy source. His résumé includes high-level work at Homeland Security, U.S. Fleet Cyber Command and TheMITRE Corporation, a nonprofit that operates seven federally sponsoredresearch centers, including one dedicated to cybersecurity. “Energy security is national security,” Walker says.
The systems that operate the electrical grid and transmission pipelines for water and natural gas are interconnected, so an attack at one spot has the potential to go viral—what Starnes refers to as “cascadingfailure.” That prospect is what drives evolving national cybersecurity standards and the need for more trained personnel to implement them.
Enter the University of Delaware.A National Science Foundation grant formalized CSI in 2012, but UD and Delaware Technical Community College had already begun annual summer cyberchallenge camps two years earlier. This year’s camp, held at DelTech’s Dovercampus in July, featured classes, competition and high spirits. About 250 students participated.
“They get educated—and smart—about the field [of cybersecurity],” says Chase Cotton, a UD professor of electricaland computer engineering who runs the camp. He seems to enjoy it as much asthe campers do.The university’s ECE department offers most of the coursework for the minorand master’s, but CSI is an interdisciplinary enterprise.
“It is a mistake to call cybersecurity strictly a technology issue,” says Bruce Weber, dean of UD’s Alfred LernerCollege of Business and Economics. “It’sa business issue as well. Customer data may not show on the balance sheet,but they’re an asset.”
The master’s program, which began last month, emphasizes secure businesssystems. It includes courses such as Leadership and Organizational Behavior. In keeping with its Delaware profile, CSI placesspecial focus on the corporate sector.
“We want to position Delaware to be the cyber hub for corporate America,” says Walker. He cites the state’s centrallocation between New York and Washington and its stature as a home to large, publicly traded companies as advantages. The initiative’s prime goal, he says, is to educate the next generation, the existing workforce, and corporate executives and directors in a world where the greatest threat to business—and day-to-dayliving—may be unseen.
Elected officials and university leaders have shared that perspective for several years. Soon after becoming UD’s provost in 2013, Domenico Grasso met with then-president Patrick Harker to assess CSI. They agreed it was ripe for further development. “We had a clear confluence of thinking,” says Grasso. “If it was going to be successful, it could not be purely technical. It had to be holistic.”
Expansion on several fronts followed. ECE added related courses—two in each of the last three years—as well as new professors, reflecting a growing emphasison analyzing huge amounts of data. “How to detect anomalous behavior hasbecome critical,” says department chair Ken Barner. Any number ofvictimized companies, not to mention recently hacked federal agencies, would readily agree.
Meanwhile, the university deepened the connection it had established with the U.S. Army in Aberdeen in 2008. The collaboration now finds Aberdeen-basedemployees (typically contractors and civilian engineers) taking courses at UD, and UD adjunct professors teaching on site at Aberdeen, which is part oftheArmy’sextensive research and developmentefforts. Courses in electrical engineering, computer systems, and, increasingly, cybersecurity are in the mix, along withthose in other fields of engineering.
About two years ago, UD sought a content expert to lead its developing CSI. When word reached the McLean, Va., offices of MITRE, chief executive officer AlGrasso, brother of the UD provost, had a candidate in mind.
“I knew that Starnes [Walker, a MITRE employee at the time] understands the threats that organizations face,” says Grasso. “We like to get the right people inthe room at the right time. I made the connection [with UD], and they took it from there.”
Walker came aboard in April, then quickly formed a CSI advisory council of nationally recognized security pros. One of those is Maj. Gen. Tom Thomas, whohas served as assistant to the U.S. Cyber Commander and is a senior vice president at Bank of America. A glance at his background and the collectiveexperience of council members tells you that CSI is the place where military, business, and educational themes and goals intersect.
Bank of America has been helping UD develop a cyber curriculum that is timely and practical. “It’s a matter of tailoring academics to what businesses arelooking for,” Thomas says. “At Aberdeen, we’ve identified the type of people that CERDEC needs.” (CERDEC is the Army’s Communications-ElectronicResearch, Development and Engineering Center.)
UD will likely supply more of such people, plus workers and executives throughout private industry, in the coming years. “Skill sets are broadening,” saysWalker. “If you’re going into public administration or law, you need to understand cybersecurity.”
On campus, CSI’s next big step is to create a “cyber range” that will develop tools for identifying and fending off attacks. State aid of $3 million is funding thestartup, a partnership to include Delaware State University and DelTech. UD’s STAR campus (site of the formerChrysler assembly plant) is a possiblehome.The range will have a virtual capability,and test students under realistic conditions.
“It will be hands-on learning,” says ECE’s Cotton. “”We’ll have exercises that use all the things the students have been taught, and they’ll be running them ontheir own laptops.”
And there will be many more collegiate laptops running across the cyber landscape. UD is one of nine universitieschosen by MITRE for an academiccouncil towork with the company’s cybersecurity R&D center. The goal is to beat back the growing threat—a tall order,and an essential one.