Photograph by Kirk Smith
Starnes Walker leads UD’s Cybersecurity Initiative, which trains students to track cyber terrorists.
Cyberspace is the frontier of modern convenience, efficiency, speed—and peril. Experts concede that, with cyber attacks of increasing frequency and sophistication being inevitable, the challenge will be to contain them. Such attacks can cause devastating damage in a short period of time.
“An hour is infinity,” says Starnes Walker, who heads the University of Delaware’s Cybersecurity Initiative (CSI), an ambitious undertaking designed to train a new generation of leaders and technicians to track and counterpunch would-be cyber terrorists.
Hackers—homegrown and international—have proven their ability to steal information from large corporations and the federal government. Those are targeted thefts whose impact may be deferred. Should they progress to disrupting electricity transmission and bank transactions, the chaos would be widespread and immediate.
Such disruptions may be, analysts say, the principal tool of future warfare. “Cyber attacks could have the same kinetic effects as bombs using non-kinetic means without the collateral damage,” says CSI associate director Bill Stegemerten, who focused on cyber matters as a lieutenant-colonel with the U.S. Air Force and Delaware Air National Guard.
An alliance of the military, federal government, private industry and colleges has formed to parry cyber offensives. UD has added both an undergraduate minor and a master’s program in cybersecurity, and it has joined forces with the U.S. Army research center at Aberdeen Proving Ground in Maryland.
Walker has been at the vanguard of digital technology and security research for several decades. He understands well the complexity of 21st century infrastructure and financial systems. During his 20 years at Phillips Petroleum, he computerized the company’s refining process, tested for cyber vulnerabilities, and launched a program that evaluated nuclear fusion as an energy source. His résumé includes high-level work at Homeland Security, U.S. Fleet Cyber Command and The MITRE Corporation, a nonprofit that operates seven federally sponsored research centers, including one dedicated to cybersecurity. “Energy security is national security,” Walker says.
The systems that operate the electrical grid and transmission pipelines for water and natural gas are interconnected, so an attack at one spot has the potential to go viral—what Starnes refers to as “cascading failure.” That prospect is what drives evolving national cybersecurity standards and the need for more trained personnel to implement them.
Enter the University of Delaware. A National Science Foundation grant formalized CSI in 2012, but UD and Delaware Technical Community College had already begun annual summer cyber challenge camps two years earlier. This year’s camp, held at DelTech’s Dover campus in July, featured classes, competition and high spirits. About 250 students participated.
“They get educated—and smart—about the field [of cybersecurity],” says Chase Cotton, a UD professor of electrical and computer engineering who runs the camp. He seems to enjoy it as much as the campers do. The university’s ECE department offers most of the coursework for the minor and master’s, but CSI is an interdisciplinary enterprise.
“It is a mistake to call cybersecurity strictly a technology issue,” says Bruce Weber, dean of UD’s Alfred Lerner College of Business and Economics. “It’s a business issue as well. Customer data may not show on the balance sheet, but they’re an asset.”
The master’s program, which began last month, emphasizes secure business systems. It includes courses such as Leadership and Organizational Behavior. In keeping with its Delaware profile, CSI places special focus on the corporate sector.
“We want to position Delaware to be the cyber hub for corporate America,” says Walker. He cites the state’s central location between New York and Washington and its stature as a home to large, publicly traded companies as advantages. The initiative’s prime goal, he says, is to educate the next generation, the existing workforce, and corporate executives and directors in a world where the greatest threat to business—and day-to-day living—may be unseen.
Elected officials and university leaders have shared that perspective for several years. Soon after becoming UD’s provost in 2013, Domenico Grasso met with then-president Patrick Harker to assess CSI. They agreed it was ripe for further development. “We had a clear confluence of thinking,” says Grasso. “If it was going to be successful, it could not be purely technical. It had to be holistic.”
Expansion on several fronts followed. ECE added related courses—two in each of the last three years—as well as new professors, reflecting a growing emphasis on analyzing huge amounts of data. “How to detect anomalous behavior has become critical,” says department chair Ken Barner. Any number of victimized companies, not to mention recently hacked federal agencies, would readily agree.
Meanwhile, the university deepened the connection it had established with the U.S. Army in Aberdeen in 2008. The collaboration now finds Aberdeen-based employees (typically contractors and civilian engineers) taking courses at UD, and UD adjunct professors teaching on site at Aberdeen, which is part of the Army’s extensive research and development efforts. Courses in electrical engineering, computer systems, and, increasingly, cybersecurity are in the mix, along with those in other fields of engineering.
About two years ago, UD sought a content expert to lead its developing CSI. When word reached the McLean, Va., offices of MITRE, chief executive officer Al Grasso, brother of the UD provost, had a candidate in mind.
“I knew that Starnes [Walker, a MITRE employee at the time] understands the threats that organizations face,” says Grasso. “We like to get the right people in the room at the right time. I made the connection [with UD], and they took it from there.”
Walker came aboard in April, then quickly formed a CSI advisory council of nationally recognized security pros. One of those is Maj. Gen. Tom Thomas, who has served as assistant to the U.S. Cyber Commander and is a senior vice president at Bank of America. A glance at his background and the collective experience of council members tells you that CSI is the place where military, business, and educational themes and goals intersect.
Bank of America has been helping UD develop a cyber curriculum that is timely and practical. “It’s a matter of tailoring academics to what businesses are looking for,” Thomas says. “At Aberdeen, we’ve identified the type of people that CERDEC needs.” (CERDEC is the Army’s Communications-Electronic Research, Development and Engineering Center.)
UD will likely supply more of such people, plus workers and executives throughout private industry, in the coming years. “Skill sets are broadening,” says Walker. “If you’re going into public administration or law, you need to understand cybersecurity.”
On campus, CSI’s next big step is to create a “cyber range” that will develop tools for identifying and fending off attacks. State aid of $3 million is funding the startup, a partnership to include Delaware State University and DelTech. UD’s STAR campus (site of the former Chrysler assembly plant) is a possible home. The range will have a virtual capability, and test students under realistic conditions.
“It will be hands-on learning,” says ECE’s Cotton. “”We’ll have exercises that use all the things the students have been taught, and they’ll be running them on their own laptops.”
And there will be many more collegiate laptops running across the cyber landscape. UD is one of nine universities chosen by MITRE for an academic council to work with the company’s cybersecurity R&D center. The goal is to beat back the growing threat—a tall order, and an essential one.