Culture War: Making Cyber Career Military Friendly

CONTI: I personally believe - cyberwarfare cold war for sure - a full-out cyberwarfare war is ongoing now. Major companies that are being attacked aren't really talking about it, but it's going on. Information is being stolen, machines compromised; attacks are occurring on an incredible scale right now, so the idea is that we are preparing every graduate so that they have a foundation in computer security. They understand the basics. They understand how computers can be protected, the importance of patching anti-virus programs, and in keeping all that up to date as well as just safe operating procedures, how to be safe online, what they can disclose and share, what is not a good idea?

Understand that information is slippery. Touching everybody, getting that point across. We are hoping to be agents of change for the Army and for the Department of Defense. We've got some really talented folks and they are leaving here understanding the importance of computer security. And then we also have in the Department of Electrical Engineering and Computer Science, a number of courses and a number of courses across the academy so those that are interested in studying technology in depth can explore a great deal more.

CHABROW: Is there a major in information assurance, information security or cyberwarfare, or are they just elements or components of broader computer science program?

CONTI: We have made it a focus point in the department to imbed, rather than having a separate degree, cyberwarfare computer security across the curriculum. I run the information technology and operation center, which is the West Point Cyberwarfare Research Center. My goal and my predecessor's goals have been to intelligently imbed computer security throughout the curriculum and in the right places. Now we do have some specialized classes in cyberwarfare information security, but we also have it in essentially class in the curriculum.

CHABROW: What is the difference between cyberwarfare and information security or cyberwarfare security?

CONTI: Oh gosh, I mean we are getting into semantics. Essentially, they all point to the same thing, keeping network secure, keeping information secure, keeping the platforms that process that information secure. It's essentially the same thing. It just gets rebranded every couple of years.

CHABROW: Is there any offensive component to the West Point cybersecurity curriculum?

CONTI: Well, that is a good point. Initially, we were concerned that including offensive capabilities - teaching cadets about offense - was very, very risky and dangerous. The principle that we followed was we don't want to end up on the front page of The New York Times with a headline that read, "West Point is Teaching Hackers."

But over time, two things have happened. We have incorporated a degree of offensive training for the cadets, because we believe it's much more relevant for them now in that to defend the system you need to understand how to attack it. We always teach it from the ethical prospective, but we do include some material on offensive capabilities.

And, we did end up on the front page of The New York Times this past spring, but in a good way. It was for our cyberwarfare defensive exercise, where we compete, and this was the ninth year it's been offered against all of the other United States service academies, where we build networks and defend them against and let's say aggressors and let's say red team. We've won that I'm proud to say five times out of the nine. We put a great deal of emphasis on competing well and using that as a catalyst to help motivate the cadets.

CHABROW: Let us talk about your article you co-wrote with U.S. Army Col. "Buck" Surdu. You proposed a fourth military branch, a cyberwarfare branch. You characterized cyberwarfare components of the Air Force, Army and Navy as "ill-fitting appendages that attempt to operate in inhospitable cultures where tactical expertise is not recognized, cultivated, or completely misunderstood." What kind of reception did that get?

CONTI: It resonated very well in the technical community. The technical folks understand that you want your skills to be valued and understood and utilized well. It is very hard to develop a skill set that is valuable and a technical skills set, and once you are there you don't want to switch to a position where you are preparing PowerPoint slides or something like that. You want to continue on that growth curve.