>>Hi everyone. Welcome to the cubes coverage of eight of his public sector summit live in Washington D. C, where it's a face to face real event. I'm johN for a year host but virtual events. Hybrid events were hybrid event as well. We've got a great remote interview. Got a guest here in person, Jon Stankovic, president of cloud solutions. Smartronix and Britain was the VP of eight of his managed services, also known as A M. S with amazon web services, jOHN and jOHN and three johns here. Welcome to the cube remote >>in person. >>Hybrid. >>Thanks. Thank you. Great to be on the cube longtime viewer and I really appreciate what you >>do for fun to be here remotely but I feel like it right there. >>Yeah, I love the hybrid if it's only gonna get better next time will be in the metaverse soon. But uh, jOHn on the line there, I want to ask you with AWS managed services, take us through what you guys are doing with Smart Trust because this is an interesting service you guys are working together. How's that relates at the table for us. >>Yeah, well, you know, we're really excited about this announcement, We've been working with Smartronix since we launched A. M S 4.5 years ago. So we've been able to build up working with them, you know, a huge library of automation capabilities and this really just formalised as that in an offer for our joint customers where we can bring the expertise from AWS and Smartronix and offer a full solution that's highly integrated to help help our customers jointly accelerate their cloud adoption as well as their operating model transformation as they start to move to a more devops motion and they need help. We're there together to provide our expertise and make that simple for them. >>Well I appreciate the call. You john b john s over here. Js john Stankevich. Um tell me about Smart trust because you heard what's going on with devoPS to point a whole revolutions going on in devops, you're starting to see a highly accelerated modern application development environment which means that the software developers are setting the pace there, the pace car of the innovation, right? And so other teams like security or I. T. Become blockers. Blockers a drag and anchor. So the shift left on security for instance is causing a lot of problems on the security team. So all this is going on like right now so still the speed is the game. What's your take? >>Sure so absolutely. I think that's where this partnership really really excels. You know, we want customers to focus on their mission, you know, national security, health care outcomes. Um we want them to kind of take the rest off their plate. So when you say some of the quote unquote blockers around security uh Smartronix has invested heavily in a federally authorized platform that sits on top of what a WS has done from a Fed ramp and so right off the bat speed agility. We don't want our customers spending time replicating things that we've done at scale and leveraging what AWS has and so by kind of utilizing this, this joint offer all of a sudden a big part of that compliance is taken care of. Uh, and then things like devoPS, things like SRE models that you hear a lot about, we fold all that into this uh, combined service offering. >>I know a little about what you guys are doing. You mentioned SRE is very cool, but let's take a minute to explain what you guys are doing because you guys are on the cutting edge of solving a lot of problems from infrastructure fools around the deVOPS stack. What are you guys doing in the cloud services? >>Sure. So I think jOHN hit a little bit on it. But you know, we look at AMS as best in breed at scale managing core parts of the U. S. Infrastructure. What Smartronix does is many times customers have some unique requirements and we take that core kind of powered by aims and we try and fill in those kind of complementary skill sets and complementary requirements. And so something like the devops, which is basically making sure that those people developing that software, they have also the ability to manage it and on an ongoing basis. Kind of run it. We develop all the frameworks and that's part of this offering to enable that. >>What's the solution jOHN B because I think you guys don't, this is people have challenges. I want to understand those challenges. And then when they go to the external managed service, what's involved, you walk us through that? Because I think that's important. >>Yeah, sure. You know, it turns out jOHN nailed this one. That moving to the cloud can be, can be a big transformation for many, many enterprises and government teams. Right. They worked for many years and have an ecosystem in their traditional data center. But when they move to the cloud, there's a lot of moving pieces and so what we like to focus on is helping them with the undifferentiated aspects of safely and automating cloud operations. So working with, with Smartronix allows us to take what we're doing across the infrastructure services, around security, around automation, around patching instance management, container management, all of those uh, undifferentiated, heavy lifting passed by now with Smartronix and expertise across the application layer across customers, unique environments across federal and moderate the various government standards and compliance is, and we think we're able to get, take a customer um, from kind of really early stage cloud experience and rapidly deploy configure and get them into a very stable scalable posture operationally on the cloud so that they can start to invest in their people, their skills and their differentiated application on the cloud that really drive the differentiation in their business and not have to worry about best practice configurations and operational run books and, and and automation is and and and the latest dep sec ops capabilities that will pick up for them while they're training and getting, they're getting their emotions in place, >>jOHn is on the Smartronix side. Talk about the difference between scale okay. Which is a big issue with cloud these customers want to have with AMS but then you also have some scale, maybe some scale to but highly compliant environments, regulated industries, for instance, this is the hot areas because scale is unwieldy, but if you don't want get rain it in, it can be chaotic. Right? So also regulations and compliance is a huge issue. >>Yeah. What what we found is um, at times customers look at it and they just get frustrated because it can be kind of intimidating and we as a combined team really have spent a lot of time we have accelerators to walk customers through that process and a really flexible model. If they feel that they have a lot of domain expertise in it, then we'll just kind of be almost a supporter other customers look at it and say, you know, we'd like you to take the entire patch of that compliance and so highly regulated environments. Both commercial D. O. D. National Security, um federal civilian agencies, state and local, they're all looking to this and saying we really want someone that's been through things like the U. S. Audited managed service provider, things like they're managed security service provider, things like fed ramp or D. O. D. Ill four and five. And I think to be honest Smartronix has just invested heavily in that with the goal of reducing all that complexity and it's it's really been taken off and we really appreciate the partnership specifically with jOHn and uh the A. W. S. A. M. S. Team. >>All right so you guys were going together, what's the ultimate benefit to the customer? >>I can I'll give my thing right off the bat all this innovation coming out of A. W. S. Um It's fantastic but only if you have the ability to take advantage of it. And so thousands of new services being rolled out. We really want customers to be able to take advantage of that and let at times us do what we do best and let them focus on their mission. And I think that's what really AWS is all about and we just feel very fortunate to be an enabler of that >>john be talking about talking about the staffing issues too because one of the problems that we have been reporting and this has come up at every reinvest on the max. Peterson about this as well. He's promised last year was gonna train 29 million people. See how that comes out of reinvent when the report card comes back. I was kinda busting his chops a little bit there but he had a smile on his face I think is gonna hit the numbers a lot of times, Maybe people don't have an SRE they don't have a devout person or they have some staff that they're in transition or transforming this is a huge factor. What's your take on this, >>you know, that that is so important, you know, as john mentioned, it's all about helping the customers focused and and their their cloud talent is scarce and it's a scarce resource and you you want to make sure that your cloud talent is working on the cool stuff or they're going to leave and and as you train and skill, these folks, they want to focus on what really impacts the business, what's really differentiating doing, you know, doing the cloud and the necessities on operations and operational tasks and sec ops and things like that, sometimes, that's not the sexiest part of the work that the customer really wants to focus their team on. So again, I think together we're able to help drive high levels of automation and really do that day in and day out work that is not necessarily the differentiator of their business and that's going to attract and keep the best and brightest minds in these in these customers um which allows us to help them with the undifferentiated aspects of of the heavy lifting. >>Not only is availability of people, it's keeping the people, I love that great call out there, Okay, where does this go? Where's the relationship. So you guys are partnering, you have the M. S. Is going on? Strong managed services not gonna go away mormon people were using managed services. It's part of the ecosystem within the ecosystem. What's next in the relationship? >>Well, I think, you know, I'll speak first, john, I'm sure you've got some thoughts to, but you know, we've got so many things on our plate around predictive operations and the predictive capabilities that we're excited about tackling together. Obviously there's all sorts of unique applications that require even deeper capabilities and working with Smartronix to help us, you know, provide even greater insight into the application layer. So I kind of see us expanding um both horizontally as well as well as vertically and horizontally. We've got customers looking at the edge with the outpost solutions and we can snap into those capabilities as well. So there's a tremendous amount of kind of, I'd say vertical and horizontal opportunity that we can continue to expand it together, >>john your reaction, That's >>pretty right on Absolutely. I think john Berger really hit it and I think really machine learning, you know, that's a big area of focus, if you look at all this data is being collected, predictive modeling and so we have this kind of transition from a model where people were basically watching screens reacting and what the AWS MSP offer and what you know, AmS offers is really predicting, so you you're not doing that, you're not reacting, you're proactively ahead of things. And that's the honest truth is AWS is such a well run service. It just doesn't break, you know, it doesn't break like what you see in the traditional kind of legacy infrastructure. And so at times we're just continuing to climb that stack. As, as john mentioned, >>it's really interesting as you guys are, as you're talking, I'm thinking myself just go back a couple of years ago, eight years ago or so. DevoPS is a bad word. Dev's dominate up. So I was through them now, operational leverage is a huge part of this ai operations, um, the entire I. T service management being disrupted heavily by cloud operations that also facilitate rapid development models. Right? So, again, this is like under reported, but it's a really nuanced point hardened operations for security and not holding back the developers is the cloud scale. What's your guys reaction to that? >>Yeah, I completely agree. I think, you know, the automation piece of things and I think customers are still going through transitions. You know, traditionally managed services means a big staff and it's like I said, sitting there watching screens and you flip that model where you have developers actually deploying code and infrastructure to support it. It's, you know, it's very transitional and very transformative and I think that's where an offering, like what we've really partnered on really, really helps because at times it can be overwhelming for customers and we just want to simplify that. And as I've said, let them focus on their mission. >>Amen one last question before we break, because I was talking to another partner, a big part of AWS. Um, and we're talking about SAS versus solutions and sometimes if you're too Sassy, you're not really building a custom solution, but you can have the best of both worlds. A little professional services, maybe some headroom on the stack, if you will your building solutions. So the next question is, as you guys put this cutting edge innovative innovative solution together, how are your customers consuming it? Like what's the consumption? I'm assuming there must be happy because a lot of heavy lifting being taken away, they don't have to deal with house the contract process. >>Well, you know, I think, you know, we have the opportunity, we support customers and kind of all modes of their application stack. So, you know, a full stacks solution. You know, even a legacy architecture moving to the cloud requires a high degree of automation to support it. And then as those applications become modernized over time, they become much more cloud native at some point, they might even become a full stack Starzz offer. So many of our customers actually run their SAAS platform leveraging our capability as well. So, you know, I think it gives the customer a lot of optionality uh, and future kind of growth as they modernize their application stack. >>Yeah, john your reaction. Absolutely. >>I think one of the greatest benefits is it's freeing up funds to do mission work. And so instead of spending time procuring hardware and managing it and leasing data center space, they literally have more funding. And so we've seen customers literally transform their business because this piece of it's done more efficiently and they have really excess and really additional funding to do their mission. >>We love the business model innovation, faster um, higher quality, easy and inexpensive. That's the flywheel gentlemen, Thank you for coming on and get the three. John john thank you. Vice President Cloud Solutions. That Smartronix, thank you for coming on. John Barrington BP of amazon websites managed. There is a also known as AWS and A M. S. A W. S got upside down. W. M. Looks the same. Thank you guys for coming. I appreciate it. Thank you. We appreciate great great Cube covers here. eight of us summit we're live on the ground and were remote. It's a hybrid event. I'm John for your host. Thanks for watching. Mhm

(upbeat music) >> Welcome everybody to VeeamON 2021 you're watching theCUBE. My name is Dave Villante. You know in 2020 cyber adversaries they seize the opportunity to really up their game and target workers from home and digital supply chains. It's become increasingly clear to observers that we're entering a new era of cyber threats where infiltrating companies via so-called Island Hopping and stealthily living off the land meaning they're using your own tools and infrastructure to steal your data. So they're not signaling with new tools that they're in there. It's becoming the norm for sophisticated hacks. Moreover, these well-funded and really sophisticated criminals and nation States are aggressively retaliating against incident responses. In other words, when you go to fix the problem they're not leaving the premises they're rather they're tightening the vice on victims by holding your data ransom and threatening to release previously ex filtrated and brand damaging information to the public. What a climate in which we live today. And with me to talk about these concerning trends and what you can do about it as Gil Vega, the CISO of Veeam Gil great to see you. Thanks for coming on. >> Great to see you, Dave. Thanks for having me. >> Yeah. So, you know, you're hearing my intro. It's probably understating the threat. You are a Veeam's first CISO. So how do you see the landscape right now? >> That's right. Yeah. And I've been with the company for just over a year now, but my background is in financial services and spent a lot of time managing cybersecurity programs at the classified level in Washington DC. So I've gleaned a lot of scar tissue from lots of sophisticated attacks and responses. But today I think what we're seeing is really a one-upmanship by a sophisticated potentially nation state sponsored adversaries, this idea of imprisoning your data and charging you to release it is it's quite frightening. And as we've seen in the news recently it can have devastating impacts not only for the economy, but for businesses. Look at the gas lines in the Northeast right now because of the quality of a pipeline, a ransomware attack. I just, the government just released an executive order this morning, that hopes to address some of the some of the nation's unpreparedness for these sophisticated attacks. And I think it's time. And I think everyone's excited about the opportunity to really apply a whole of government approach, to helping critical infrastructure to helping and partnering with private sector and imposing some risks, frankly, on some of the folks that are engaged in attacking our country. >> A number of years ago, I often tell this story. I had the pleasure of interviewing Robert Gates the former Defense Secretary. And it was a while ago we were talking about cyber and he sits on a number of boards. And we were talking about how it's a board level issue. And, and we're talking about cyber crime and the like and nation States. And I said, well, wait, cyber warfare, even. And I said, "But don't we have the best cyber tech. I mean, can't we go on the offense?" And he goes, "Yeah, we do. And we can, but we have more to lose." And to your point about critical infrastructure, it's not just like, okay, we have the most powerful weapons. It's really we have the most valuable infrastructure and a lot to lose. So it's really a tricky game. And this notion of having to be stealthy in your incident response is relatively new. Isn't it? >> It is. It is. And you know, there are, you mentioned that and I was surprised you mentioned because a lot of people really don't talk about it as you're going into your response your adversaries are watching or watching your every move. You have to assume in these days of perpetual state of compromise in your environments, which means that your adversaries have access to your environment to the point that they're watching your incident responders communicate with one another and they're countering your moves. So it's sort of a perverse spin on the old mutually assured destruction paradigm that you mentioned the United States has the world's largest economy. And quite frankly the world's most vulnerable, critical infrastructure. And I would concur with Director Gates or Secretary Gates rather it is assessment that we've got to be awfully careful and measured in our approach to imposing risks. I think the government has worked for many years on defining red lines. And I think this latest attack on the colonial pipeline affecting the economy and people's lives and potentially putting people's lives at risk is towing also the close to that red line. And I'm interested to see where this goes. I'm interested to see if this triggers even a, you know a new phase of cyber warfare, retaliation, you know proactive defense by the National Security Community of the United States government. Be interesting to see how this plays out. >> Yeah, you're absolutely right though. You've got this sort of asymmetric dynamic now which is unique for the United States as soon as strongest defense in the world. And I wanted to get it to ransomware a bit. And specifically this notion of ransomware as a service it's really concerning where criminals can actually outsource the hack as a service and the bad guys will set up, you know, on the dark web they'll have, you know, help desks and phone lines. They'll do the negotiations. I mean, this is a really concerning trend. And obviously Veeam plays a role here. I'm wondering as a, as a SecOps pro what should we be doing about this? >> Yeah, you mentioned ransomware as a service, whereas RWS it's an incredibly pernicious problem perpetrated by sophisticated folks who may or may not have nation state support or alliances. I think at a minimum certain governments are looking the other way as it relates to these criminal activities. But with ransomware as a service, you're essentially having very sophisticated folks create very complex ransomware code and distributed to people who are willing to pay for it. And oftentimes take a part of the ransom as their payment. The, issue with obviously ransomware is you know the age old question, are you going to pay a ransom or are you not going to pay a ransom? The FBI says, don't do it. It only encourages additional attacks. The Treasury Department put out some guidance earlier earlier in the year, advising companies that they could be subject to civil or criminal penalties. If they pay a ransom and the ransom goes to a sanction density. So there's danger on all sides. >> Wow okay. But so, and then the other thing is this infiltrating via digital supply chains I call it Island Hopping and the like, we saw that with the solar winds hack and the scary part is, you know different malware is coming in and self forming and creating different signatures. Not only is it very difficult to detect, but remediating, you know, one, you know combined self formed malware it doesn't necessarily take care of the others. And so, you know, you've got this sort of organic virus, like thing, you know, create mutating and that's something that's certainly relatively new to me in terms of its prevalence your thoughts on that and how to do it. >> Yeah, exactly right. You know, the advent of the polymorphic code that changes the implementation of advanced artificial intelligence and some of this malware is making our job increasingly difficult which is why I believe firmly. You've got to focus on the fundamentals and I think the best answers for protecting against sophisticated polymorphic code is,are found in the NIST cybersecurity framework. And I encourage everyone to really take a close look at implementing that cybersecurity framework across their environments, much like we've done here, here at Veeam implementing technologies around Zero Trust again assuming a perpetual state of compromise and not trusting any transaction in your environment is the key to combating this kind of attack. >> Well, and you know, as you mentioned, Zero Trust Zero Trust used to be a buzzword. Now it's like become a mandate. And you know, it's funny. I mean, in a way I feel like the crypto guys I know there's a lot of fraud in crypto, but but anybody who's ever traded crypto it's like getting into Fort Knox. I mean, you got to know your customer and you've got to do a little transaction. I mean, it's really quite sophisticated in terms of the how they are applying cybersecurity and you know, most even your bank isn't that intense. And so those kinds of practices, even though they're a bit of a pain in the neck, I mean it's worth the extra effort. I wonder if you could talk about some of the best practices that you're seeing how you're advising your clients in your ecosystem and the role that Veeam can play in helping here. >> Yeah, absolutely. As I mentioned so many recommendations and I think the thing to remember here so we don't overwhelm our small and medium sized businesses that have limited resources in this area is to remind them that it's a journey, right? It's not a destination that they can continually improve and focus on the fundamentals. As I mentioned, things like multi-factor authentication you know, a higher level topic might be micro-segmentation breaking up your environment into manageable components that you can monitor a real time. Real time monitoring is one of the key components to implementing Zero Trust architecture and knowing exactly what good looks like in your environment in a situation where you've got real-time monitoring you can detect the anomalies, the things that shouldn't be happening in your environment and to spin up your response teams, to focus and better understand what that is. I've always been a proponent of identity and access management controls and a key focus. We've heard it in this industry for 25 years is enforcing the concept of least privilege, making sure that your privileged users have access to the things they need and only the things that they need. And then of course, data immutability making sure that your data is stored in backups that verifiably has not been changed. And I think this is where Veeam comes into the equation where our products provide a lot of these very easily configured ransomware protections around data and your ability to the ability to instantly back up things like Office 365 emails, you know support for AWS and Azure. Your data can be quickly restored in the event that an attacker is able to in prison that with encryption and ransom demands. >> Well, and so you've certainly seen in the CISOs that I've talked to that they've had to obviously shift their priorities, thanks to the force march to digital, thanks to COVID, but Identity access management, end point security cloud security kind of overnight, you know, Zero Trust. We talked about that and you could see that in some of these, you know, high flying security stocks, Okta Zscaler, CrowdStrike, they exploded. And so what's in these many of these changes seem to be permanent sort of you're I guess, deeper down in the stack if you will, but you, you compliment these toolings with obviously the data protection approach the ransomware, the cloud data protection, air gaps, immutability. Maybe you could talk about how you fit in with the broader, you know, spate of tools. I mean, your, my eyes bleed when you look at all the security companies that are out there. >> Yeah for sure. You know, I'm just going to take it right back to the NIST cybersecurity framework and the five domains that you really need to focus on. Identify, protect, detect, respond, and recover, you know and until recently security practitioners and companies have really focused on on the protect, identify and protect, right and defend rather where they're focused on building, you know, moats and castles and making sure that they've got this, you know hard exterior to defend against attacks. I think there's been a shift over the past couple of years where companies have recognized that the focus needs to be on and respond and recover activities, right? Assuming that people are going to breach or near breach, your entities is a safe way to think about this and building up capabilities to detect those breaches and respond effectively to those breaches are what's key in implementing a successful cybersecurity program where Veeam fits into this since with our suite of products that that can help you through the recovery process, right? That last domain of the NIST cybersecurity framework it'll allow you to instantaneously. As I mentioned before, restore data in the event of a catastrophic breach. And I think it provides companies with the assurances that while they're protecting and building those Zero Trust components into their environments to protect against these pernicious and well-resourced adversaries there's the opportunity for them to recover very quickly using the VM suite of tools? >> Well, I see, I think there's an interesting dynamic here. You're pointing out Gil. There's not no longer is it that, you know, build a moat the Queen's leaving her castle. I always say, you know there is no hardened perimeter anymore. And so you've seen, you know, the shift obviously from hardware based firewalls and you I mentioned those other companies that are doing great but to me, it's all about these layers and response is a big in recovery is a huge part of that. So I'm seeing increasingly companies like Veeam is a critical part of that, that security cyber data protection, you know, ecosystem. I mean, to me it's just as important as the frontline pieces of even identity. And so you see those markets exploding. I think it's, there's a latent value that's building in companies like Veeam that are a key part of those that data protection layer you think about you know, defense strategies. It's not just you, the frontline it's maybe it's airstrikes, maybe it's, you know, C etcetera. And I see that this market is actually a huge opportunity for for organizations like yours. >> I think you're right. And I think the proof is in, you know in the pudding, in terms of how this company has grown and what we've delivered in version 11 of our suite, including, you know features like continuous data protection, we talked about that reliable ransomware protection support for AWS S3 Glacier and Azure archive the expanded incident recovery, and then support for disaster recovery and backup as a service. You know, what I found most interesting in my year here at Veeam is just how much our administrators the administrators in our company and our customers companies that are managing backups absolutely love our products that ease of use the instant backup capabilities and the support they receive from Veeam. It's almost cultish in terms of how our customers are using these products to defend themselves in today's pretty intense cyber threat environment. >> Well, and you talked about the NIST framework, and again big part of that is recovery, because we talked about earlier about, do you pay the ransom or not? Well, to the extent that I can actually recover from having all my data encrypted then I've got obviously a lot more leverage and in many ways, I mean, let's face it. We all know that it's not a matter of if it's, when you get infiltrated. And so to the extent that I can actually have systems that allow me to recover, I'm now in a much much stronger position in many respects, you know and CISOs again, will tell you this that's where we're shifting our investments >> Right. And you've got to do all of them. It's not just there's no silver bullet, but but that seems to me to be just a a misunderstood and undervalued part of the equation. And I think there's tremendous upside there for companies like yours. >> I think you're right. I think what I'll just add to that is the power of immutability, right? Just verifiably ensuring that your data has not changed because oftentimes you'll have attackers in these low and slow live off the land types of attacks change your data and affect its integrity with the Veeam suite of tools. You're able to provide for immutable or unchanged verifiable data and your backup strategy which is really the first step to recovery after a significant event. >> And that's key because a lot of times the hackers would go right after the backup Corpus you know, they'll sometimes start there is that all the data, you know, but if you can make that immutable and again, it, you know there's best practices there too, because, you know if you're not paying the cloud service for that immutability, if you stop paying then you lose that. So you have to be very careful about, you know how you know, who has access to that and you know what the policies are there, but again, you know you can put in, you know so a lot of this, as you know, is people in process. It's not just tech, so I'll give you the last word. I know you got to jump, but really appreciate.. >> Yeah, sure. >> You know, the only, the only thing that we didn't mention is user awareness and education. I think that is sort of the umbrella key focus principle for any successful cybersecurity program making sure your people understand, you know how to deal with phishing emails. You know, ransomware is a huge threat of our time at 90% of ransomware malware is delivered by phishing. So prepare your workforce to deal with phishing emails. And I think you'll save yourself quite a few headaches. >> It's great advice. I'm glad you mentioned that because because bad user behavior or maybe uninformed user behaviors is the more fair way to say it. It will trump good security every time. Gil, thanks so much for coming to the CUBE and and keep fighting the fight. Best of luck going forward. >> Great. Thank you, Dave. >> All right. And thank you for watching everybody. This is Dave Villante for the CUBEs continuous coverage VeeamON 2021, the virtual edition. We will be right back. (upbeat music)

(radio calls) >> Announcer: From around the globe, its theCUBE covering Space & Cybersecurity Symposium 2020, hosted by Cal poly. Hello, welcome back to theCUBE virtual coverage with Cal Poly for the Space and Cybersecurity Symposium, a day four and the wrap up session, keynote session with the Lieutenant Governor of California, Eleni Kounalakis. She's here to deliver her keynote speech on the topic of California's role in supporting America's Cybersecurity future. Eleni, take it away. >> Thank you, John, for the introduction. I am Lieutenant Governor Eleni Kounalakis. It is an honor to be part of Cal Poly Space and Cybersecurity Symposium. As I speak kind of Pierre with the governor's office of business and economic development is available on the chat, too ready to answer any questions you might have. California and indeed the world are facing significant challenges right now. Every day we are faced with the ongoing COVID-19 pandemic and the economic downturn that is ensued. We have flattened the curve in California and are moving in the right direction but it is clear that we're not out of the woods yet. It is also impossible right now to escape the reality of climate change from the fire sparked by exceptionally rare, dry lightening events to extreme heat waves threatening public health and putting a strain on our electricity grid. We see that climate change is here now. And of course we've been recently confronted with a series of brutal examples of institutionalized racism that have created an awakening among people of all walks of life and compelled us into the streets to march and protest. In the context of all this, we cannot forget that we continue to be faced with other less visible but still very serious challenges. Cybersecurity threats are one of these. We have seen cities, companies and individuals paralyzed by attacks costing time and money and creating an atmosphere of uncertainty and insecurity. Our state agencies, local governments, police departments, utilities, news outlets and private companies from all industries are target. The threats around cybersecurity are serious but not unlike all the challenges we face in California. We have the tools and fortitude to address them. That is why this symposium is so important. Thank you, Cal Poly and all the participants for being here and for the important contributions you bring to this conference. I'd like to also say a few words about California's role in America's future in space. California has been at the forefront of the aerospace industry for more than a century through all the major innovations in aerospace from wooden aircraft, to World War II Bombers, to rockets and Mars rovers. California has played a pivotal role. Today, California is the number one state in total defense spending, defense contract spending and total number of personnel. It is estimated the Aerospace and Defense Industry, provides $168 billion in economic impact to our state. And America's best trained and most experienced aerospace and technology workforce lives here in California. The fact that the aerospace and defense sector, has had a strong history in California is no accident. California has always had strong innovation ecosystem and robust infrastructure that puts many sectors in a position to thrive. Of course, a big part of that infrastructure is a skilled workforce. And at the foundation of a skilled workforce is education. California has the strongest system of public higher education in the world. We're home to 10 university of California campuses, 23 California State university campuses and 116 California Community Colleges. All told nearly 3 million students are enrolled in public higher education. We also have world renowned private universities including the California Institute of Technology and Stanford University numbers one and three in the country for aerospace engineering. California also has four national laboratories and several NASA facilities. California possesses a strong spirit of innovation, risk taking and entrepreneurship. Half of all venture capital funding in the United States, goes to companies here in California. Lastly, but certainly no less critical to our success, California is a diverse state. 27% of all Californians are foreign born, 27% more than one in four of our population of 40 million people are immigrants from another country, Europe central and South America, India, Asia, everywhere. Our rich cultural diversity is our strength and helps drive our economy. As I look to the future of industries like cybersecurity and the growing commercial space industry, I know our state will need to work with those industries to make sure we continue to train our workforce for the demands of an evolving industry. The office of the lieutenant governor has a unique perspective on higher education and workforce development. I'm on the UC Board of Regents, the CSU Board of Trustees. And as of about two weeks ago, the Community Colleges Board of Governors. The office of the lieutenant governor is now the only office that is a member of every governing board, overseeing our public higher education system. Earlier in the symposium, we heard a rich discussion with Undersecretary Stewart Knox from the California Labor and Workforce Development Agency about what the state is doing to meet the needs of space and cybersecurity industries. As he mentioned, there are over 37,000 job vacancies in cybersecurity in our state. We need to address that gap. To do so, I see an important role for public private partnerships. We need input from industry and curriculum development. Some companies like Lockheed Martin, have very productive partnerships with universities and community colleges that train students with skills they need to enter aerospace and cyber industries. That type of collaboration will be key. We also need help from the industry to make sure students know that fields like cybersecurity even exist. People's early career interests are so often shaped by the jobs that members of their family have or what they see in popular culture. With such a young and evolving field like cybersecurity, many students are unaware of the job opportunities. I know for my visits to university campuses that students are hungry for STEM career paths where they see opportunities for good paying jobs. When I spoke with students at UC Merced, many of them were first generation college students who went through community college system before enrolling in a UC and they gravitated to STEM majors. With so many job opportunities available to STEM students, cybersecurity ought to be one that they are aware of and consider. Since this symposium is being hosted by Cal Poly, I wanted to highlight the tremendous work they're doing as leaders in the space and cybersecurity industry. Cal Poly California Cybersecurity Institute, does incredible work bringing together academia, industry and government training the next generation of cyber experts and researching emerging cybersecurity issues. As we heard from the President of Cal Poly, Jeff Armstrong the university is in the perfect location to contribute to a thriving space industry. It's close to Vandenberg Air Force Base and UC Santa Barbara and could be home to the future permanent headquarters of US Space Command. The state is also committed to supporting this space industry in the Central Coast. In July, the State of California, Cal poly US-based force and the others signed a memorandum of understanding to develop a commercial space port at Vandenberg Air Force Base and to develop a master plan to grow the commercial space industry in the region. Governor Newsom has made a commitment to lift up all regions of the state. And this strategy will position the Central Coast to be a global leader in the future of the space industry. I'd like to leave you with a few final thoughts, with everything we're facing. Fires, climate change, pandemic. It is easy to feel overwhelmed but I remain optimistic because I know that the people of the State of California are resilient, persistent, and determined to address our challenges and show a path toward a better future for ourselves and our families. The growth of the space industry and the economic development potential of projects like the Spaceport at Vandenberg Air Force Base, our great example of what we can look forward to. The potential for the commercial space industry to become a $3 trillion industry by mid century, as many experts predict is another. There are so many opportunities, new companies are going to emerge doing things we never could have dreamed of today. As Lieutenant General John Thompson said in the first session, the next few years of space and cyber innovation are not going to be a pony ride at the state fair, they're going to be a rodeo. We should all saddle up. Thank you. >> Okay, thank you very much, Eleni. I really appreciate it. Thank you for your participation and all your support to you and your staff. You guys doing a lot of work, a lot going on in California but cybersecurity and space as it comes together, California's playing a pivotal role in leading the world and the community. Thank you very much for your time. >> Okay, this session is going to continue with Bill Britton. Who's the vice president of technology and CIO at Cal Poly but more importantly, he's the director of the cyber institute located at Cal Poly. It's a global organization looking at the intersection of space and cybersecurity. Bill, let's wrap this up. Eleni had a great talk, talking about the future of cybersecurity in America and its future. The role California is playing, Cal Poly is right in the Central Coast. You're in the epicenter of it. We've had a great lineup here. Thanks for coming on. Let's put a capstone on this event. >> Thank you, John. But most importantly, thanks for being a great partner helping us get this to move forward and really changing the dynamic of this conversation. What an amazing time we're at, we had quite an unusual group but it's really kind of the focus and we've moved a lot of space around ourselves. And we've gone from Lieutenant General Thompson and the discussion of the opposition and space force and what things are going on in the future, the importance of cyber in space. And then we went on and moved on to the operations. And we had a private company who builds, we had the DOD, Department Of Defense and their context and NASA and theirs. And then we talked about public private partnerships from President Armstrong, Mr. Bhangu Mahad from the DOD and Mr. Steve Jacques from the National Security Space Association. It's been an amazing conference for one thing, I've heard repeatedly over and over and over, the reference to digital, the reference to cloud, the reference to the need for cybersecurity to be involved and really how important that is to start earlier than just at the employment level. To really go down into the system, the K through 12 and start there. And what an amazing time to be able to start there because we're returning to space in a larger capacity and it's now all around us. And the lieutenant governor really highlighted for us that California is intimately involved and we have to find a way to get our students involved at that same level. >> I want to ask you about this inflection point that was a big theme of this conference and symposium. It was throughout the interviews and throughout the conversations, both on the chat and also kind of on Twitter as well in the social web. Is that this new generation, it wasn't just space and government DOD, all the normal stuff you see, you saw JPL, the Hewlett Foundation, the Defense Innovation Unit, Amazon Web Services, NASA. Then you saw entrepreneurs come in, who were doing some stuff. And so you had this confluence of community. Of course, Cal Poly had participated in space. You guys does some great job, but it's not just the physical face-to-face show up, gets to hear some academic papers. This was a virtual event. We had over 300 organizations attend, different organizations around the world. Being a virtual event you had more range to get more people. This isn't digital. This symposium isn't about Central California anymore. It's global. >> No, it really has gone. >> What really happened to that? >> It's really kind of interesting because at first all of this was word of mouth for this symposium to take place. And it just started growing and growing and the more that we talk to organizations for support, the more we found how interconnected they were on an international scale. So much so that we've decided to take our cyber competition next year and take it globally as well. So if in fact as Major General Shaw said, this is about a multinational support force. Maybe it's time our students started interacting on that level to start with and not have to grow into it as they get older, but do it now and around space and around cybersecurity and around that digital environment and really kind of reduce the digital dividing space. >> Yeah, General Thompson mentioned this, 80 countries with programs. This is like the Olympics for space and we want to have these competitions. So I got great vision and I love that vision, but I know you have the number... Not number, the scores and from the competition this year that happened earlier in the week. Could you share the results of that challenge? >> Yeah, absolutely. We had 83 teams participate this year in the California Cyber Innovation Challenge. And again, it was based around a spacecraft scenario where a spacecraft, a commercial spacecraft was hacked and returned to earth. And the students had to do the forensics on the payload. And then they had to do downstream network analysis, using things like Wireshark and autopsy and other systems. It was a really tough competition. The students had to work hard and we had middle school and high school students participate. We had an intermediate league, new schools who had never done it before or even some who didn't even have STEM programs but were just signing up to really get involved in the experience. And we had our ultimate division which was those who had competed in several times before. And the winner of that competition was North Hollywood. They've been the winning team for four years in a row. Now it's a phenomenal program, they have their hats off to them for competing and winning again. Now what's really cool is not only did they have to show their technical prowess in the game but they also have to then brief and out-brief what they've learned to a panel of judges. And these are not pushovers. These are experts in the field of cybersecurity in space. We even had a couple of goons participating from DefCon and the teams present their findings. So not only are we talking technical, we're talking about presentation skills. The ability to speak and understand. And let me tell you, after reading all of their texts to each other over the weekend adds a whole new language they're using to interact with each other. It's amazing. And they are so more advanced and ready to understand space problems and virtual problems than we are. We have to challenge them even more. >> Well, it sounds like North Hollywood got the franchise. It's likethe Patriots, the Lakers, they've got a dynasty developing down there in North Hollywood. >> Well, what happens when there's a dynasty you have to look for other talent. So next year we're going global and we're going to have multiple states involved in the challenge and we're going to go international. So if North Hollywood pulls it off again next year, it's going to be because they've met the best in the world than defeated >> Okay, the gauntlet has been thrown down, got to take down North Hollywood from winning again next year. We'll be following that. Bill, great to get those results on the cyber challenge we'll keep track and we'll put a plug for it on our site. So we got to get some press on that. My question to you is now as we're going digital, other theme was that they want to hire digital natives into the space force. Okay, the DOD is looking at new skills. This was a big theme throughout the conference not just the commercial partnerships with government which I believe they had kind of put more research and personally, that's my personal opinion. They should be putting in way more research into academic and these environments to get more creative. But the skill sets was a big theme. What's your thoughts on how you saw some of the highlight moments there around skill sets? >> John, it's really interesting 'cause what we've noticed is in the past, everybody thinks skill sets for the engineering students. And it's way beyond that. It's all the students, it's all of them understanding what we call cyber cognizance. Understanding how cybersecurity works whatever career field they choose to be in. Space, there is no facet of supporting space that doesn't need that cyber cognizance. If you're in the back room doing the operations, you're doing the billing, you're doing the contracting. Those are still avenues by which cybersecurity attacks can be successful and disrupt your space mission. The fact that it's international, the connectivities, all of those things means that everyone in that system digitally has to be aware of what's going on around them. That's a whole new thought process. It's a whole new way of addressing a problem and dealing with space. And again it's virtual to everyone. >> That's awesome. Bill, great to have you on. Thank you for including theCUBE virtual, our CUBE event software platform that we're rolling out. We've been using it for the event and thank you for your partnership in this co-creation opening up your community, your symposium to the world, and we're so glad to be part of it. I want to thank you and Dustin and the team and the President of Cal Poly for including us. Thank you very much. >> Thank you, John. It's been an amazing partnership. We look forward to it in the future. >> Okay, that's it. That concludes the Space and Cybersecurity Symposium 2020. I'm John Furrier with theCUBE, your host with Cal Poly, who put on an amazing virtual presentation, brought all the guests together. And again, shout out to Bill Britton and Dustin DeBrum who did a great job as well as the President of Cal poly who endorsed and let them do it all. Great event. See you soon. (flash light sound)

>>from around the globe. It's the Cube covering space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Oven. Welcome back to the Space and Cyber Security Symposium. 2020 I'm John for your host with the Cuban silicon angle, along with Cal Poly, representing a great session here on industry success in developing space and cybersecurity. Resource is Got a great lineup. Brigadier General Steve Hotel, whose are also known as Bucky, is Call Sign director of Space Portfolio Defense Innovation Unit. Preston Miller, chief information security officer at JPL, NASA and Major General retired Clint Crozier, director of aerospace and satellite solutions at Amazon Web services, also known as a W s. Gentlemen, thank you for for joining me today. So the purpose of this session is to spend the next hour talking about the future of workforce talent. Um, skills needed and we're gonna dig into it. And Spaces is an exciting intersection of so many awesome disciplines. It's not just get a degree, go into a track ladder up and get promoted. Do those things. It's much different now. Love to get your perspectives, each of you will have an opening statement and we will start with the Brigadier General Steve Hotel. Right? >>Thank you very much. The Defense Innovation Unit was created in 2015 by then Secretary of Defense Ash Carter. To accomplish three things. One is to accelerate the adoption of commercial technology into the Department of Defense so that we can transform and keep our most relevant capabilities relevant. And also to build what we call now called the national Security Innovation Base, which is inclusive all the traditional defense companies, plus the commercial companies that may not necessarily work with focus exclusively on defense but could contribute to our national security and interesting ways. Um, this is such an exciting time Azul here from our other speakers about space on and I can't, uh I'm really excited to be here today to be able to share a little bit of our insight on the subject. >>Thank you very much. Precedent. Miller, Chief information security officer, Jet Propulsion Lab, NASA, Your opening statement. >>Hey, thank you for having me. I would like to start off by providing just a little bit of context of what brings us. Brings us together to talk about this exciting topic for space workforce. Had we've seen In recent years there's been there's been a trend towards expanding our space exploration and the space systems that offer the great things that we see in today's world like GPS. Um, but a lot of that has come with some Asian infrastructure and technology, and what we're seeing as we go towards our next generation expects of inspiration is that we now want to ensure that were secured on all levels. And there's an acknowledgement that our space systems are just a susceptible to cyber attacks as our terrestrial assistance. We've seen a recent space, uh, policy Directive five come out from our administration, that that details exactly how we should be looking at the cyber principle for our space systems, and we want to prevent. We want to prevent a few things as a result of that of these principles. Spoofing and jamming of our space systems are not authorized commands being sent to those space systems, lots of positive control of our space vehicles on lots of mission data. We also acknowledge that there's a couple of frameworks we wanna adopt across the board of our space systems levers and things like our nice miss cybersecurity frameworks. eso what has been a challenge in the past adopted somebody Cyber principles in space systems, where there simply has been a skill gap in a knowledge gap. We hire our space engineers to do a few things. Very well designed space systems, the ploy space systems and engineer space systems, often cybersecurity is seen as a after thought and certainly hasn't been a line item and in any budget for our spaces in racing. Uh, in the past in recent years, the dynamic started to change. We're now now integrating cyber principles at the onset of development of these life cycle of space. Systems were also taking a hard look of how we train the next generation of engineers to be both adequate. Space engineers, space system engineers and a cyber engineers, as a result to Mrs success on DWI, also are taking a hard look at What do we mean when we talk about holistic risk management for our space assistance, Traditionally risk management and missing insurance for space systems? I've really revolved around quality control, but now, in recent years we've started to adopt principles that takes cyber risk into account, So this is a really exciting topic for me. It's something that I'm fortunate to work with and live with every day. I'm really excited to get into this discussion with my other panel members. Thank you. >>You Preston. Great insight there. Looking forward. Thio chatting further. Um, Clint Closure with a W. S now heading up. A director of aerospace and satellite Solutions, formerly Major General, Your opening statement. >>Thanks, John. I really appreciate that introduction and really appreciate the opportunity to be here in the Space and Cybersecurity Symposium. And thanks to Cal Poly for putting it together, you know, I can't help, but as I think to Cal Poly there on the central California coast, San Luis Obispo, California I can't help but to think back in this park quickly. I spent two years of my life as a launch squadron commander at Vandenberg Air Force Base, about an hour south of Cal Poly launching rockets, putting satellites in orbit for the national intelligence community and so some really fond memories of the Central California coast. I couldn't agree more with the theme of our symposium this week. The space and cyber security we've all come to know over the last decade. How critical spaces to the world, whether it's for national security intelligence, whether it's whether communications, maritime, agriculture, development or a whole host of other things, economic and financial transactions. But I would make the case that I think most of your listeners would agree we won't have space without cybersecurity. In other words, if we can't guaranteed cybersecurity, all those benefits that we get from space may not be there. Preston in a moment ago that all the threats that have come across in the terrestrial world, whether it be hacking or malware or ransomware or are simple network attacks, we're seeing all those migrate to space to. And so it's a really important issue that we have to pay attention to. I also want to applaud Cow Pauling. They've got some really important initiatives. The conference here, in our particular panel, is about developing the next generation of space and cyber workers, and and Cal Poly has two important programs. One is the digital transformation hub, and the other is space data solutions, both of which, I'm happy to say, are in partnership with a W. S. But these were important programs where Cal Poly looks to try to develop the next generation of space and cyber leaders. And I would encourage you if you're interested in that toe. Look up the program because that could be very valuable is well, I'm relatively new to the AWS team and I'm really happy Thio team, as John you said recently retired from the U. S. Air Force and standing up the U. S. Space force. But the reason that I mentioned that as the director of the aerospace and satellite team is again it's in perfect harmony with the theme today. You know, we've recognized that space is critically important and that cyber security is critically important and that's been a W s vision as well. In fact, a W s understands how important the space domain is and coupled with the fact that AWS is well known that at a W s security is job zero and stolen a couple of those to fax A. W. S was looking to put together a team the aerospace and satellite team that focus solely and exclusively every single day on technical innovation in space and more security for the space domain through the cloud and our offerings there. So we're really excited to reimagine agree, envision what space networks and architectures could look like when they're born on the cloud. So that's important. You know, talk about workforce here in just a moment, but but I'll give you just a quick sneak. We at AWS have also recognized the gap in the projected workforce, as Preston mentioned, Um, depending on the projection that you look at, you know, most projections tell us that the demand for highly trained cyber cyber security cloud practitioners in the future outweighs what we think is going to be the supply. And so a ws has leaned into that in a number of ways that we're gonna talk about the next segment. I know. But with our workforce transformation, where we've tried to train free of charge not just a W s workers but more importantly, our customers workers. It s a W s we obsessed over the customer. And so we've provided free training toe over 7000 people this year alone toe bring their cloud security and cyber security skills up to where they will be able to fully leverage into the new workforce. So we're really happy about that too? I'm glad Preston raised SPD five space policy Directive five. I think it's gonna have a fundamental impact on the space and cyber industry. Uh, now full disclosure with that said, You know, I'm kind of a big fan of space policy directives, ESPN, Or was the space policy directive that directed to stand up of the U. S. Space Force and I spent the last 18 months of my life as the lead planner and architect for standing up the U. S. Space force. But with that said, I think when we look back a decade from now, we're going to see that s p d five will have as much of an impact in a positive way as I think SPD for on the stand up of the space Force have already done so. So I'll leave it there, but really look forward to the dialogue and discussion. >>Thank you, gentlemen. Clint, I just wanna say thank you for all your hard work and the team and the people who were involved in standing up Space force. Um, it is totally new. It's a game changer. It's modern, is needed. And there's benefits on potential challenges and opportunities that are gonna be there, so thank you very much for doing that. I personally am excited. I know a lot of people are excited for what the space force is today and what it could become. Thank you very much. >>Yeah, Thanks. >>Okay, So >>with >>that, let me give just jump in because, you know, as you're talking about space force and cybersecurity and you spend your time at Vanderburgh launching stuff into space, that's very technical. Is operation okay? I mean, it's complex in and of itself, but if you think about like, what's going on beyond in space is a lot of commercial aspect. So I'm thinking, you know, launching stuff into space on one side of my brain and the other side of brain, I'm thinking like air travel. You know, all the logistics and the rules of the road and air traffic control and all the communications and all the technology and policy and, you >>know, landing. >>So, Major General Clint, what's your take on this? Because this is not easy. It's not just one thing that speaks to the diversity of workforce needs. What's your reaction to that? >>Yeah. I mean, your observation is right on. We're seeing a real boom in the space and aerospace industry. For all the good reasons we talked about, we're recognizing all the value space from again economic prosperity to exploration to being ableto, you know, improve agriculture and in weather and all those sorts of things that we understand from space. So what I'm really excited about is we're seeing this this blossom of space companies that we sort of referred to his new space. You know, it used to be that really only large governments like the United States and a handful of others could operate in the space domain today and largely infused because of the technological innovation that have come with Cyber and Cyrus Space and even the cloud we're seeing more and more companies, capabilities, countries, all that have the ability, you know. Even a well funded university today can put a cube sat in orbit, and Cal Poly is working on some of those too, by the way, and so it's really expanded the number of people that benefits the activity in space and again, that's why it's so critically important because we become more and more reliant and we will become more and more reliant on those capabilities that we have to protect him. It's fundamental that we do. So, >>Bucky, I want you to weigh in on this because actually, you you've flown. Uh, I got a call sign which I love interviewing people. Anyone who's a call sign is cool in my book. So, Bucky, I want you to react to that because that's outside of the technology, you know, flying in space. There's >>no >>rule. I mean, is there like a rules? I mean, what's the rules of the road? I mean, state of the right. I mean, what I mean, what what's going? What's gonna have toe happen? Okay, just logistically. >>Well, this is very important because, uh and I've I've had access thio information space derived information for most of my flying career. But the amount of information that we need operate effectively in the 21st century is much greater than Thanet has been in the past. Let me describe the environment s so you can appreciate a little bit more what our challenges are. Where, from a space perspective, we're going to see a new exponential increase in the number of systems that could be satellites. Uh, users and applications, right? And so eso we're going we're growing rapidly into an environment where it's no longer practical to just simply evolved or operate on a perimeter security model. We and with this and as I was brought up previously, we're gonna try to bring in MAWR commercial capabilities. There is a tremendous benefit with increasing the diversity of sources of information. We use it right now. The military relies very heavily on commercial SAT com. We have our military capabilities, but the commercial capabilities give us capacity that we need and we can. We can vary that over time. The same will be true for remote sensing for other broadband communications capabilities on doing other interesting effects. Also, in the modern era, we doom or operations with our friends and allies, our regional partners all around the world, in order to really improve our interoperability and have rapid exchange of information, commercial information, sources and capabilities provides the best means of doing that. So that so that the imperative is very important and what all this describes if you want to put one word on it. ISS, we're involving into ah hybrid space architectures where it's gonna be imperative that we protect the integrity of information and the cyber security of the network for the things most important to us from a national security standpoint. But we have to have the rules that that allows us to freely exchange information rapidly and in a way that that we can guarantee that the right users are getting the right information at the right. >>We're gonna come back to that on the skill set and opportunities for people driving. That's just looking. There's so much opportunity. Preston, I want you to react to this. I interviewed General Keith Alexander last year. He formerly ran Cyber Command. Um, now he's building Cyber Security Technologies, and his whole thesis is you have to share. So the question is, how do you share and lock stuff down at the same time when you have ah, multi sided marketplace in space? You know, suppliers, users, systems. This is a huge security challenge. What's your reaction to this? Because we're intersecting all these things space and cybersecurity. It's just not easy. What's your reaction? >>Absolutely, Absolutely. And what I would say in response to that first would be that security really needs to be baked into the onset of how we develop and implement and deploy our space systems. Um, there's there's always going to be the need to collect and share data across multiple entities, particularly when we're changing scientific data with our mission partners. Eso with that necessitates that we have a security view from the onset, right? We have a system spaces, and they're designed to share information across the world. How do we make sure that those, uh, those other those communication channels so secure, free from interception free from disruption? So they're really done? That necessitates of our space leaders in our cyber leaders to be joining the hip about how to secure our space systems, and the communications there in Clinton brought up a really good point of. And then I'm gonna elaborate on a little bit, just toe invite a little bit more context and talk about some the complexities and challenges we face with this advent of new space and and all of our great commercial partners coming into therefore way, that's going to present a very significant supply chain risk management problems that we have to get our hands around as well. But we have these manufacturers developing these highly specialized components for the space instruments, Um, that as it stands right now, it's very little oversight And how those things air produced, manufactured, put into the space systems communication channels that they use ports protocols that they use to communicate. And that's gonna be a significant challenge for us to get get our hands around. So again, cybersecurity being brought in. And the very onset of these development thes thes decisions in these life cycles was certainly put us in a best better position to secure that data in our in our space missions. >>Yeah, E just pick up on that. You don't mind? Preston made such a really good point there. But you have to bake security in up front, and you know there's a challenge and there's an opportunity, you know, with a lot of our systems today. It was built in a pre cyber security environment, especially our government systems that were built, you know, in many cases 10 years ago, 15 years ago are still on orbit today, and we're thankful that they are. But as we look at this new environment and we understand the threats, if we bake cybersecurity in upfront weaken balance that open application versus the risk a long as we do it up front. And you know, that's one of the reasons that our company developed what we call govcloud, which is a secure cloud, that we use thio to manage data that our customers who want to do work with the federal government or other governments or the national security apparatus. They can operate in that space with the built in and baked in cybersecurity protocols. We have a secret region that both can handle secret and top secret information for the same reasons. But when you bake security into the upfront applications, that really allows you to balance that risk between making it available and accessible in sort of an open architecture way. But being sure that it's protected through things like ITAR certifications and fed ramp, uh, another ice T certifications that we have in place. So that's just a really important point. >>Let's stay high level for a man. You mentioned a little bit of those those govcloud, which made me think about you know, the tactical edge in the military analogy, but also with space similar theater. It's just another theater and you want to stand stuff up. Whether it's communications and have facilities, you gotta do it rapidly, and you gotta do it in a very agile, secure, I high availability secure way. So it's not the old waterfall planning. You gotta be fast is different. Cloud does things different? How do you talk to the young people out there, whether it's apparent with with kids in elementary and middle school to high school, college grad level or someone in the workforce? Because there are no previous jobs, that kind of map to the needs out there because you're talking about new skills, you could be an archaeologist and be the best cyber security guru on the planet. You don't have to have that. There's no degree for what, what we're talking about here. This >>is >>the big confusion around education. I mean, you gotta you like math and you could code you can Anything who wants to comment on that? Because I think this >>is the core issue. I'll say there are more and more programs growing around that educational need, and I could talk about a few things we're doing to, but I just wanna make an observation about what you just said about the need. And how do you get kids involved and interested? Interestingly, I think it's already happening, right. The good news. We're already developing that affinity. My four year old granddaughter can walk over, pick up my iPad, turn it on. Somehow she knows my account information, gets into my account, pulls up in application, starts playing a game. All before I really even realized she had my iPad. I mean, when when kids grow up on the cloud and in technology, it creates that natural proficiency. I think what we have to do is take that natural interest and give them the skill set the tools and capabilities that go with it so that we're managing, you know, the the interest with the technical skills. >>And also, like a fast I mean, just the the hackers are getting educated. Justus fast. Steve. I mean e mean Bucky. What do you do here? You CIt's the classic. Just keep chasing skills. I mean, there are new skills. What are some of those skills? >>Why would I amplify eloquent? Just said, First of all, the, uh, you know, cyber is one of those technology areas where commercial side not not the government is really kind of leading away and does a significant amount of research and development. Ah, billions of dollars are spent every year Thio to evolve new capabilities. And a lot of those companies are, you know, operated and and in some cases, led by folks in their early twenties. So the S O. This is definitely an era and a generation that is really poised in position. Well, uh, Thio take on this challenge. There's some unique aspects to space. Once we deploy a system, uh, it will be able to give me hard to service it, and we're developing capabilities now so that we could go up and and do system upgrades. But that's not a normal thing in space that just because the the technical means isn't there yet. So having software to find capabilities, I's gonna be really paramount being able to dio unique things. The cloud is huge. The cloud is centric to this or architectural, and it's kind of funny because d o d we joke because we just discovered the cloud, you know, a couple years ago. But the club has been around for a while and, uh, and it's going to give us scalability on and the growth potential for doing amazing things with a big Data Analytics. But as Preston said, it's all for not if if we can't trust the data that we receive. And so one of the concepts for future architectures is to evolve into a zero trust model where we trust nothing. We verify and authenticate everyone. And, uh, and that's that's probably a good, uh, point of departure as we look forward into our cybersecurity for space systems into the future. >>Block everyone. Preston. Your reaction to all this gaps, skills, What's needed. I mean it Z everyone's trying to squint through this >>absolutely. And I wanna want to shift gears a little bit and talk about the space agencies and organizations that are responsible for deploying these spaces into submission. So what is gonna take in this new era on, and what do we need from the workforce to be responsive to the challenges that we're seeing? First thing that comes to mind is creating a culture of security throughout aerospace right and ensuring that Azzawi mentioned before security isn't an afterthought. It's sort of baked into our models that we deploy and our rhetoric as well, right? And because again we hire our spaces in years to do it very highly. Specialized thing for a highly specialized, uh, it's topic. Our effort, if we start to incorporate rhetorically the importance of cybersecurity two missing success and missing assurance that's going to lend itself toe having more, more prepared on more capable system engineers that will be able to respond to the threats accordingly. Traditionally, what we see in organizational models it's that there's a cyber security team that's responsible for the for the whole kit kaboodle across the entire infrastructure, from enterprise systems to specialize, specialize, space systems and then a small pocket of spaces, years that that that are really there to perform their tasks on space systems. We really need to bridge that gap. We need to think about cybersecurity holistically, the skills that are necessary for your enterprise. I t security teams need to be the same skills that we need to look for for our system engineers on the flight side. So organizationally we need we need to address that issue and approach it, um todo responsive to the challenges we see our our space systems, >>new space, new culture, new skills. One of the things I want to bring up is looking for success formulas. You know, one of the things we've been seeing in the past 10 years of doing the Cube, which is, you know, we've been called the ESPN of Tech is that there's been kind of like a game ification. I want to. I don't wanna say sports because sports is different, but you're seeing robotics clubs pop up in some schools. It's like a varsity sport you're seeing, you know, twitch and you've got gamers out there, so you're seeing fun built into it. I think Cal Poly's got some challenges going on there, and then scholarships air behind it. So it's almost as if, you know, rather than going to a private sports training to get that scholarship, that never happens. There's so many more scholarship opportunities for are not scholarship, but just job opportunities and even scholarships we've covered as part of this conference. Uh, it's a whole new world of culture. It's much different than when I grew up, which was you know, you got math, science and English. You did >>it >>and you went into your track. Anyone want to comment on this new culture? Because I do believe that there is some new patterns emerging and some best practices anyone share any? >>Yeah, I do, because as you talked about robotics clubs and that sort of things, but those were great and I'm glad those air happening. And that's generating the interest, right? The whole gaming culture generating interest Robotic generates a lot of interest. Space right has captured the American in the world attention as well, with some recent NASA activities and all for the right reasons. But it's again, it's about taking that interested in providing the right skills along the way. So I'll tell you a couple of things. We're doing it a w s that we found success with. The first one is a program called A W s Academy. And this is where we have developed a cloud, uh, program a cloud certification. This is ah, cloud curriculum, if you will, and it's free and it's ready to teach. Our experts have developed this and we're ready to report it to a two year and four year colleges that they can use is part of the curriculum free of charge. And so we're seeing some real value there. And in fact, the governor's in Utah and Arizona recently adopted this program for their two year schools statewide again, where it's already to teach curriculum built by some of the best experts in the industry s so that we can try to get that skills to the people that are interested. We have another program called A W s educate, and this is for students to. But the idea behind this is we have 12 cracks and you can get up to 50 hours of free training that lead to A W s certification, that sort of thing. And then what's really interesting about that is all of our partners around the world that have tied into this program we manage what we call it ws educate Job board. And so if you have completed this educate program now, you can go to that job board and be linked directly with companies that want people with those skills we just helped you get. And it's a perfect match in a perfect marriage there. That one other piece real quickly that we're proud of is the aws Uh restart program. And that's where people who are unemployed, underemployed or transitioning can can go online. Self paced. We have over 500 courses they can take to try to develop those initial skills and get into the industry. And that's been very popular, too, So that those air a couple of things we're really trying to lean into >>anyone else want to react. Thio that question patterns success, best practices, new culture. >>I'd like Thio. The the wonderful thing about what you just touched on is problem solving, right, And there's some very, very good methodologies that are being taught in the universities and through programs like Hacking for Defense, which is sponsored by the National Security Innovation Network, a component of the I you where I work but the But whether you're using a lien methodologies or design school principals or any other method, the thing that's wonderful right now and not just, uh, where I work at the U. The Space force is doing this is well, but we're putting the problem out there for innovators to tackle, And so, rather than be prescriptive of the solutions that we want to procure, we want we want the best minds at all levels to be able to work on the problem. Uh, look at how they can leverage other commercial solutions infrastructure partnerships, uh, Thio to come up with a solution that we can that we can rapidly employ and scale. And if it's a dual use solution or whether it's, uh, civil military or or commercial, uh, in any of the other government solutions. Uh, that's really the best win for for the nation, because that commercial capability again allows us to scale globally and share those best practices with all of our friends and allies. People who share our values >>win win to this commercial. There's a business model potential financial benefits as well. Societal impact Preston. I want to come to you, JPL, NASA. I mean, you work in one of the most awesome places and you know, to me, you know, if you said to me, Hey, John, come working JP like I'm not smart enough to go there like I mean, like, it's a pretty It's intimidating, it might seem >>share folks out there, >>they can get there. I mean, it's you can get there if you have the right skills. I mean I'm just making that up. But, I mean, it is known to be super smart And is it attainable? So share your thoughts on this new culture because you could get the skills to get there. What's your take on all this >>s a bucket. Just missing something that really resonated with me, right? It's do it your love office. So if you put on the front engineer, the first thing you're gonna try to do is pick it apart. Be innovative, be creative and ways to solve that issue. And it has been really encouraging to me to see the ground welcome support an engagement that we've seen across our system. Engineers in space. I love space partners. A tackling the problem of cyber. Now that they know the West at risk on some of these cyber security threats that that they're facing with our space systems, they definitely want to be involved. They want to take the lead. They want to figure things out. They wanna be innovative and creative in that problem solving eso jpl We're doing a few things. Thio Raise the awareness Onda create a culture of security. Andi also create cyber advocates, cybersecurity advocates across our space engineers. We host events like hacked the lad, for example, and forgive me. Take a pause to think about the worst case scenarios that could that could result from that. But it certainly invites a culture of creative problem solving. Um, this is something that that kids really enjoy that are system engineers really enjoyed being a part off. Um, it's something that's new refreshing to them. Eso we were doing things like hosting a monthly cybersecurity advocacy group. When we talk about some of the cyber landscape of our space systems and invite our engineers into the conversation, we do outweighs programs specifically designed to to capture, um, our young folks, uh, young engineers to deceive. They would be interested and show them what this type of security has to offer by ways of data Analytic, since the engineering and those have been really, really successful identifying and bringing in new talent to address the skill gaps. >>Steve, I want to ask you about the d. O. D. You mentioned some of the commercial things. How are you guys engaging the commercial to solve the space issue? Because, um, the normalization in the economy with GPS just seeing spaces impacts everybody's lives. We we know that, um, it's been talked about. And and there's many, many examples. How are you guys the D o. D. From a security standpoint and or just from an advancement innovation standpoint, engaging with commercials, commercial entities and commercial folks? >>Well, I'll throw. I'll throw a, uh, I'll throw ah, compliment to Clint because he did such an outstanding job. The space forces already oriented, uh, towards ah, commercial where it's appropriate and extending the arms. Leveraging the half works on the Space Enterprise Consortium and other tools that allow for the entrepreneurs in the space force Thio work with their counterparts in a commercial community. And you see this with the, uh, you know, leveraging space X away to, uh, small companies who are doing extraordinary things to help build space situational awareness and, uh, s So it's it's the people who make this all happen. And what we do at at the D. O. D level, uh, work at the Office of Secretary defense level is we wanna make sure that they have the right tools to be able to do that in a way that allows these commercial companies to work with in this case of a space force or with cyber command and ways that doesn't redefine that. The nature of the company we want we want We want commercial companies to have, ah, great experience working with d o d. And we want d o d toe have the similar experience working, working with a commercial community, and and we actually work interagency projects to So you're going to see, uh, General Raymond, uh, hey, just recently signed an agreement with the NASA Esa, you're gonna see interagency collaborations on space that will include commercial capabilities as well. So when we speak as one government were not. You know, we're one voice, and that's gonna be tremendous, because if you're a commercial company on you can you can develop a capability that solves problems across the entire space enterprise on the government side. How great is that, Right. That's a scaling. Your solution, gentlemen. Let >>me pick you back on that, if you don't mind. I'm really excited about that. I mentioned new space, and Bucky talked about that too. You know, I've been flying satellites for 30 years, and there was a time where you know the U. S. Government national security. We wouldn't let anybody else look at him. Touch him. Plug into, um, anything else, right. And that probably worked at the time. >>But >>the world has changed. And more >>importantly, >>um, there is commercial technology and capability available today, and there's no way the U. S government or national security that national Intel community can afford economically >>to >>fund all that investment solely anymore. We don't have the manpower to do it anymore. So we have this perfect marriage of a burgeoning industry that has capabilities and it has re sources. And it has trained manpower. And we are seeing whether it's US Space Force, whether it's the intelligence community, whether it's NASA, we're seeing that opened up to commercial providers more than I've ever seen in my career. And I can tell you the customers I work with every day in a W s. We're building an entire ecosystem now that they understand how they can plug in and participate in that, and we're just seeing growth. But more importantly, we're seeing advanced capability at cheaper cost because of that hybrid model. So that really is exciting. >>Preston. You know you mentioned earlier supply chain. I don't think I think you didn't use the word supply chain. Maybe you did. But you know about the components. Um, you start opening things up and and your what you said baking it in to the beginning, which is well known. Uh, premise. It's complicated. So take me through again, Like how this all gonna work securely because And what's needed for skill sets because, you know, you're gonna open. You got open source software, which again, that's open. We live in a free society in the United States of America, so we can't lock everything down. You got components that are gonna be built anywhere all around the world from vendors that aren't just a certified >>or maybe >>certified. Um, it's pretty crazy. So just weigh in on this key point because I think Clint has it right. And but that's gonna be solved. What's your view on this? >>Absolutely. And I think it really, really start a top, right? And if you look back, you know, across, um in this country, particularly, you take the financial industry, for example, when when that was a burgeoning industry, what had to happen to ensure that across the board. Um, you know, your your finances were protected these way. Implemented regulations from the top, right? Yeah. And same thing with our health care industry. We implemented regulations, and I believe that's the same approach we're gonna need to take with our space systems in our space >>industry >>without being too directive or prescriptive. Instance she ating a core set of principles across the board for our manufacturers of space instruments for deployment and development of space systems on for how space data and scientific data is passed back and forth. Eso really? We're gonna need to take this. Ah, holistic approach. Thio, how we address this issue with cyber security is not gonna be easy. It's gonna be very challenging, but we need to set the guard rails for exactly what goes into our space systems, how they operate and how they communicate. >>Alright, so let's tie this back to the theme, um, Steve and Clint, because this is all about workforce gaps, opportunities. Um, Steve, you mentioned software defined. You can't do break fix in space. You can't just send a technician up in the space to fix a component. You gotta be software defined. We're talking about holistic approach, about commercial talk about business model technology with software and policy. We need people to think through, like you know. What the hell are you gonna do here, right? Do you just noticed road at the side of the road to drive on? There's no rules of engagement. So what I'm seeing is certainly software Check. If you wanna have a job for the next millennial software policy who solves two problems, what does freedom looked like in space Congestion Contention and then, obviously, business model. Can you guys comment on these three areas? Do you agree? And what specific person might be studying in grad school or undergraduate or in high school saying, Hey, I'm not a techie, but they can contribute your thoughts. I'll >>start off with, uh, speak on on behalf of the government today. I would just say that as policy goes, we need to definitely make sure that we're looking towards the future. Ah, lot of our policy was established in the past under different conditions, and, uh, and if there's anything that you cannot say today is that space is the same as it was even 10 years ago. So the so It's really important that our policy evolves and recognizes that that technology is going to enable not just a new ways of doing things, but also force us to maybe change or or get rid of obsolete policies that will inhibit our ability to innovate and grow and maintain peace with with a rapid, evolving threat. The for the for the audience today, Uh, you know, you want some job assurance, cybersecurity and space it's gonna be It's gonna be an unbelievable, uh, next, uh, few decades and I couldn't think of a more exciting for people to get into because, you know, spaces Ah, harsh environment. We're gonna have a hard time just dud being able differentiate, you know, anomalies that occur just because of the environment versus something that's being hacked. And so JPL has been doing this for years on they have Cem Cem great approaches, but but this is this is gonna be important if you put humans on the moon and you're going to sustain them there. Those life support systems are gonna be using, you know, state of the art computer technology, and which means, is also vulnerable. And so eso the consequences of us not being prepared? Uh, not just from our national security standpoint, but from our space exploration and our commercial, uh, economic growth in space over the long term all gonna be hinged on this cyber security environment. >>Clint, your thoughts on this too ill to get. >>Yeah. So I certainly agree with Bucky. But you said something a moment ago that Bucky was talking about as well. But that's the idea that you know in space, you can't just reach out and touch the satellite and do maintenance on the satellite the way you can't a car or a tank or a plane or a ship or something like that. And that is true. However, right, comma, I want to point out. You know, the satellite servicing industry is starting to develop where they're looking at robotic techniques in Cape abilities to go up in services satellite on orbit. And that's very promising off course. You got to think through the security policy that goes with that, of course. But the other thing that's really exciting is with artificial intelligence and machine learning and edge computing and database analytics and all those things that right on the cloud. You may not even need to send a robotic vehicle to a satellite, right? If you can upload and download software defined, fill in the blank right, maybe even fundamentally changing the mission package or the persona, if you will, of the satellite or the spacecraft. And that's really exciting to, ah, lot >>of >>security policy that you've gotta work through. But again, the cloud just opens up so many opportunities to continue to push the boundaries. You know, on the AWS team, the aerospace and satellite team, which is, you know, the new team that I'm leading. Now our motto is to the stars through the cloud. And there are just so many exciting opportunities right for for all those capabilities that I just mentioned to the stars through the cloud >>President, your thoughts on this? >>Yes, eso won >>a >>little bit of time talking about some of the business model implications and some of the challenges that exists there. Um, in my experience, we're still working through a bit of a language barrier of how we define risk management for our space systems. Traditionally traditionally risk management models is it is very clear what poses a risk to a flight mission. Our space mission, our space system. Um, and we're still finding ways to communicate cyber risk in the same terms that are system engineers are space engineers have traditionally understood. Um, this is a bit of a qualitative versus quantitative, a language barrier. But however adopting a risk management model that includes cybersecurity, a za way to express wish risk to miss the success, I think I think it would be a very good thing is something that that we have been focused on the J. P o as we Aziz, we look at the 34 years beyond. How do >>we >>risk that gap and not only skills but communication of cyber risk and the way that our space engineers and our project engineers and a space system managers understand >>Clinton, like Thio talk about space Force because this is the most popular new thing. It's only a couple of nine months in roughly not even a year, uh, already changing involving based on some of the reporting we've done even here at this symposium and on the Internet. Um, you know, when I was growing up, you know, I wasn't there when JFK said, you know, we're gonna get to the moon. I was born in the sixties, so, you know, when I was graduating my degree, you know, Draper Labs, Lincoln Lab, JPL, their pipeline and people wasn't like a surge of job openings. Um, so this kind of this new space new space race, you know, Kennedy also said that Torch has been passed to a new generation of Americans. So in a way that's happening right now with space force. A new generation is here is a digital generation. It's multi disciplinary generation. Could you take a minute and share, uh, for for our audience? And here at this symposium, um, the mission of Space Force and where you see it going because this truly is different. And I think anyone who's young e I mean, you know, if this was happening when I was in college would be like dropping everything. I'm in there, I think, cause there's so many areas thio jump into, um, it's >>intellectually challenging. >>It's intoxicating in some level. So can you share your thoughts? >>Yeah. Happy to do that. Of course. I I need to remind everybody that as a week ago I'm formally retired. So I'm not an official spokesman for US forces. But with that, you know, it said I did spend the last 18 months planning for it, designing and standing it up. And I'll tell you what's really exciting is you know, the commander of, uh, US Base Force General J. Raymond, who's the right leader at the right time. No question in my >>mind. But >>he said, I want to stand up the Space Force as the first fully digital service in the United States. Right? So he is trying >>to bake >>cloud baked cybersecurity, baked digital transformational processes and everything we did. And that was a guidance he gave us every day, every day. When we rolled in. He said, Remember, guys, I don't wanna be the same. I don't wanna be stale. I want new thinking, new capabilities and I want it all to be digital on. That's one of the reasons When we brought the first wave of people into the space force, we brought in space operations, right. People like me that flew satellites and launch rockets, we brought in cyber space experts, and we brought in intelligence experts. Those were the first three waves of people because of that, you know, perfect synergy between space and cyber and intel all wrapped in >>it. >>And so that was really, really smart. The other thing I'll say just about, you know, Kennedy's work. We're going to get to the moon. So here we are. Now we're going back to the Moon Project Artemus that NASA is working next man first woman on the moon by 2024 is the plan and >>then >>with designs to put a permanent presence on the moon and then lean off to march. So there was a lot to get excited about. I will tell you, as we were taking applications and looking at rounding out filling out the village in the U. S. Space Force, we were overwhelmed with the number of people that wanted, and that was a really, really good things. So they're off to a good start, and they're just gonna accomplishment major things. I know for sure. >>Preston, your thoughts on this new generation people out there were like I could get into this. This is a path. What's your what's your opinion on this? And what's your >>E could, uh, you so bold as to say >>that >>I feel like I'm a part of that new generation eso I grew up very much into space. Uh, looking at, um, listen to my, uh, folks I looked up to like Carl Sagan. Like like Neil Tyson. DeGrasse on did really feeling affinity for what What this country has done is for is a space program are focused on space exploration on bond. Through that, I got into our security, as it means from the military. And I just because I feel so fortunate that I could merge both of those worlds because of because of the generational, um, tailoring that we do thio promote space exploration and also the advent of cybersecurity expertise that is needed in this country. I feel like that. We are We are seeing a conversions of this too. I see a lot of young people really getting into space exploration. I see a lot of young people as well. Um uh, gravitating toward cybersecurity as a as a course of study. And to see those two worlds colliding and converse is something that's very near and dear to me. And again, I I feel like I'm a byproduct of that conversion, which is which, Really, Bothwell for space security in the future, >>we'll your great leader and inspiration. Certainly. Senior person as well. Congratulations, Steve. You know, young people motivational. I mean, get going. Get off the sidelines. Jump in Water is fine, Right? Come on in. What's your view on motivating the young workforce out there and anyone thinking about applying their skills on bringing something to the table? >>Well, look at the options today. You have civil space President represents you have military space. Uh, you have commercial space on and even, you know, in academia, the research, the potential as a as an aspiring cyber professional. All of you should be thinking about when we when we When? When we first invented the orbit, which eventually became the Internet, Uh, on Lee, we were, uh if all we had the insight to think Well, geez, you know whether the security implications 2030 years from now of this thing scaling on growing and I think was really good about today's era. Especially as Clint said, because we were building this space infrastructure with a cyber professionals at ground zero on dso the So the opportunity there is to look out into the future and say we're not just trying to secure independent her systems today and assure the free for all of of information for commerce. You know, the GPS signal, Uh, is Justus much in need of protection as anything else tied to our economy, But the would have fantastic mission. And you could do that. Uh, here on the ground. You could do it, uh, at a great companies like Amazon Web services. But you can also one of these states. Perhaps we go and be part of that contingency that goes and does the, uh, the se's oh job that that president has on the moon or on Mars and, uh, space will space will get boring within a generation or two because they'll just be seen as one continuum of everything we have here on Earth. And, uh, and that would be after our time. But in the meantime, is a very exciting place to be. And I know if I was in in my twenties, I wanna be, uh, jumping in with both feet into it. >>Yeah, great stuff. I mean, I think space is gonna be around for a long long time. It's super exciting and cybersecurity making it secure. And there's so many areas defeating on. Gentlemen, thank you very much for your awesome insight. Great panel. Um, great inspiration. Every one of you guys. Thank you very much for for sharing for the space and cybersecurity symposium. Appreciate it. Thank you very much. >>Thanks, John. Thank you. Thank you. Okay, >>I'm >>John for your host for the Space and Cybersecurity Symposium. Thanks for watching.

>>From around the globe. It's the queue cover >>Space and cyber security >>Symposium 2020 hosted by Cal poly. >>Hello and welcome to the space and cybersecurity symposium 2020 hosted by Cal poly and the cube I'm chilling for a, your host. We have a great session here. Space, cyber security, the department of defense perspective. We have bond Google hall, director of C four ISR directorate office of the undersecretary of defense for acquisition and sustainment for the DOD and Chris Henson, technical director space and weapons, cybersecurity solutions for the national security agency. Gentlemen, thank you for taking the time for this awesome session. Thank you, John. Thank you. So we're gonna talk about the perspective of the DOD relative to space cybersecurity, a lot, going on congestion, contention, freedom, evolution innovation. So Paul, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective, Don, thanks for the intro. Really appreciate it. First, let me give my thanks to Cal poly for a convening, the space and cybersecurity symposium this year, you know, and despite the pandemic, the organization and the content delivery spreading impressive, I really foot stomping. >>What can possibly be done with a number of these virtual platforms? This has been awesome. Thanks for the opportunity. I also want to recognize my colleague, Chris Nissen from NSA was actually assigned to our staff that LSD, but he brings both policy and technical perspective in this whole area. So I think you'll, you'll find his commentary, uh, and positions on things very refreshing or for today's seminar. Now space cyber security is a pretty interesting terminology for us all. Uh, cyber security means protecting against cyber threats and it's really more than just computers here on earth, right? Uh, space is the newest war fighting domain, and cybersecurity's perhaps even more of a challenge in this domain that and others. Uh, I'm sure it'll turn journal Thompson and major journals Shaw discuss the criticality of this new dorm space force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. >>Let me start by talking about what space means to DOD and what we're doing directly from my vantage point as part of the acquisition and sustainment arm of the Pentagon. Uh, what I want to share with you today is how the current space strategy ties into the national defense strategy and supports the department's operational objectives. As the director of CFRI SAR. I have come to understand how the integration of CFRI Sarcic. Billy is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the sec, the undersecretary for acquisition and sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts domain are to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project low Valley and custom contested environments and across all domains through an operationally integrated and resiliency for ISR infrastructure. >>We are also called debating our alliances, deepening interoperability, which is very important in a future fight and collab, collaboratively planning with those partner with us in the fight most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest war fighting domain. And while it is indeed unique, it shares many common traits with the others land, air and sea all are important to the defense of the U S in conflict. No doubt about this. They will be contested and they must be defended. One domain will not win future conflicts in a joint operation in a future fight in the future conflict. They must all succeed. I see three areas being key to a DOD strategic success in space, one, developing our whole of government approach in close partnership with the private sector and our allies to prioritizing our investments in resiliency, innovation, and adaptive operations, and third responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance your strengths, partnerships and alliances. >>Let me emphasize that space is increasingly congested and tested and demanded as essential delete Valley operational effectiveness and the security of our nation. Now the commercialization of space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, where the department and the nation. It's funny, there's a new race, a race for space. If you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force, coordinated across all domains. We call it the joint, all domain command and control. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of Jesse too is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them operationally. >>six to maintain seamless integration, adaptation, and employment of our capability. To sense signal connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance bowel space, awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings, the systems and capabilities will provide our war fighters overwhelming superiority on the battlefield environment, challenged by near peer adversaries, as well as non state actors in space. The character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more, uh, we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensor diversity, and many more. Uh, as I said before, the commercial world is pioneering high rate production of small satellites in our efforts to deploy hundreds, if not thousands of nodes space X, Darlene constellation is one example. >>Another one is Amazon's Kiper, uh, Kuyper just received FCC approval to deploy like over 3000 of these different notes. While a number of these companies continue to grow. Some have struggled. They some pointed as one web, uh, nevertheless, the appetite remains strong and DOD is taking advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small, small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding a small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is they enable a standard of practice that can be applied across all of the domains. >>This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris we'll, we'll talk more about that being the Houston expert, uh, in this area. Uh, one challenge that we can definitely start working on today is workforce development. Cybersecurity's unique as it straddles STEM and security and policy, the trade craft is different. And unfortunately I've seen estimates recently, so suggesting a workforce gap in the next several years, much like the STEM fields, uh, during the next session, I am a part of a panel with precedent, Armstrong, Cal poly, and Steve Jake's the founder of the national security space association to address workforce development. But for this panel, I'll look forward to having further dialogue surrounding space, opera security with Chris and John. Thank you, John >>Bob, thank you for that whole thing, Steven. Yes. Workforce gaps. We need the new skill space is here. Thank you very much. Chris Henson, technical director of space and weapons, cybersecurity solutions for the national security agency. Your statement, >>Thank you for having me. Uh, I'm one of several technical leaders in space at the national security agency. And I'm currently on a joint duty assignment at the office of under secretary of defense for acquisition and sustainment. I work under mr. GUMA hot in the C four ISR area, but almost 63 years ago on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet union in space. History was made in each of you can continue to write future space history in your careers. And just like in 1957, the U S isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese space agency, the European space agency, and, uh, the Canadian space agency, just to name a few. And when we tackle cybersecurity per space, we have to address, address the idea that the communications command and control, uh, and those mission datas will transverse networks owned and operated by a variety of partners, not only.go.mil.com.edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk excepted by one is shared by all and sharing cyber best practices, lessons learned, uh, data vulnerabilities, threat data, mitigation, mitigation procedures, all our valuable takeaways, uh, in expanding this space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions. Thank you. >>Thank you, Chris. Thank you, Bob. Okay. I mean open innovation, the internet, you see plenty of examples. The theme here is partners, commercial government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bonnie, we'll start with you is what do you see as the DOD his role in addressing cybersecurity in space? Uh, it's real, uh, it's a new frontier. Um, it's not going away. It's only going to get more innovative, more open, more contested. It seems like a lot to do there. So what's your role in addressing cyber security in space? >>I think our role is to be the leader in developing and only is it the strategy, but the, uh, the implementation plan is to ensure a full of cybersecurity. If you look at the national cyber cyber strategy, I think publishing 2018 calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, uh, digital safety policy advocacy, and research you here today, and those listening are fulfilling their strategy. When you, when you develop, enable use cyber hygiene products, as examples of capabilities, you're pushing the goal to fruition. When you know, what's on your network patron network backup, you're in encrypt your network, you're hardening and preventing cyber attacks. And we in government academia in the case of Cal poly civil networks and in commercial companies, we all benefit from doing that cyber security. Uh, and I think Chris will, we'll, we'll definitely back me up on this more than passwords encryption or pharma. It's truly a mindset and a culture of enabling missions to succeed in assured in a resilient fashion. >>Chris, you're taking reaction to, to the cybersecurity challenge involved here, >>That's it, it's starting really at the highest level of governments. We have, uh, you know, the, the recent security policy directive five that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as mr said, is the leadership role and that leadership, uh, blends out very well into partnership. So partnership with industry partnership with academia partnership, with, uh, other people that are exploring space. And those partnerships lend itself very naturally to sharing cybersecurity issues, topics as we come up with best practices as we come up with mitigation strategies. And as we come up with vulnerabilities and share that information, the, uh, we're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas, uh, that the DOD has to be, uh, involved in many spectrums of deploying to space. >>And that deployment involves as Mr. Guzman said, encryption authentication, knowing what's on the network, knowing the, the fabric of that network. And if nothing else, this, uh, this, uh, internet of things and work from home environment that we've, uh, partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different, uh, locations, well space will be that natural node that, uh, natural, uh, next network and mesh involvement that we'll have to protect and explore on not just from a terrestrial involvement, but all segments of it. Th the comm segment, the space vehicle and the ground portion, >>No bond. We talked about this in our other segment, um, around with the president of Cal poly, but the operating models of the space force and the DOD and getting space. It's a software defined world, right? So cybersecurity is a real big issue. Cause you have an operating model that's requiring software to power, these low hanging satellites. That's just an extension to the network. It's distributed computing, know what this is. If you understand what technology we do in space, it's no different, it's just a different environment. So it's software defined that just lends itself well to hacking. I mean, if I'm a hacker I'm going, Hey, why not just take out a satellite and crash it down or make the GPS do something different? I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server. You gotta really protect, >>Right? Because in one hand it space will carry not only, uh, uh, you know, for local national security information. Uh, but the, uh, I feel like at the economic wellbeing, the financial state of allowed a lot of countries and institutions, you know, more and more John lb, they'll be using space assets to, uh, uh, to make, uh, make, make all that happen. Right. So, and if you look at the, you talk, you mentioned the attack vectors in space, you know, it's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, you know, that the, the, the tasking that you need to do that the command, the controlling of the vehicle, the data that comes down in the ground, even when you launch the, the birds, the satellites, you know, they only need to be protected because they're all somewhat vulnerable to, uh, to hacking, uh, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, uh, uh, you know, the, the potential of, of, of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >>Gentlemen, I like you guys said to move on to this leadership role, you mentioned that you want to be a leader. I get it. The DOD is department of defense. That's a new frontier to defend war time zone. You mentioned war time opportunity potentially, but how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, um, there's security challenge. What does being a leader mean? And how does the DOD department of defense assist driving the public and private? Do you lead from a project standpoint, you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end to end architecture. It's not just cloud it's on premise. It's in devices, it's offloaded with new AI technology and Nicks and devices. It's IOT, it's all, this is all new, this is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >>Yeah, I think, uh, the one hand, you know, DOD used to lead, uh, in terms of, uh, uh, being the only source of funding for a lot of, uh, highly developmental efforts. Uh, we're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways >>Ally's commercial companies are actually legally leading the R and D uh, of a lot of different technologies. So we want to take, we certainly want to take advantage of that. So from a leadership standpoint, I think we, we, Lucia can come in, you know, by partnering a lot more with, with the commercial companies, uh, in 2022, the DOD released the defense, uh, uh, space strategy as an example that highlights the threats, the challenges and opportunities the United States has faced by, by sending a example of how we, how we, uh, how we counter, uh, the threats that are out there, not just the DOD, but, but the disability and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire state space, uh, lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations. Like I mentioned before, shaping that strategic environment and cooperating with allies, partners, and industry and other U S governmental agencies, departments, and agencies to advance the cost of space to take full advantage of what space can provide us, uh, in DOD, uh, and the nation. Chris has a domain. Now, what's your take on all that? >>That's because again, it's going to take more people, >>More diverse, potentially more security >>Halls. What's your view on it? >>Well, let's, let's look at how innovation and new technologies can help us in these areas. So, uh, and, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the, uh, the architecture, uh, where we look at a zero trust architecture, one of the NIST standards that's come about where it talks about the authentication, uh, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication Prudential, or, uh, other aspects of, uh, the, the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is, is one approach where we can show some leadership and guidance. >>Another area is in, uh, a topic that you touched on as well was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And, uh, you know, this vast array of code that's going into system nowadays, and then that frees up our human, uh, explicit talent and developers that can then look at other areas and not focus on minor bawling to Beverly fix a vulnerability. Uh, they, they can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those, those unknown, hidden lines of code that, uh, get put into a software alarm Prairie, and then pull down over and over again from system to system. So I think between, uh, an architecture leadership role and employee innovation are two areas that we can show, uh, some benefits and process improvement to this whole system. >>That's a great point, Chris, and you think about just the architectural computer architecture, you know, S you know, network attached storage is an advantage software defined there. You could have flash all flash arrays for storage. You could have multiple cores on a device and this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed all the processors all built in. Um, so there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just, just efficiencies. Um, but this brings up the whole supply chain conversation. I want to get your thoughts on this, because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts. >>Yeah. It's a serious threat and not just for, uh, the U S uh, space. So supply chain, if you will, is the supply chain. And I says, you know, writ large, I think, uh, I think it's a, it's a, it's a threat that's, that's real, we're we're seeing today. I just saw an example recently, uh, involving, uh, our, I think our launch services were, there was a, uh, a foreign, uh, threat that was those trying to get into a true through with predatory investments. Uh, so, uh, it is something that we need to, uh, be aware of it it's happening, uh, and is continuing to happen. Uh, it's an easy way to gain access, to, uh, do our IP. Uh, and, uh, so it's something that we, uh, are serious about in terms of, uh, awareness and, and countering >>Chris, your thoughts. I mean, we've see, I mean, I'm an open source guy. I was seen it when I grew up in the industry in the eighties, open source became a revolution, but with that, it enabled new tactics for, um, state sponsored attacks on it that became a domain in of itself. Um, that's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring supply chain nightmare. How do you track it all? Who's got what software and what device, where the chip come from, who made it, this is the potential is everywhere. How do you see the, these tactics, whether it's a VC firm from another country or this, that, and the other thing startup. >>Yeah. So when we see, when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip, then that microchip could be used in a cell phone or a satellite or an automobile. So all of our industries that have these companies that are being purchased, or a large born investment influx into those, you know, that could be suspect. And we, we have to be very careful with those, uh, and, and do the tracking of those, especially when those, uh, some of those parts of mechanisms are coming from off shore. And then going again, going back to, uh, the space policy directive five, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the, the quantitative of ability of knowing where those software libraries came from, where the parts came from and the tracking and delivery of that from an end to end system. >>And typically when we have a really large vendor, they can, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that. Try tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that, uh, before we employ them, we have to do some robust testing. And I don't want to say that the last line of defense, but that certainly is a mechanism for finding out, do the systems perform as they stated, uh, on a test bench or a flat set, whatever the case may be before we actually deploy it. And then we're relying on the output or the data that comes from that, that system that may have some corrupt or suspect parts in it. >>Great point, this federal grant, >>The problem with space systems is kind of, you know, is once you, once you launch the bird or the sunlight, uh, your access to it is, is diminished significantly, right? Unless you, you go up there and take it down. Uh, so, you know, kind of to Chris's point, we need to be able to test all the different parts of insurer that is performing as, as described there ass, I spent as specified, uh, with, with good knowledge that it's, uh, it's, uh, it's trustworthy. Uh, and, uh, so we that all on the ground before we, we take it up to launch it. >>It's funny. You want agility, you want speed and you want security, and you want reliability and risk management all aggressive, and it's a technical problem. It says it's a business model problem. I'd love to get real quick. Before we jump into some of the more workforce and gap issues on the personnel side, have you guys should just take a minute to explain quickly what's the federal view. If you had to kind of summarize the federal view of the DOD and the roll with it wants to take, so all the people out there on the commercial side or students out there who are, you know, wanting to jump in, what is the current modern federal view of space cybersecurity. >>Chris, why don't you take that on I'll follow up. Okay. Uh, I don't know that I can give you the federal view, but I can certainly give you the department of defense. That cybersecurity is extremely important. And as our vendors and our suppliers, uh, take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we, where we look at the vendors and how they implement an employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security that when we want to write a contract or a vendor, uh, for, for a purchase, that's going to go into a space system. We'd like to know from a third party audit capability, can that vendor, uh, protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up before it even gets put into a larger system. >>So that shows a level of the CMMC process that we've thought about and, uh, started to employ, uh, beginning in 2021 and will be further built on in, in the out years. How, how important the DOD takes that. And other parts of the government are looking at this, in fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, uh, not just in the department of defense that they're going to adopt an approach like this. Uh, so it shows the, the pluses and the benefits of a cybersecurity model that, uh, all can build on boggy reaction. Yeah, I'll just, uh, I'll just add to that, John, you, you, you, you asked earlier about, you know, how do we, uh, track, uh, commercial entities or, or people in the space and cyber security domains? Uh, I can tell you that, uh, at least my view of it, you know, space and cyber security are new, it's exciting, it's challenging a lot technical challenges there. So I think in >>Terms of attracting the right people, personnel to work those areas, uh, I think it's, it's not only intellectually challenging, uh, but it's important for, for the dependency that NASA States, uh, and it's important for, for, for economic security, uh, writ large for, for us as well. So I think, uh, in terms of a workforce and trying to get people interested in, in those domains, uh, I hope that they see the same thing we do in terms of, of the challenges and the opportunities it presents itself in the future. >>Awesome. I love your talk on intro track there falling. You mentioned, uh, the three key areas of DOD sec success, developing a government whole government approach to partnership with the private sector. I think that's critical and the allies prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology. So you can be fast, all think are all things. I all, all those things are relevant. So given that, I want to get your thoughts on the defense space strategy in 2020, the DOD released dispense defense space, strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are the, what are those things that you're watching in the defense space area? Right. >>Well, I think, I think I saw, as I said before, of course, as well, you know, uh, or, or seeing that a space will be highly contested, uh, because it's a critical element in our, in our war fighting construct, uh, Dwayne, a future conflict, I think we need to, to win space as well. So when you, when you look at our near peer adversaries, there's a lot of efforts, uh, in trying to, to, to take that advantage away from the United States. So, so the threat is real, uh, and I think it's going to continue to evolve and grow. Uh, and the more we use space, both commercial and government, I think you're going to see a lot more when these threads some AFAs itself, uh, in, in forms of cyber, cyber attacks, or even kinetic attacks in some cases as needed. Uh, so yeah, so with the, the, the threat is need growing, uh, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, uh, like we do now in, in, in all the other domains, a way to defend it. And that's what we're working on with India, with the, how do we pilot with tech, our assets in space, and how do we make sure that the data information that traverses through space assets are trust 40, um, and, uh, and, and, and free of any, uh, uh, interference >>Chris, exciting time. I'm your, if you're in technology, um, this is crossing many lines here, tech society will war time, defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels, because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >>Yeah. And I, and I think that expansion is, is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we, we think of our, our cell phones and our handheld devices and tablets, and so on that have just continued to, uh, get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems. When we think of smallsats and cube sets and the technology that's, uh, can be repurposed into, uh, a small vehicle and the cost has come down so dramatically that, you know, we, we can afford to get a rapid experiments, rapid, um, exploitations and, and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, dev sec ops, and this notion of spins and cycles and refreshing and re uh, addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's, uh, relevant and new, and the, uh, the cybersecurity and the vulnerabilities of that have to be addressed because of, and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new, new experiments and demonstrations in space and get lessons learned from them over and over again. >>Well, that brings us to the next big topic I want to spend the remainder of our time on that is workforce this next generation. If I wasn't so old, I would quit my job and I would join medially. It's so much, it's a fun, it's exciting. And it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind, adding space to it. So this is, uh, the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, a young person to person re-skilling, this is a big deal. Bong, you have thoughts on this. It's not just STEM, it's everything. >>Yeah. It's everything, you know, uh, the opportunities would have in space it's significant and tremendous. And I think, uh, if I were young, again, as you pointed out, John, uh, you know, I'm, I'm, I'm lucky that I'm in this domain in this world and I started years ago. Uh, but it continues to be exciting, uh, lots of, lots of opportunities, you know, and when you, when you look at, uh, some of the commercial space, uh, systems that are being, being put up, uh, if you look at, I mentioned Starlink before, and, and, uh, Amazon's Kuyper constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally and that sort of thing. Uh, and they're not the only ones that are out there producing capability. Uh, we're seeing a lot more commercial imagery products being developed by bike, by companies, both within the U S and, and, uh, foreign foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities, there's technical challenges, uh, galore in terms of, you know, not only the overcoming the physics of space, but being able to operate, uh, flexibly, uh, in, uh, get the most you can out of the capabilities we have, uh, uh, operating up as high as being cool. I mean, everyone looks at launch. >>She gets millions of views on live streams, the on demand, reruns get millions and millions of views. Um, it's, there's a lot of things there. Um, so Chris, what specifically could you share are things that people would work on? Um, jobs skills, what are some, what's the aperture, what's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there, >>We'll talk to the aperture, but I want to give a shout out to our space force. And I mean, their, their job is to train and equip, uh, future space and, uh, that, that space talent. And I think that's going to be a huge plus up, uh, to have, uh, uh, a space force that's dedicated to training equipping, uh, the, an acquisition and a deployment model that, uh, will benefit not just the other services, but all of our national defense and our, uh, you know, our, our strategic way of, uh, how, how this company, country, employees space, uh, altogether. So having, having a space for us, I think, as a, is a huge, uh, a huge issue. And then to get to that aperture aspect of, of what you're, what you're asking and, you know, that addresses a larger workforce. Uh, we need so many different talents in, in this area. >>Uh, we can, we can have, we can employ a variety of people, uh, from technical writers to people who write, uh, write in developed software to those who, uh, are bending metal and actually, uh, working in a hardware environment. And, uh, those that do planning and launch operations and all of those spectrums and issues of jobs, or are directly related to a workforce that can contribute to, to space. And then once that data gets to the ground and employed out to a user, whether it's a data or we're looking at, uh, from a sensor recent, uh, recent events on, uh, shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open, uh, for a variety of backgrounds. And, and those that, uh, really just want to take an opportunity, take a, take a technical degree or a degree that, uh, can apply itself to a tough problem, uh, because they certainly exist in space. And we can, we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, a white hat approach to testing and vulnerability exploration, or somebody who knows how to actually, um, make, uh, operations, uh, safer, better, uh, through space situation awareness. So there's a, there's a huge swath of opportunity for us >>Bon talk about the, um, the cyber security enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, um, which is in and of itself, a huge range of jobs, codings supply chain. We just talked about a bunch of them. There's still more connected use cases that go beyond that, that, that are enabled by it. If you think about it, and this is what the students at Cal poly and every other college and university community college, you name it, or watching videos on YouTube, anyone with a brain can jump in. If they, if they see the future, it's an all net new space force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cybersecurity systems. Your thoughts. >>Absolutely. I, you know, I was, uh, had planned on attending the, uh, uh, the cyber challenge that's Cal poly had planned in June, of course, a pandemic, uh, uh, took care of that plan. But, but I was intrigued by, by the approach that the Cal poly was taking with, with, uh, middle school and high school kids of, of, of, of exposing him to a problem set here. You have a, a satellite that came down from space, uh, and, uh, part of the challenge was to do Porensic analysis on the debris, uh, the remaining pieces of the sound like to figure out what happened. Uh, it had a, uh, a cybersecurity connotation. It was hacked. It was attacked by, by cyber threat nation, took it down. And the beauty of having these kids kind of play with, with the remaining parts of the satellite figure out what happened. >>So I was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I, I look forward to future events like that to, to get our young people intrigued and interested in, uh, in this new field of space. Now, you know, Chris was talking earlier about opportunities, the opportunity that you talk about, you know, while I would like to have people come to the government, right. To help us out. It's not, it's not just focused on government, right? There's not lots of opportunities in commercial space. I, if you will, uh, for, for a lot of talent to, uh, uh, to have, uh, to participate in. So the challenge is a man's government and the commercial sector, John, >>I mean, you get the hardcore, you know, I want to work for the DOD. I want to work for NSA. I want to work for the government. You clearly got people who want to have that kind of mission, but for the folks out there, Chris and bong that are like, I'll do I qualify it? It's like the black box of the DOD. It's like a secret thing. You got any clearance, you've got to get all these certifications. And you've got to take all kinds of tests and background checks. And, um, is it like that? And will that continue? Cause some people might say, Hey, can I even get involved? What do I do? So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved that they might not know about >>PR for NSA, there's a variety of workforce, uh, initiatives that, uh, uh, for anybody from a high school work study can take advantage of to, uh, those that would like have to have internships. And those that are in a traditional academic environment, there's, uh, several NSA schools across the country that have a academic and cyber acts, uh, sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive, uh, nature that that can be worked in and in an academia environment. So, so those are two or three examples of how somebody can break into, uh, the, uh, an intelligence organization and the, and the other agencies have those, uh, opportunities as well across the intelligence community and the, the partnership between and collaborative collaboration between private industry and the agencies and the department of defense just continue to grow over and over again. And even myself being able to take care advantage of a joint duty assignment between my home organization and the Pentagon just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of, of that partnering that's going on today. >>So there's some innovation, bong, non traditional pathways to find talent. What are out there? What are new, what are these new nontraditional ways >>I was going to add to what Chris was, was mentioning John? Yeah. Even within view and under the purview of our chief information officer, back in 2013, the deputy surfed dirty defense signed the, uh, what we call the DOD cyberspace workforce strategy, uh, into effect. And that included a program called the cyber information technology exchange program. It's an exchange program in which a, uh, you know, private sector employee and worked for the DOD in cyber security positions, uh, span across multiple mission critical areas. So this is one opportunity to learn, uh, you know, in inside the DOD what's happening as a private sector person, if you will, uh, going back to what we talked about, you know, kinda, uh, opportunities, uh, within the government for, for somebody who might be interested, uh, you know, you don't have to be super smart, Bork and space. Uh, there's a lot of like, like Chris pointed out, there's a lot of different areas that we need to have people down within people to do, uh, to conduct the mission space. So you don't have to be mathematician mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for, for any types of, of talent, any type of academic disciplines that, that, that, that they're out there. >>And I think, you know, Chris is shout out to the space force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's gonna create, uh, some activation, uh, for a younger generation, certainly, and kind of new opportunities, new problems to solve new threats to take on and, and move it on. So really super conversation space in cybersecurity, the department of defense perspective, Von and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you bong. And then Chris summarize for the folks watching, whether it's a student at Cal poly or other university or someone in industry and government, what is the department of defense perspective for space cybersecurity? >>Chris, won't go and take that on. I started, thank you. Uh, cyber security applies to much more than just the launch and download of mission data or human led exploration and the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants, cybersecurity safeguards in any economic espionage or data exfiltration or denied access to that data I E ransomware or some other, uh, attack that can cripple any business or government endeavor. Uh, no matter how small or large, if it's left in our economic backbone, uh, clearly depends on space and GPS is more than just a direction finding our banking needs that a T and timing from P and T or whether it says systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not, uh, even fighting forest fires picked up by a remote sensor. >>All those space-based assets, uh, require protection from spoofing date, uh, data denial or total asset loss. An example would be if a satellite sensitive optics were intentionally pointed at the sun and damaged, or if a command, uh, to avoid collision with another space vehicle was delayed or disrupted or a ground termination command. As we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, uh, those losses are real and can be catastrophic. So the threat to space is pervasive real and genuine, and your active work across all those platforms is a necessary and appreciated. And your work in this area is critical, uh, going forward going forward. Uh, thank you for this opportunity to speak with you and, uh, talking on this important topic. >>Thank you, Chris Henson, goodbye. >>Closing remarks. Yeah. Likewise, John, uh, again, uh, as, as Chris said, thank you for, for the opportunity to discuss this very important, uh, around space, cyber security, as well as addressing, uh, at the end there, we were talking about workforce development and the need to have, uh, people, uh, in the mix for four features. We discussed with you. We need to start that recruiting early, uh, as we're doing to address, uh, the STEM gap today, we need to apply the same thing for cybersecurity. We, we absolutely need smart, innovative people to protect both Iraq. Anomic wellbeings a nation as well as our national defense. So this is the right conversation to have at this time, John and I, again, thank you and our Cal poly hose for, or, uh, having a symposium and, and having this opportunity to have this dialogue. Thank you, >>Gentlemen. Thank you for your time and great insights. We couldn't be there in person. We're here virtual for the space and cybersecurity symposium, 2020, the Cal poly I'm Jennifer with Silicon angle and the cube, your host. Thank you for watching.

>>from around the globe. It's the Cube covering >>space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Over On Welcome to this Special virtual conference. The Space and Cybersecurity Symposium 2020 put on by Cal Poly with support from the Cube. I'm John for your host and master of ceremonies. Got a great topic today in this session. Really? The intersection of space and cybersecurity. This topic and this conversation is the cybersecurity workforce development through public and private partnerships. And we've got a great lineup. We have Jeff Armstrong's the president of California Polytechnic State University, also known as Cal Poly Jeffrey. Thanks for jumping on and Bang. Go ahead. The second director of C four s R Division. And he's joining us from the office of the Under Secretary of Defense for the acquisition Sustainment Department of Defense, D O D. And, of course, Steve Jake's executive director, founder, National Security Space Association and managing partner at Bello's. Gentlemen, thank you for joining me for this session. We got an hour conversation. Thanks for coming on. >>Thank you. >>So we got a virtual event here. We've got an hour, have a great conversation and love for you guys do? In opening statement on how you see the development through public and private partnerships around cybersecurity in space, Jeff will start with you. >>Well, thanks very much, John. It's great to be on with all of you. Uh, on behalf Cal Poly Welcome, everyone. Educating the workforce of tomorrow is our mission to Cal Poly. Whether that means traditional undergraduates, master students are increasingly mid career professionals looking toe up, skill or re skill. Our signature pedagogy is learn by doing, which means that our graduates arrive at employers ready Day one with practical skills and experience. We have long thought of ourselves is lucky to be on California's beautiful central Coast. But in recent years, as we have developed closer relationships with Vandenberg Air Force Base, hopefully the future permanent headquarters of the United States Space Command with Vandenberg and other regional partners, we have discovered that our location is even more advantages than we thought. We're just 50 miles away from Vandenberg, a little closer than u C. Santa Barbara, and the base represents the southern border of what we have come to think of as the central coast region. Cal Poly and Vandenberg Air force base have partner to support regional economic development to encourage the development of a commercial spaceport toe advocate for the space Command headquarters coming to Vandenberg and other ventures. These partnerships have been possible because because both parties stand to benefit Vandenberg by securing new streams of revenue, workforce and local supply chain and Cal Poly by helping to grow local jobs for graduates, internship opportunities for students, and research and entrepreneurship opportunities for faculty and staff. Crucially, what's good for Vandenberg Air Force Base and for Cal Poly is also good for the Central Coast and the US, creating new head of household jobs, infrastructure and opportunity. Our goal is that these new jobs bring more diversity and sustainability for the region. This regional economic development has taken on a life of its own, spawning a new nonprofit called Reach, which coordinates development efforts from Vandenberg Air Force Base in the South to camp to Camp Roberts in the North. Another factor that is facilitated our relationship with Vandenberg Air Force Base is that we have some of the same friends. For example, Northrop Grumman has has long been an important defense contractor, an important partner to Cal poly funding scholarships and facilities that have allowed us to stay current with technology in it to attract highly qualified students for whom Cal Poly's costs would otherwise be prohibitive. For almost 20 years north of grimness funded scholarships for Cal Poly students this year, their funding 64 scholarships, some directly in our College of Engineering and most through our Cal Poly Scholars program, Cal Poly Scholars, a support both incoming freshman is transfer students. These air especially important because it allows us to provide additional support and opportunities to a group of students who are mostly first generation, low income and underrepresented and who otherwise might not choose to attend Cal Poly. They also allow us to recruit from partner high schools with large populations of underrepresented minority students, including the Fortune High School in Elk Grove, which we developed a deep and lasting connection. We know that the best work is done by balanced teams that include multiple and diverse perspectives. These scholarships help us achieve that goal, and I'm sure you know Northrop Grumman was recently awarded a very large contract to modernized the U. S. I. C B M Armory with some of the work being done at Vandenberg Air Force Base, thus supporting the local economy and protecting protecting our efforts in space requires partnerships in the digital realm. How Polly is partnered with many private companies, such as AWS. Our partnerships with Amazon Web services has enabled us to train our students with next generation cloud engineering skills, in part through our jointly created digital transformation hub. Another partnership example is among Cal Poly's California Cybersecurity Institute, College of Engineering and the California National Guard. This partnership is focused on preparing a cyber ready workforce by providing faculty and students with a hands on research and learning environment, side by side with military, law enforcement professionals and cyber experts. We also have a long standing partnership with PG and E, most recently focused on workforce development and redevelopment. Many of our graduates do indeed go on to careers in aerospace and defense industry as a rough approximation. More than 4500 Cal Poly graduates list aerospace and defense as their employment sector on linked in, and it's not just our engineers and computer sciences. When I was speaking to our fellow Panelists not too long ago, >>are >>speaking to bang, we learned that Rachel sins, one of our liberal arts arts majors, is working in his office. So shout out to you, Rachel. And then finally, of course, some of our graduates sword extraordinary heights such as Commander Victor Glover, who will be heading to the International space station later this year as I close. All of which is to say that we're deeply committed the workforce, development and redevelopment that we understand the value of public private partnerships and that were eager to find new ways in which to benefit everyone from this further cooperation. So we're committed to the region, the state in the nation and our past efforts in space, cybersecurity and links to our partners at as I indicated, aerospace industry and governmental partners provides a unique position for us to move forward in the interface of space and cybersecurity. Thank you so much, John. >>President, I'm sure thank you very much for the comments and congratulations to Cal Poly for being on the forefront of innovation and really taking a unique progressive. You and wanna tip your hat to you guys over there. Thank you very much for those comments. Appreciate it. Bahng. Department of Defense. Exciting you gotta defend the nation spaces Global. Your opening statement. >>Yes, sir. Thanks, John. Appreciate that day. Thank you, everybody. I'm honored to be this panel along with President Armstrong, Cal Poly in my long longtime friend and colleague Steve Jakes of the National Security Space Association, to discuss a very important topic of cybersecurity workforce development, as President Armstrong alluded to, I'll tell you both of these organizations, Cal Poly and the N S. A have done and continue to do an exceptional job at finding talent, recruiting them in training current and future leaders and technical professionals that we vitally need for our nation's growing space programs. A swell Asare collective National security Earlier today, during Session three high, along with my colleague Chris Hansen discussed space, cyber Security and how the space domain is changing the landscape of future conflicts. I discussed the rapid emergence of commercial space with the proliferations of hundreds, if not thousands, of satellites providing a variety of services, including communications allowing for global Internet connectivity. S one example within the O. D. We continue to look at how we can leverage this opportunity. I'll tell you one of the enabling technologies eyes the use of small satellites, which are inherently cheaper and perhaps more flexible than the traditional bigger systems that we have historically used unemployed for the U. D. Certainly not lost on Me is the fact that Cal Poly Pioneer Cube SATs 2020 some years ago, and they set the standard for the use of these systems today. So they saw the valiant benefit gained way ahead of everybody else, it seems, and Cal Poly's focus on training and education is commendable. I especially impressed by the efforts of another of Steve's I colleague, current CEO Mr Bill Britain, with his high energy push to attract the next generation of innovators. Uh, earlier this year, I had planned on participating in this year's Cyber Innovation Challenge. In June works Cal Poly host California Mill and high school students and challenge them with situations to test their cyber knowledge. I tell you, I wish I had that kind of opportunity when I was a kid. Unfortunately, the pandemic change the plan. Why I truly look forward. Thio feature events such as these Thio participating. Now I want to recognize my good friend Steve Jakes, whom I've known for perhaps too long of a time here over two decades or so, who was in acknowledge space expert and personally, I truly applaud him for having the foresight of years back to form the National Security Space Association to help the entire space enterprise navigate through not only technology but Polly policy issues and challenges and paved the way for operational izing space. Space is our newest horrifying domain. That's not a secret anymore. Uh, and while it is a unique area, it shares a lot of common traits with the other domains such as land, air and sea, obviously all of strategically important to the defense of the United States. In conflict they will need to be. They will all be contested and therefore they all need to be defended. One domain alone will not win future conflicts in a joint operation. We must succeed. All to defending space is critical as critical is defending our other operational domains. Funny space is no longer the sanctuary available only to the government. Increasingly, as I discussed in the previous session, commercial space is taking the lead a lot of different areas, including R and D, A so called new space, so cyber security threat is even more demanding and even more challenging. Three US considers and federal access to and freedom to operate in space vital to advancing security, economic prosperity, prosperity and scientific knowledge of the country. That's making cyberspace an inseparable component. America's financial, social government and political life. We stood up US Space force ah, year ago or so as the newest military service is like the other services. Its mission is to organize, train and equip space forces in order to protect us and allied interest in space and to provide space capabilities to the joint force. Imagine combining that US space force with the U. S. Cyber Command to unify the direction of space and cyberspace operation strengthened U D capabilities and integrate and bolster d o d cyber experience. Now, of course, to enable all of this requires had trained and professional cadre of cyber security experts, combining a good mix of policy as well as high technical skill set much like we're seeing in stem, we need to attract more people to this growing field. Now the D. O. D. Is recognized the importance of the cybersecurity workforce, and we have implemented policies to encourage his growth Back in 2013 the deputy secretary of defense signed the D. O d cyberspace workforce strategy to create a comprehensive, well equipped cyber security team to respond to national security concerns. Now this strategy also created a program that encourages collaboration between the D. O. D and private sector employees. We call this the Cyber Information Technology Exchange program or site up. It's an exchange programs, which is very interesting, in which a private sector employees can naturally work for the D. O. D. In a cyber security position that spans across multiple mission critical areas are important to the d. O. D. A key responsibility of cybersecurity community is military leaders on the related threats and cyber security actions we need to have to defeat these threats. We talk about rapid that position, agile business processes and practices to speed up innovation. Likewise, cybersecurity must keep up with this challenge to cyber security. Needs to be right there with the challenges and changes, and this requires exceptional personnel. We need to attract talent investing the people now to grow a robust cybersecurity, workforce, streets, future. I look forward to the panel discussion, John. Thank you. >>Thank you so much bomb for those comments and you know, new challenges and new opportunities and new possibilities and free freedom Operating space. Critical. Thank you for those comments. Looking forward. Toa chatting further. Steve Jakes, executive director of N. S. S. A Europe opening statement. >>Thank you, John. And echoing bangs thanks to Cal Poly for pulling these this important event together and frankly, for allowing the National Security Space Association be a part of it. Likewise, we on behalf the association delighted and honored Thio be on this panel with President Armstrong along with my friend and colleague Bonneau Glue Mahad Something for you all to know about Bomb. He spent the 1st 20 years of his career in the Air Force doing space programs. He then went into industry for several years and then came back into government to serve. Very few people do that. So bang on behalf of the space community, we thank you for your long life long devotion to service to our nation. We really appreciate that and I also echo a bang shot out to that guy Bill Britain, who has been a long time co conspirator of ours for a long time and you're doing great work there in the cyber program at Cal Poly Bill, keep it up. But professor arms trying to keep a close eye on him. Uh, I would like to offer a little extra context to the great comments made by by President Armstrong and bahng. Uh, in our view, the timing of this conference really could not be any better. Um, we all recently reflected again on that tragic 9 11 surprise attack on our homeland. And it's an appropriate time, we think, to take pause while the percentage of you in the audience here weren't even born or babies then For the most of us, it still feels like yesterday. And moreover, a tragedy like 9 11 has taught us a lot to include to be more vigilant, always keep our collective eyes and ears open to include those quote eyes and ears from space, making sure nothing like this ever happens again. So this conference is a key aspect. Protecting our nation requires we work in a cybersecurity environment at all times. But, you know, the fascinating thing about space systems is we can't see him. No, sir, We see Space launches man there's nothing more invigorating than that. But after launch, they become invisible. So what are they really doing up there? What are they doing to enable our quality of life in the United States and in the world? Well, to illustrate, I'd like to paraphrase elements of an article in Forbes magazine by Bonds and my good friend Chuck Beans. Chuck. It's a space guy, actually had Bonds job a fuse in the Pentagon. He is now chairman and chief strategy officer at York Space Systems, and in his spare time he's chairman of the small satellites. Chuck speaks in words that everyone can understand. So I'd like to give you some of his words out of his article. Uh, they're afraid somewhat. So these are Chuck's words. Let's talk about average Joe and playing Jane. Before heading to the airport for a business trip to New York City, Joe checks the weather forecast informed by Noah's weather satellites to see what pack for the trip. He then calls an uber that space app. Everybody uses it matches riders with drivers via GPS to take into the airport, So Joe has lunch of the airport. Unbeknownst to him, his organic lunch is made with the help of precision farming made possible through optimized irrigation and fertilization, with remote spectral sensing coming from space and GPS on the plane, the pilot navigates around weather, aided by GPS and nose weather satellites. And Joe makes his meeting on time to join his New York colleagues in a video call with a key customer in Singapore made possible by telecommunication satellites. Around to his next meeting, Joe receives notice changing the location of the meeting to another to the other side of town. So he calmly tells Syria to adjust the destination, and his satellite guided Google maps redirects him to the new location. That evening, Joe watches the news broadcast via satellite. The report details a meeting among world leaders discussing the developing crisis in Syria. As it turns out, various forms of quote remotely sensed. Information collected from satellites indicate that yet another band, chemical weapon, may have been used on its own people. Before going to bed, Joe decides to call his parents and congratulate them for their wedding anniversary as they cruise across the Atlantic, made possible again by communications satellites and Joe's parents can enjoy the call without even wondering how it happened the next morning. Back home, Joe's wife, Jane, is involved in a car accident. Her vehicle skids off the road. She's knocked unconscious, but because of her satellite equipped on star system, the crash is detected immediately and first responders show up on the scene. In time, Joe receives the news books. An early trip home sends flowers to his wife as he orders another uber to the airport. Over that 24 hours, Joe and Jane used space system applications for nearly every part of their day. Imagine the consequences if at any point they were somehow denied these services, whether they be by natural causes or a foreign hostility. And each of these satellite applications used in this case were initially developed for military purposes and continue to be, but also have remarkable application on our way of life. Just many people just don't know that. So, ladies and gentlemen, now you know, thanks to chuck beans, well, the United States has a proud heritage being the world's leading space faring nation, dating back to the Eisenhower and Kennedy years. Today we have mature and robust systems operating from space, providing overhead reconnaissance to quote, wash and listen, provide missile warning, communications, positioning, navigation and timing from our GPS system. Much of what you heard in Lieutenant General J. T. Thompson earlier speech. These systems are not only integral to our national security, but also our also to our quality of life is Chuck told us. We simply no longer could live without these systems as a nation and for that matter, as a world. But over the years, adversary like adversaries like China, Russia and other countries have come to realize the value of space systems and are aggressively playing ketchup while also pursuing capabilities that will challenge our systems. As many of you know, in 2000 and seven, China demonstrated it's a set system by actually shooting down is one of its own satellites and has been aggressively developing counter space systems to disrupt hours. So in a heavily congested space environment, our systems are now being contested like never before and will continue to bay well as Bond mentioned, the United States has responded to these changing threats. In addition to adding ways to protect our system, the administration and in Congress recently created the United States Space Force and the operational you United States Space Command, the latter of which you heard President Armstrong and other Californians hope is going to be located. Vandenberg Air Force Base Combined with our intelligence community today, we have focused military and civilian leadership now in space. And that's a very, very good thing. Commence, really. On the industry side, we did create the National Security Space Association devoted solely to supporting the national security Space Enterprise. We're based here in the D C area, but we have arms and legs across the country, and we are loaded with extraordinary talent. In scores of Forman, former government executives, So S s a is joined at the hip with our government customers to serve and to support. We're busy with a multitude of activities underway ranging from a number of thought provoking policy. Papers are recurring space time Webcast supporting Congress's Space Power Caucus and other main serious efforts. Check us out at NSS. A space dot org's One of our strategic priorities in central to today's events is to actively promote and nurture the workforce development. Just like cow calling. We will work with our U. S. Government customers, industry leaders and academia to attract and recruit students to join the space world, whether in government or industry and two assistant mentoring and training as their careers. Progress on that point, we're delighted. Be delighted to be working with Cal Poly as we hopefully will undertake a new pilot program with him very soon. So students stay tuned something I can tell you Space is really cool. While our nation's satellite systems are technical and complex, our nation's government and industry work force is highly diverse, with a combination of engineers, physicists, method and mathematicians, but also with a large non technical expertise as well. Think about how government gets things thes systems designed, manufactured, launching into orbit and operating. They do this via contracts with our aerospace industry, requiring talents across the board from cost estimating cost analysis, budgeting, procurement, legal and many other support. Tasker Integral to the mission. Many thousands of people work in the space workforce tens of billions of dollars every year. This is really cool stuff, no matter what your education background, a great career to be part of. When summary as bang had mentioned Aziz, well, there is a great deal of exciting challenges ahead we will see a new renaissance in space in the years ahead, and in some cases it's already begun. Billionaires like Jeff Bezos, Elon Musk, Sir Richard Richard Branson are in the game, stimulating new ideas in business models, other private investors and start up companies. Space companies are now coming in from all angles. The exponential advancement of technology and microelectronics now allows the potential for a plethora of small SAT systems to possibly replace older satellites the size of a Greyhound bus. It's getting better by the day and central to this conference, cybersecurity is paramount to our nation's critical infrastructure in space. So once again, thanks very much, and I look forward to the further conversation. >>Steve, thank you very much. Space is cool. It's relevant. But it's important, as you pointed out, and you're awesome story about how it impacts our life every day. So I really appreciate that great story. I'm glad you took the time Thio share that you forgot the part about the drone coming over in the crime scene and, you know, mapping it out for you. But that would add that to the story later. Great stuff. My first question is let's get into the conversations because I think this is super important. President Armstrong like you to talk about some of the points that was teased out by Bang and Steve. One in particular is the comment around how military research was important in developing all these capabilities, which is impacting all of our lives. Through that story. It was the military research that has enabled a generation and generation of value for consumers. This is kind of this workforce conversation. There are opportunities now with with research and grants, and this is, ah, funding of innovation that it's highly accelerate. It's happening very quickly. Can you comment on how research and the partnerships to get that funding into the universities is critical? >>Yeah, I really appreciate that And appreciate the comments of my colleagues on it really boils down to me to partnerships, public private partnerships. You mentioned Northrop Grumman, but we have partnerships with Lockie Martin, Boeing, Raytheon Space six JPL, also member of organization called Business Higher Education Forum, which brings together university presidents and CEOs of companies. There's been focused on cybersecurity and data science, and I hope that we can spill into cybersecurity in space but those partnerships in the past have really brought a lot forward at Cal Poly Aziz mentioned we've been involved with Cube set. Uh, we've have some secure work and we want to plan to do more of that in the future. Uh, those partnerships are essential not only for getting the r and d done, but also the students, the faculty, whether masters or undergraduate, can be involved with that work. Uh, they get that real life experience, whether it's on campus or virtually now during Covic or at the location with the partner, whether it may be governmental or our industry. Uh, and then they're even better equipped, uh, to hit the ground running. And of course, we'd love to see even more of our students graduate with clearance so that they could do some of that a secure work as well. So these partnerships are absolutely critical, and it's also in the context of trying to bring the best and the brightest and all demographics of California and the US into this field, uh, to really be successful. So these partnerships are essential, and our goal is to grow them just like I know other colleagues and C. S u and the U C are planning to dio, >>you know, just as my age I've seen I grew up in the eighties, in college and during that systems generation and that the generation before me, they really kind of pioneered the space that spawned the computer revolution. I mean, you look at these key inflection points in our lives. They were really funded through these kinds of real deep research. Bond talk about that because, you know, we're living in an age of cloud. And Bezos was mentioned. Elon Musk. Sir Richard Branson. You got new ideas coming in from the outside. You have an accelerated clock now on terms of the innovation cycles, and so you got to react differently. You guys have programs to go outside >>of >>the Defense Department. How important is this? Because the workforce that air in schools and our folks re skilling are out there and you've been on both sides of the table. So share your thoughts. >>No, thanks, John. Thanks for the opportunity responded. And that's what you hit on the notes back in the eighties, R and D in space especially, was dominated by my government funding. Uh, contracts and so on. But things have changed. As Steve pointed out, A lot of these commercial entities funded by billionaires are coming out of the woodwork funding R and D. So they're taking the lead. So what we can do within the deal, the in government is truly take advantage of the work they've done on. Uh, since they're they're, you know, paving the way to new new approaches and new way of doing things. And I think we can We could certainly learn from that. And leverage off of that saves us money from an R and D standpoint while benefiting from from the product that they deliver, you know, within the O D Talking about workforce development Way have prioritized we have policies now to attract and retain talent. We need I I had the folks do some research and and looks like from a cybersecurity workforce standpoint. A recent study done, I think, last year in 2019 found that the cybersecurity workforce gap in the U. S. Is nearing half a million people, even though it is a growing industry. So the pipeline needs to be strengthened off getting people through, you know, starting young and through college, like assess a professor Armstrong indicated, because we're gonna need them to be in place. Uh, you know, in a period of about maybe a decade or so, Uh, on top of that, of course, is the continuing issue we have with the gap with with stamps students, we can't afford not to have expertise in place to support all the things we're doing within the with the not only deal with the but the commercial side as well. Thank you. >>How's the gap? Get? Get filled. I mean, this is the this is again. You got cybersecurity. I mean, with space. It's a whole another kind of surface area, if you will, in early surface area. But it is. It is an I o t. Device if you think about it. But it does have the same challenges. That's kind of current and and progressive with cybersecurity. Where's the gap Get filled, Steve Or President Armstrong? I mean, how do you solve the problem and address this gap in the workforce? What is some solutions and what approaches do we need to put in place? >>Steve, go ahead. I'll follow up. >>Okay. Thanks. I'll let you correct. May, uh, it's a really good question, and it's the way I would. The way I would approach it is to focus on it holistically and to acknowledge it up front. And it comes with our teaching, etcetera across the board and from from an industry perspective, I mean, we see it. We've gotta have secure systems with everything we do and promoting this and getting students at early ages and mentoring them and throwing internships at them. Eyes is so paramount to the whole the whole cycle, and and that's kind of and it really takes focused attention. And we continue to use the word focus from an NSS, a perspective. We know the challenges that are out there. There are such talented people in the workforce on the government side, but not nearly enough of them. And likewise on industry side. We could use Maura's well, but when you get down to it, you know we can connect dots. You know that the the aspect That's a Professor Armstrong talked about earlier toe where you continue to work partnerships as much as you possibly can. We hope to be a part of that. That network at that ecosystem the will of taking common objectives and working together to kind of make these things happen and to bring the power not just of one or two companies, but our our entire membership to help out >>President >>Trump. Yeah, I would. I would also add it again. It's back to partnerships that I talked about earlier. One of our partners is high schools and schools fortune Margaret Fortune, who worked in a couple of, uh, administrations in California across party lines and education. Their fifth graders all visit Cal Poly and visit our learned by doing lab and you, you've got to get students interested in stem at a early age. We also need the partnerships, the scholarships, the financial aid so the students can graduate with minimal to no debt to really hit the ground running. And that's exacerbated and really stress. Now, with this covert induced recession, California supports higher education at a higher rate than most states in the nation. But that is that has dropped this year or reasons. We all understand, uh, due to Kobe, and so our partnerships, our creativity on making sure that we help those that need the most help financially uh, that's really key, because the gaps air huge eyes. My colleagues indicated, you know, half of half a million jobs and you need to look at the the students that are in the pipeline. We've got to enhance that. Uh, it's the in the placement rates are amazing. Once the students get to a place like Cal Poly or some of our other amazing CSU and UC campuses, uh, placement rates are like 94%. >>Many of our >>engineers, they have jobs lined up a year before they graduate. So it's just gonna take key partnerships working together. Uh, and that continued partnership with government, local, of course, our state of CSU on partners like we have here today, both Stephen Bang So partnerships the thing >>e could add, you know, the collaboration with universities one that we, uh, put a lot of emphasis, and it may not be well known fact, but as an example of national security agencies, uh, National Centers of Academic Excellence in Cyber, the Fast works with over 270 colleges and universities across the United States to educate its 45 future cyber first responders as an example, so that Zatz vibrant and healthy and something that we ought Teoh Teik, banjo >>off. Well, I got the brain trust here on this topic. I want to get your thoughts on this one point. I'd like to define what is a public private partnership because the theme that's coming out of the symposium is the script has been flipped. It's a modern error. Things air accelerated get you got security. So you get all these things kind of happen is a modern approach and you're seeing a digital transformation play out all over the world in business. Andi in the public sector. So >>what is what >>is a modern public private partnership? What does it look like today? Because people are learning differently, Covert has pointed out, which was that we're seeing right now. How people the progressions of knowledge and learning truth. It's all changing. How do you guys view the modern version of public private partnership and some some examples and improve points? Can you can you guys share that? We'll start with the Professor Armstrong. >>Yeah. A zai indicated earlier. We've had on guy could give other examples, but Northup Grumman, uh, they helped us with cyber lab. Many years ago. That is maintained, uh, directly the software, the connection outside its its own unit so that students can learn the hack, they can learn to penetrate defenses, and I know that that has already had some considerations of space. But that's a benefit to both parties. So a good public private partnership has benefits to both entities. Uh, in the common factor for universities with a lot of these partnerships is the is the talent, the talent that is, that is needed, what we've been working on for years of the, you know, that undergraduate or master's or PhD programs. But now it's also spilling into Skilling and re Skilling. As you know, Jobs. Uh, you know, folks were in jobs today that didn't exist two years, three years, five years ago. But it also spills into other aspects that can expand even mawr. We're very fortunate. We have land, there's opportunities. We have one tech part project. We're expanding our tech park. I think we'll see opportunities for that, and it'll it'll be adjusted thio, due to the virtual world that we're all learning more and more about it, which we were in before Cove it. But I also think that that person to person is going to be important. Um, I wanna make sure that I'm driving across the bridge. Or or that that satellites being launched by the engineer that's had at least some in person training, uh, to do that and that experience, especially as a first time freshman coming on a campus, getting that experience expanding and as adult. And we're gonna need those public private partnerships in order to continue to fund those at a level that is at the excellence we need for these stem and engineering fields. >>It's interesting People in technology can work together in these partnerships in a new way. Bank Steve Reaction Thio the modern version of what a public, successful private partnership looks like. >>If I could jump in John, I think, you know, historically, Dodi's has have had, ah, high bar thio, uh, to overcome, if you will, in terms of getting rapid pulling in your company. This is the fault, if you will and not rely heavily in are the usual suspects of vendors and like and I think the deal is done a good job over the last couple of years off trying to reduce the burden on working with us. You know, the Air Force. I think they're pioneering this idea around pitch days where companies come in, do a two hour pitch and immediately notified of a wooden award without having to wait a long time. Thio get feedback on on the quality of the product and so on. So I think we're trying to do our best. Thio strengthen that partnership with companies outside the main group of people that we typically use. >>Steve, any reaction? Comment to add? >>Yeah, I would add a couple of these air. Very excellent thoughts. Uh, it zits about taking a little gamble by coming out of your comfort zone. You know, the world that Bond and Bond lives in and I used to live in in the past has been quite structured. It's really about we know what the threat is. We need to go fix it, will design it says we go make it happen, we'll fly it. Um, life is so much more complicated than that. And so it's it's really to me. I mean, you take you take an example of the pitch days of bond talks about I think I think taking a gamble by attempting to just do a lot of pilot programs, uh, work the trust factor between government folks and the industry folks in academia. Because we are all in this together in a lot of ways, for example. I mean, we just sent the paper to the White House of their requests about, you know, what would we do from a workforce development perspective? And we hope Thio embellish on this over time once the the initiative matures. But we have a piece of it, for example, is the thing we call clear for success getting back Thio Uh, President Armstrong's comments at the collegiate level. You know, high, high, high quality folks are in high demand. So why don't we put together a program they grabbed kids in their their underclass years identifies folks that are interested in doing something like this. Get them scholarships. Um, um, I have a job waiting for them that their contract ID for before they graduate, and when they graduate, they walk with S C I clearance. We believe that could be done so, and that's an example of ways in which the public private partnerships can happen to where you now have a talented kid ready to go on Day one. We think those kind of things can happen. It just gets back down to being focused on specific initiatives, give them giving them a chance and run as many pilot programs as you can like these days. >>That's a great point, E. President. >>I just want to jump in and echo both the bank and Steve's comments. But Steve, that you know your point of, you know, our graduates. We consider them ready Day one. Well, they need to be ready Day one and ready to go secure. We totally support that and and love to follow up offline with you on that. That's that's exciting, uh, and needed very much needed mawr of it. Some of it's happening, but way certainly have been thinking a lot about that and making some plans, >>and that's a great example of good Segway. My next question. This kind of reimagining sees work flows, eyes kind of breaking down the old the old way and bringing in kind of a new way accelerated all kind of new things. There are creative ways to address this workforce issue, and this is the next topic. How can we employ new creative solutions? Because, let's face it, you know, it's not the days of get your engineering degree and and go interview for a job and then get slotted in and get the intern. You know the programs you get you particularly through the system. This is this is multiple disciplines. Cybersecurity points at that. You could be smart and math and have, ah, degree in anthropology and even the best cyber talents on the planet. So this is a new new world. What are some creative approaches that >>you know, we're >>in the workforce >>is quite good, John. One of the things I think that za challenge to us is you know, we got somehow we got me working for with the government, sexy, right? The part of the challenge we have is attracting the right right level of skill sets and personnel. But, you know, we're competing oftentimes with the commercial side, the gaming industry as examples of a big deal. And those are the same talents. We need to support a lot of programs we have in the U. D. So somehow we have to do a better job to Steve's point off, making the work within the U. D within the government something that they would be interested early on. So I tracked him early. I kind of talked about Cal Poly's, uh, challenge program that they were gonna have in June inviting high school kid. We're excited about the whole idea of space and cyber security, and so on those air something. So I think we have to do it. Continue to do what were the course the next several years. >>Awesome. Any other creative approaches that you guys see working or might be on idea, or just a kind of stoked the ideation out their internship. So obviously internships are known, but like there's gotta be new ways. >>I think you can take what Steve was talking about earlier getting students in high school, uh, and aligning them sometimes. Uh, that intern first internship, not just between the freshman sophomore year, but before they inter cal poly per se. And they're they're involved s So I think that's, uh, absolutely key. Getting them involved many other ways. Um, we have an example of of up Skilling a redeveloped work redevelopment here in the Central Coast. PG and e Diablo nuclear plant as going to decommission in around 2020 24. And so we have a ongoing partnership toe work on reposition those employees for for the future. So that's, you know, engineering and beyond. Uh, but think about that just in the manner that you were talking about. So the up skilling and re Skilling uh, on I think that's where you know, we were talking about that Purdue University. Other California universities have been dealing with online programs before cove it and now with co vid uh, so many more faculty or were pushed into that area. There's going to be much more going and talk about workforce development and up Skilling and Re Skilling The amount of training and education of our faculty across the country, uh, in in virtual, uh, and delivery has been huge. So there's always a silver linings in the cloud. >>I want to get your guys thoughts on one final question as we in the in the segment. And we've seen on the commercial side with cloud computing on these highly accelerated environments where you know, SAS business model subscription. That's on the business side. But >>one of The >>things that's clear in this trend is technology, and people work together and technology augments the people components. So I'd love to get your thoughts as we look at the world now we're living in co vid um, Cal Poly. You guys have remote learning Right now. It's a infancy. It's a whole new disruption, if you will, but also an opportunity to enable new ways to collaborate, Right? So if you look at people and technology, can you guys share your view and vision on how communities can be developed? How these digital technologies and people can work together faster to get to the truth or make a discovery higher to build the workforce? These air opportunities? How do you guys view this new digital transformation? >>Well, I think there's there's a huge opportunities and just what we're doing with this symposium. We're filming this on one day, and it's going to stream live, and then the three of us, the four of us, can participate and chat with participants while it's going on. That's amazing. And I appreciate you, John, you bringing that to this this symposium, I think there's more and more that we can do from a Cal poly perspective with our pedagogy. So you know, linked to learn by doing in person will always be important to us. But we see virtual. We see partnerships like this can expand and enhance our ability and minimize the in person time, decrease the time to degree enhanced graduation rate, eliminate opportunity gaps or students that don't have the same advantages. S so I think the technological aspect of this is tremendous. Then on the up Skilling and Re Skilling, where employees air all over, they can be reached virtually then maybe they come to a location or really advanced technology allows them to get hands on virtually, or they come to that location and get it in a hybrid format. Eso I'm I'm very excited about the future and what we can do, and it's gonna be different with every university with every partnership. It's one. Size does not fit all. >>It's so many possibilities. Bond. I could almost imagine a social network that has a verified, you know, secure clearance. I can jump in, have a little cloak of secrecy and collaborate with the d o. D. Possibly in the future. But >>these are the >>kind of kind of crazy ideas that are needed. Are your thoughts on this whole digital transformation cross policy? >>I think technology is gonna be revolutionary here, John. You know, we're focusing lately on what we call digital engineering to quicken the pace off, delivering capability to warfighter. As an example, I think a I machine language all that's gonna have a major play and how we operate in the future. We're embracing five G technologies writing ability Thio zero latency or I o t More automation off the supply chain. That sort of thing, I think, uh, the future ahead of us is is very encouraging. Thing is gonna do a lot for for national defense on certainly the security of the country. >>Steve, your final thoughts. Space systems are systems, and they're connected to other systems that are connected to people. Your thoughts on this digital transformation opportunity >>Such a great question in such a fun, great challenge ahead of us. Um echoing are my colleague's sentiments. I would add to it. You know, a lot of this has I think we should do some focusing on campaigning so that people can feel comfortable to include the Congress to do things a little bit differently. Um, you know, we're not attuned to doing things fast. Uh, but the dramatic You know, the way technology is just going like crazy right now. I think it ties back Thio hoping Thio, convince some of our senior leaders on what I call both sides of the Potomac River that it's worth taking these gamble. We do need to take some of these things very way. And I'm very confident, confident and excited and comfortable. They're just gonna be a great time ahead and all for the better. >>You know, e talk about D. C. Because I'm not a lawyer, and I'm not a political person, but I always say less lawyers, more techies in Congress and Senate. So I was getting job when I say that. Sorry. Presidential. Go ahead. >>Yeah, I know. Just one other point. Uh, and and Steve's alluded to this in bonded as well. I mean, we've got to be less risk averse in these partnerships. That doesn't mean reckless, but we have to be less risk averse. And I would also I have a zoo. You talk about technology. I have to reflect on something that happened in, uh, you both talked a bit about Bill Britton and his impact on Cal Poly and what we're doing. But we were faced a few years ago of replacing a traditional data a data warehouse, data storage data center, and we partner with a W S. And thank goodness we had that in progress on it enhanced our bandwidth on our campus before Cove. It hit on with this partnership with the digital transformation hub. So there is a great example where, uh, we we had that going. That's not something we could have started. Oh, covitz hit. Let's flip that switch. And so we have to be proactive on. We also have thio not be risk averse and do some things differently. Eyes that that is really salvage the experience for for students. Right now, as things are flowing, well, we only have about 12% of our courses in person. Uh, those essential courses, uh, and just grateful for those partnerships that have talked about today. >>Yeah, and it's a shining example of how being agile, continuous operations, these air themes that expand into space and the next workforce needs to be built. Gentlemen, thank you. very much for sharing your insights. I know. Bang, You're gonna go into the defense side of space and your other sessions. Thank you, gentlemen, for your time for great session. Appreciate it. >>Thank you. Thank you. >>Thank you. >>Thank you. Thank you. Thank you all. >>I'm John Furry with the Cube here in Palo Alto, California Covering and hosting with Cal Poly The Space and Cybersecurity Symposium 2020. Thanks for watching.

>> Voiceover: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020 hosted by Cal Poly. >> Hello everyone? Welcome to the Space and Cybersecurity Symposium 2020 hosted by Cal Poly and theCUBE. I'm John Furrier, your host. We have a great session here. Space cybersecurity, the Department of Defense perspective. We have Bong Gumahad, Director of C4ISR, Directorate Office of the Under Secretary of Defense for Acquisition and Sustainment for the DOD. And Chris Henson, Technical Director Space and Weapons, Cybersecurity Solutions for the National Security Agency. Gentlemen, thank you for taking the time for this awesome session. >> Thank you, John. >> Thank you. >> So we're going to talk about the perspective of the DOD relative to space cybersecurity. A lot going on, congestion, contention, freedom, evolution, innovation. So Bong, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective. >> John, thanks for the intro, really appreciate it. First, let me give my thanks to Cal Poly for convening the Space and Cybersecurity Symposium this year. And despite the pandemic, the organization and the content delivery is pretty impressive. I really foot stomping what can possibly be done with a number of these virtual platforms. This has been awesome, thanks for the opportunity. I also want to recognize my colleague, Chris Henson from NSA, who is actually assigned to our staff at the OUSD, but he brings both policy and technical perspective in this whole area. So I think you'll find his commentary and positions on things very refreshing for today's seminar. Now space cybersecurity is a pretty interesting terminology for us all. Cybersecurity means protecting against cyber threats. And it's really more than just computers here on earth. Space is the newest war fighting domain and cybersecurity is perhaps even more of a challenge in this domain than others. I'm sure Lieutenant General Thompson and Major John Shaw discuss the criticality of this new Space Force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. Let me start by talking about what space means to DOD and what we're doing directly from my advantage point as part of the Acquisition and Sustainment arm of the Pentagon. Well, what I want to share with you today is how the current space strategy ties into the National Defense strategy and supports the department's operational objectives. As the director of C4ISR, I have come to understand how the integration of C4ISR capability is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the Under Secretary for Acquisition and Sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project lethality in contested environments and across all domains through an operationally integrated and resiliency 4ISR infrastructure. We are also cultivating our alliances, deepening interoperability, which is very important in a future fight and collaboratively planning with those who partner with us in the fight. Most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest fighting domain. And while it is indeed unique, it shares many common traits with the others, land, air and sea. All are important to the defense of the US. In conflict, no doubt about this, they will be contested and they must be defended. One domain will not win future conflicts and in a joint operation in a future fight and the future conflict they must all succeed. I see three areas being key toward DOD strategic success in space. One, developing our whole of government approach in close partnership with the private sector and our allies. Two, prioritizing our investments in resiliency, innovation and adaptive operations. And third, responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance US strengths, partnerships and alliances. Let me emphasize that space is increasingly congested and tested and demanded as essential to lethality operational effectiveness and the security of our nation. Now the commercialization space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, for the department and the nation. It's funny, there's a new race, a race for space, if you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force coordinated across all domains. We call it the Joint All Domain Command and Control, JADC2. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of JADC2 is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them. Operationally, JADC2 seeks to maintain seamless integration, adaptation, and employment of our capability to sense signal, connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance space awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings in these systems and capabilities will provide our war fighters overwhelming superiority on the battlefield in an environment challenged by near peer adversaries, as well as non state actors. In space, the character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensory diversity, and many more. As I said before, the commercial world is pioneering high rate production of small satellites in their efforts to deploy hundreds, if not thousands of nodes. SpaceX Starlink Constellation is one example. Another one is Amazon's Kuiper. Kuiper just received FCC approval to deploy like over 3000 of these different nodes. While a number of these companies continue to grow, some have struggled. Case in point is OneWeb. Nevertheless, the appetite remains strong and DOD is taken advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding our small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is to enable a standard of practice that can be applied across all of the domains. This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris will talk more about that, being that he's the expert in this area. One challenge that we can definitely start working on today is workforce development. Cybersecurity is unique as it straddles STEM and security and policy. The trade craft is different. And unfortunately I've seen estimates recently suggesting a workforce gap in the next several years, much like the STEM fields. During the next session, I am a part of a panel with president Armstrong at Cal Poly, and Steve Jacques, the founder of the National Security Space Association to address workforce development. But for this panel, I'll look forward to having this dialogue surrounding space cybersecurity with Chris and John. Thank you, John. >> Bong, thank you for that opening statement and yes, workforce gaps, we need the new skill space is here. Thank you very much. Chris Henson's Technical Director of Space and Weapons, Cybersecurity Solutions for the National Security Agency. Your opening statement. >> Thank you for having me. I'm one of several technical leaders in space at the National Security Agency. And I'm currently on a joint duty assignment at the office of Under Secretary of Defense for Acquisition and Sustainment. I work under Mr. Gumahad in the C4ISR area. But almost 63 years ago, on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet Union and space history was made. And each of you can continue to write future space history in your careers. And just like in 1957, the US isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese Space Agency, the European Space Agency and the Canadian Space Agency, just to name a few. And when we tackle cybersecurity per space, we have to address the idea that the communications command and control and those mission datas will transverse networks owned and operated by a variety of partners, not only .go, .mil, .com, .edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk accepted by one is shared by all. And sharing cyber best practices, lessons learned, data vulnerabilities, threat data mitigation procedures, all our valuable takeaways in expanding the space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions, thank you. >> Thank you, Chris, thank you, Bong. Okay, I mean, open innovation, the internet, you see plenty of examples. The theme here is partners, commercial, government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bong, we'll start with you is what do you see as the DOD's role in addressing cybersecurity in space? It's real, it's a new frontier. It's not going away, it's only going to get more innovative, more open, more contested. It seems like a lot to do there. What's your role in addressing cyber security in space? >> I think our role is to be the leader in developing not only is it the strategy, but the implementation plans to ensure a full of cybersecurity. If you look at the National Cyber Strategy, I think published in 2018, calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, digital safety policy, advocacy, and research. You here today, and those listening are fulfilling their strategy. When you develop, enable use cyber hygiene products as examples and capabilities, you're pushing the goal to provision. When you know what's on your network, patch network, backup and encrypt your network, you're hardening and preventing cyber attacks. And we in government academia, in the case of Cal Poly, civil networks and in commercial companies, we all benefit from doing that. Cyber security, and I think Chris will definitely back me up on this, more than passwords encryption or firewall. It's truly a mindset and a culture of enabling mission to succeed in assured and in a resilient fashion. >> Chris, you're take and reaction to the cybersecurity challenge involved here. >> It's starting really at the highest level of governments. We have, you know, the recent security policy Directive-5 that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as Mr. Gumahad said, is the leadership role. And that leadership blends out very well into partnership. So partnership with industry, partnership with academia, partnership with other people that are exploring space. And those partnerships blend itself very naturally to sharing cybersecurity issues, topics, as we come up with best practices, as we come up with mitigation strategies, and as we come up with vulnerabilities and share that information. We're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas. That the DOD has to be involved in many spectrums of deploying to space. And that deployment involves, as Mr. Gumahad said, encryption, authentication, knowing what's on the network, knowing the fabric of that network, and if nothing else, this internet of things and work from home environment that we've partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different locations. Well, space will be that natural node, that natural next network in measure involvement that we'll have to protect and explore on, not just from a terrestrial involvement, but all segments of it. The calm segment, the space vehicle, and the ground portion. >> You know, Bong, we talked about this in our other segment around with the president of Cal Poly, but the operating models of the Space Force and of the DOD and getting to space. But it's a software defined world, right? So cybersecurity is a real big issue 'cause you have an operating model that's requiring software to power these low hanging satellites. That's just an extension to the network. It's distributed computing, we know what this is. If you understand what technology we do in space, it's no different, it's just a different environment so it's software defined. That just lends itself well to hacking. I mean, if I'm a hacker I'm going, "Hey, why not just take out a satellite and crash it down "or make the GPS do something different?" I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server, you got to really protect. >> Right, because in one hand it space will carry not only focal national security information, but if you look at the economic wellbeing, the financial state of a lot of countries, institutions, you know, more and more John, they'll be using space assets to make all that happen. So, and if you look at the, you mentioned the attack vectors in space. It's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, the tasking that you need to do, the command and controlling of the vehicle, the data that comes down in the ground, even when you launch the birds, the satellites, you know, they all need to be protected because they're all somewhat vulnerable to hacking, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, the potential of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >> Gentlemen, like you guys said to move on to this leadership role, Bong, you mentioned it. You want to be a leader, I get it, the DOD is Department of Defense, it's a new frontier to defend war time zone, you mentioned war time opportunity potentially. But how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, there's security challenge. What does being a leader mean? And how does the DOD, Department of Defense assist driving the public and private? Do you lead from a project standpoint? Do you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end-to-end architecture. It's not just cloud it's on premise, it's in devices, it's offloaded with new AI technology and nix and devices. It's IOT, it's all this and all new. This is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >> Yeah, I think the one hand, you know, DOD used to lead in terms of being the only source of funding for a lot of highly developmental efforts. We're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways allies commercial companies are actually leading the R&D of a lot different technology. So we certainly want to take advantage of that. So from a leadership standpoint, I think leadership can come in, by partnering a lot more with the commercial companies. In 2020, the DOD released the Defense Space Strategy, as an example, that highlights the threats, the challenges and opportunities the United States has faced by setting example of how we counter the threats that are out there, not just the DOD, but the civilian and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire to state space. Our lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations, like I mentioned before. Shaping that strategic environment and cooperating with allies, partners in industry and other US governmental departments and agencies to advance the cost of space. To take full advantage of what space can provide us in DOD and the nation. >> Chris as a domain now, what's your take on all of this? Because again, it's going to take more people, more diverse, potentially more security hauls. What's your view on this? >> Well, let's look at how innovation and new technologies can help us in these areas. So, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the architecture. Where we look at a zero trust architecture, one of the NIST standards that's come about. Where it talks about the authentication, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication credential, or other aspects of the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is one approach where we can show some leadership and guidance. Another area is in a topic that you touched on as well, was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And you know, this vast array of software code that's going into system nowadays. And then that frees up our human exquisite talent and developers that can then look at other areas and not focus on minor vulnerability, fix a vulnerability. They can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those unknown hidden lines of code that get put into a software library and then pull down over and over again from system to system. So I think between an architecture leadership role and employee innovation are two areas that we can show some benefits and process improvement to this whole system. >> That's a great point, Chris, and you think about just the architectural computer architecture network attached storage is an advantage software defined there. You could have flash, all flash arrays for storage. You could have multiple cores on a device. And this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed, all the processors all built in. So there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just efficiencies. But this brings up the whole supply chain conversation. I want to get your thoughts on this because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts? >> Yeah, it's a serious threat and not just for the US space supply chain, if you will, is the supply chain you access with large, I think it's a threat that's this real we're seeing today. I just saw an example recently involving, I think our law and services, where there was a foreign threat that was trying to get into a troop through with predatory investments. So it is something that we need to be aware of, it's happening and will continue to happen. It's an easy way to gain access to do our IP. And so it's something that we are serious about in terms of awareness and countering. >> Chris, your thoughts? I mean, I'm an open source guy. We've seen it when I grew up in the industry in the '80s open source became a revolution. But with that, it enabled new tactics for state sponsored attacks and that became a domain in of itself. That's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring a supply chain nightmare. How do you track it all? (chuckles) Who's got what software and what device... Where the chip from? Who made it? Just the potential is everywhere. How do you see these tactics? Whether it's a VC firm from another country or this, that, and the other thing, startup, big company-- >> Yeah, so when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip. Then that microchip could be used in a cell phone or a satellite or an automobile. So all of our are industries that have these companies that are being purchased or a large born investment influx into those, they can be suspect. And we have to be very careful with those and do the tracking of those, especially when those, some of those parts and mechanisms are coming from off shore. And again, going back to the Space Policy Directive-5, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the quantitative ability of knowing where those software libraries came from, where the parts came from, and the tracking and delivery of that from an end-to-end system. And typically when we have a really large vendor, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that before we employ them, we have to do some robust testing. And I don't want to say that's the last line of defense, but that certainly is a mechanism for finding out do the systems perform as they stated on a test bench or a flat set, whatever the case may be, before we actually deploy it. And then we're relying on the output or the data that comes from that system that may have some corrupt or suspect parts in it. >> Great point, this federal views-- >> The problem with space systems is kind of, you know, is once you launch the bird or the satellite, your access to it is diminished significantly, right? Unless you go up there and take it down. So, you know, kind of to Chris's point, we need to be able to test all the different parts to ensure that is performing as described there, as specified with good knowledge that it's trustworthy. And so we do that all on the ground before we take it up to launch it. >> It's funny, you want agility, you want speed, and you security, and you want reliability, and risk management. All aggressive, and it's a technical problem, it's a business model problem. Love to get real quick before we jump into some of the more workforce and gap issues on the personnel side, have you guys to just take a minute to explain quickly what's the federal view? If you had to kind of summarize the federal view of the DOD and the role with it wants to take, so all the people out there on the commercial side or students out there who are wanting to jump in, what is the current modern federal view of space cybersecurity? >> Chris, why don't you take that on and I'll follow up. >> Okay, I don't know that I can give you the federal view, but I can certainly give you the Department of Defense that cyber security is extremely important. And as our vendors and our suppliers take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we look at the vendors and how they implement and employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security. That when we want to write a contract or a vendor for a purchase that's going to go into a space system, we'd like to know from a third party audit capability, can that vendor protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up, before it even gets put into a larger system. So that shows a level of the CMMC process that we've thought about and started to employ beginning in 2021 and will be further built on in the out years. How important the DOD takes that. And other parts of the government are looking at this. In fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, not just in the Department of Defense, that they're going to adopt an approach like this. So it shows the pluses and the benefits of a cybersecurity model that all can build on. >> Bong, your reaction. >> Yeah, I'll just add to that. John, you asked earlier about, you know, how do we track commercial entities or people into the space and cyber security domains? I can tell you that at least my view of it, space and cybersecurity are new. It's exciting, it's challenging, a lot of technical challenges there. So I think in terms of attracting the right people and personnel to work those areas, I think it's not only intellectually challenging, but it's important for the defensing and near States. And it's important for economic security at large for us as well. So I think in terms of a workforce and trying to get people interested in those domains, I hope that they see the same thing we do in terms of the challenges and the opportunities it presents itself in the future. >> Awesome, I loved your talk on intro track there. Bong, you mentioned the three key areas of DOD success, developing a whole government approach to partnership with the private sector. I think that's critical, and the allies. Prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology seem to be fast. I think all those things are relevant. So given that, I want to get your thoughts on the Defense Space Strategy. In 2020, the DOD released dispense Defense Space Strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are those things that you're watching in the defense space area? >> Right, well, I think as I said before, Chris as well, you know, we're seeing that space will be highly contested because it's a critical element in our war fighting construct. To win our future conflict, I think we need to win space as well. So when you look at our near peer adversaries, there's a lot of efforts in China to take that advantage away from the United States. So the threat is real, and I think it's going to continue to evolve and grow. And the more we use space, for both commercial and government, I think you're going to see a lot more when these threats, some AFAs itself in forms of cyber attacks, or even kinetic attacks in some cases as needed. So, yeah, so the threat is indeed growing, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, like we do now in all the other domains, a way to defend it. And that's what we're working on within DOD. How do we protect our assets in space, and how do we make sure that the data information that traverses through space assets are trustworthy and free of any interference. >> Chris, exciting time, I'm mean, if you're in technology, this is crossing many lines here, tech, society, war time defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >> Yeah and I think that expansion is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we think of our cell phones and our handheld devices and tablets and so on that have just continued to get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems, when we think of smallsats and cube sets and the technology that's can be repurposed into a small vehicle, and the cost has come down so dramatically that, you know, we can afford to get rapid experiments, rapid exploitations and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, DevSecOps, and this notion of spins and cycles and refreshing and re-addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's relevant and new. And the cybersecurity and the vulnerabilities of that have to be addressed and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new experiments and demonstrations in space and get lessons learned from them over and over again. >> Well, that brings us to the next big topic. I want to spend the remainder of our time on, that is workforce, this next generation. If I wasn't so old, I would quit my job and I would join immediately. It's so much fun, it's exciting, and it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind adding space to it. So this is the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, young person to person re-skilling, this is a big deal. Bong, you have thoughts on this? It's not just STEM, it's everything. >> Yeah, it's everything, you know, the opportunities we have in space, it's significant and tremendous. And I think if I were young again, as you pointed out, John, you know, I'm lucky that I'm in this domain in this world and I started years ago, but it continues to be exciting, lots of opportunities, you know. When you look at some of the commercial space systems are being put up, if you look at, I mentioned Starlink before and Amazon's Kuiper Constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally, and that sort of thing. And they're not the only ones that are out there producing capability. We're seeing a lot more commercial imagery products being developed by companies, both within the US and foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities. There's technical challenges galore in terms of not only the overcoming the physics of space, but being able to operate flexibly and get the most you can out of the capabilities we have operating up in space. >> Besides being cool, I mean, everyone looks at launch of space gets millions of views on live streams, the On-Demand reruns get millions and millions of views. There's a lot of things there. So, Chris, what specifically could you share are things that people would work on? Jobs, skills, what's the aperture? What's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there? >> I'll talk to the aperture, but I want to give a shout out to our Space Force. And I mean, their job is to train and equip each air space and that space talent. And I think that's going to be a huge plus up to have a Space Force that's dedicated to training, equipping, an acquisition and a deployment model that will benefit not just the other services, but all of our national defense and our strategic way of how this company, country employees space altogether. So having a Space Force, I think, is a huge issue. And then to get to that aperture aspect of what you're asking and that addresses a larger workforce, we need so many different talents in this area. We can employ a variety of people from technical writers, to people who write and develop software to those who bending metal and actually working in a hardware environment. And those that do planning and launch operations and all of those spectrums and issues of jobs, are directly related to a workforce that can contribute to space. And then once that data gets to the ground and employed out to a user, whether it's a weather data, or we're looking at from a sensor, recent events on shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open for a variety of backgrounds. And those that really just want to take an opportunity, take a technical degree, or a degree that can apply itself to a tough problem, because they certainly exist in space. And we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, white hat approach to testing and vulnerability exploration. Or somebody who knows how to actually make operations safer, better through space situation awareness. So there's a huge swath of opportunity for us. >> Bong, talk about the cybersecurity enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, which is in and of itself, a huge range of jobs, codings, supply chain, we just talked about a bunch of them. There's still more connected use cases that go beyond that, that are enabled by it, if you think about it. And this is what the students at Cal Poly and every other college and university, community college, you name it, who are watching videos on YouTube. Anyone with a brain can jump in if they see the future. It's all net news. Space Force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cyber secure systems. Your thoughts? >> Absolutely, I was had planned on attending the Cyber Challenge that's Cal Poly had planned in June. Of course, the pandemic took care of that plan, but I was intrigued by the approach that the Cal Poly was taking with middle school and high school kids of exposing him to a problem set. Here, you have a satellite that came down from space and part of the challenge was to do forensic analysis on the debris, the remaining pieces of the satellite to figure out what happened. It had a cyber cybersecurity connotation. It was hacked, it was attacked by cyber threat nation, took it down. And the beauty of having these kids kind of play with the remaining parts of the satellite, figure out what happened. So it was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I look forward to future events like that, to get our young people intrigued and interested in this new field of space. Now, Chris was talking earlier about opportunities, there're opportunities that you talk about, while I would like to have people come to the government, to help us out, it's not just focused on government. There's lots of opportunities in commercial space, if you will, for a lot of talent to participate in. So the challenge is immense, both government and the commercial sector, John. >> I mean, you get the hardcore, you know, I want to work for the DOD, I want to work for NSA, I want to work for the government. You clearly got people who want to have that kind of mission. But for the folks out there, Chris and Bong that are like, "Do I qualify?" It's like the black box of the DOD, it's like a secret thing, you got to get clearance, you've got to get all these certifications. And you got to take all kinds of tests and background checks. Is it like that, and will that continue? 'Cause some people might say, "Hey, can I even get involved? "What do I do?" So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved in that they might not know about? >> For NSA, there's a variety of workforce initiatives that for anybody from a high school work study can take advantage of to those that would like have to have internships. And those that are in a traditional academic environment, there's several NSA schools across the country that have academic and cyber sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive nature that can be worked in and in an academia environment. So those are two or three examples of how somebody can break into an intelligence organization. And the other agencies have those opportunities as well across the intelligence community. And the partnership between and collaboration between private industry and the agencies and the Department of Defense just continue to grow over and over again. And even myself being able to take advantage of a joint duty assignment between my home organization and the Pentagon, just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of that partnering that's going on today. >> So there's some innovation. Bong, nontraditional pathways to find talent, what are out there, what are new? What are these new nontraditional ways? >> I was going to add to what Chris was mentioning, John. Even within DOD and under the purview of our chief information officer, back in 2013, the Deputy Secretary Defense signed the, what we call the DOD Cyberspace Workforce Strategy into effect. And that included a program called the Cyber Information Technology Exchange Program. It's an exchange program in which a private sector employee can work for the DOD in cyber security positions span across multiple mission critical areas. So this is one opportunity to learn, inside the DOD what's happening as a private sector person, if you will. Going back to what we talked about, kind of opportunities within the government for somebody who might be interested. You don't have to be super smart, dork in space, there's a lot of, like Chris pointed out, there's a lot of different areas that we need to have people, talented people to conduct the mission in space. So you don't have to be mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for any types of talent, any type of academic disciplines that are out there. >> All right, thank you, and Chris's shout out to the Space Force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's going to create some activation for a younger generation, certainly, and kind of new opportunities, new problems to solve, new threats to take on, and move it on. So really super conversation, space and cybersecurity, the Department of Defense perspective. Bong and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you Bong and then Chris. Summarize for the folks watching, whether it's a student at Cal Poly or other university or someone in industry and government, what is the Department of Defense perspective for space cybersecurity? >> Chris, want to go and take that on? >> That's right, thank you. Cybersecurity applies to much more than just the launch and download of mission data or human led exploration. And the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants cyber security safeguards. In any economic espionage, your data exfiltration, or denied access to that data, i.e. ransomware or some other attack, that can cripple any business or government endeavor, no matter how small or large, if it's left unprotected. And our economic backbone clearly depends on space. And GPS is more than just a direction finding, banking needs that T and timing from P and T or whether it just systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not. Even fighting forest fires picked up by a remote sensor. All those space space assets require protection from spoofing date, data denial, or total asset loss. An example would be if a satellite sensitive optics or intentionally pointed at the sun and damaged, or if a command to avoid collision with another space vehicle was delayed or disrupted or a ground termination command as we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, those losses are real and can be catastrophic. So the threat to space is pervasive, real and genuine, and your active work across all those platforms is necessary and appreciated. And your work in this area is critical going forward. Thank you for this opportunity to speak with you and talking on this important topic. Thank you, Chris Henson. Bong Gumahad, closing remarks? >> Yeah, likewise, John, again, as Chris said, thank you for the opportunity to discuss this very important around space cybersecurity, as well as addressing at the end there, we were talking about workforce development and the need to have people in the mix for future. (indistinct) We discussed, we need to start that recruiting early as we're doing to address the STEM gap today, we need to apply the same thing for cybersecurity. We absolutely need smart and innovative people to protect both our economic wellbeing as a nation, as well as our national defense. So this is the right conversation to have at this time, John. And again, thank you and Cal Poly host for having this symposium and having this opportunity to have this dialogue. Thank you. >> Gentlemen, thank you for your time and great insights. We couldn't be there in person. We're here virtual for the Space and Cybersecurity Symposium 2020, the Cal Poly. I'm John Furrier with SiliconANGLE and theCUBE, your host. Thank you for watching. (soft music)

>> Announcer: From around the globe, it's The Cube, covering Space and Cybersecurity Symposium 2020, hosted by Cal Poly. >> Everyone, welcome to this special virtual conference, the Space and Cybersecurity Symposium 2020 put on by Cal Poly with support from The Cube. I'm John Furey, your host and master of ceremony's got a great topic today, and this session is really the intersection of space and cybersecurity. This topic, and this conversation is a cybersecurity workforce development through public and private partnerships. And we've got a great lineup, we've Jeff Armstrong is the president of California Polytechnic State University, also known as Cal Poly. Jeffrey, thanks for jumping on and Bong Gumahad. The second, Director of C4ISR Division, and he's joining us from the Office of the Under Secretary of Defense for the acquisition and sustainment of Department of Defense, DOD, and of course Steve Jacques is Executive Director, founder National Security Space Association, and managing partner at Velos. Gentlemen, thank you for joining me for this session, we've got an hour of conversation, thanks for coming on. >> Thank you. >> So we've got a virtual event here, we've got an hour to have a great conversation, I'd love for you guys to do an opening statement on how you see the development through public and private partnerships around cybersecurity and space, Jeff, we'll start with you. >> Well, thanks very much, John, it's great to be on with all of you. On behalf of Cal Poly, welcome everyone. Educating the workforce of tomorrow is our mission at Cal Poly, whether that means traditional undergraduates, masters students, or increasingly, mid-career professionals looking to upskill or re-skill. Our signature pedagogy is learn by doing, which means that our graduates arrive at employers, ready day one with practical skills and experience. We have long thought of ourselves as lucky to be on California's beautiful central coast, but in recent years, as we've developed closer relationships with Vandenberg Air Force Base, hopefully the future permanent headquarters of the United States Space Command with Vandenberg and other regional partners, We have discovered that our location is even more advantageous than we thought. We're just 50 miles away from Vandenberg, a little closer than UC Santa Barbara and the base represents the Southern border of what we have come to think of as the central coast region. Cal Poly and Vandenberg Air Force Base have partnered to support regional economic development, to encourage the development of a commercial space port, to advocate for the space command headquarters coming to Vandenberg and other ventures. These partnerships have been possible because both parties stand to benefit. Vandenberg, by securing new streams of revenue, workforce, and local supply chain and Cal Poly by helping to grow local jobs for graduates, internship opportunities for students and research and entrepreneurship opportunities for faculty and staff. Crucially, what's good for Vandenberg Air Force Base and for Cal Poly is also good for the central coast and the U.S., creating new head of household jobs, infrastructure, and opportunity. Our goal is that these new jobs bring more diversity and sustainability for the region. This regional economic development has taken on a life of its own, spawning a new nonprofit called REACH which coordinates development efforts from Vandenberg Air Force Base in the South to Camp Roberts in the North. Another factor that has facilitated our relationship with Vandenberg Air Force Base is that we have some of the same friends. For example, Northrop Grumman has as long been an important defense contractor and an important partner to Cal Poly, funding scholarships in facilities that have allowed us to stay current with technology in it to attract highly qualified students for whom Cal Poly's costs would otherwise be prohibitive. For almost 20 years, Northrop Grumman has funded scholarships for Cal Poly students. This year, they're funding 64 scholarships, some directly in our College of Engineering and most through our Cal Poly Scholars Program. Cal Poly scholars support both incoming freshmen and transfer students. These are especially important, 'cause it allows us to provide additional support and opportunities to a group of students who are mostly first generation, low income and underrepresented, and who otherwise might not choose to attend Cal Poly. They also allow us to recruit from partner high schools with large populations of underrepresented minority students, including the Fortune High School in Elk Grove, which we developed a deep and lasting connection. We know that the best work is done by balanced teams that include multiple and diverse perspectives. These scholarships help us achieve that goal and I'm sure you know Northrop Grumman was recently awarded a very large contract to modernize the U.S. ICBM armory with some of the work being done at Vandenberg Air Force Base, thus supporting the local economy and protecting... Protecting our efforts in space requires partnerships in the digital realm. Cal Poly has partnered with many private companies such as AWS. Our partnerships with Amazon Web Services has enabled us to train our students with next generation cloud engineering skills, in part, through our jointly created digital transformation hub. Another partnership example is among Cal Poly's California Cyber Security Institute College of Engineering and the California National Guard. This partnership is focused on preparing a cyber-ready workforce, by providing faculty and students with a hands on research and learning environment side by side with military law enforcement professionals and cyber experts. We also have a long standing partnership with PG&E most recently focused on workforce development and redevelopment. Many of our graduates do indeed go on to careers in aerospace and defense industry. As a rough approximation, more than 4,500 Cal Poly graduates list aerospace or defense as their employment sector on LinkedIn. And it's not just our engineers in computer sciences. When I was speaking to our fellow panelists not too long ago, speaking to Bong, we learned that Rachel Sims, one of our liberal arts majors is working in his office, so shout out to you, Rachel. And then finally, of course, some of our graduates soar to extraordinary heights, such as Commander Victor Glover, who will be heading to the International Space Station later this year. As I close, all of which is to say that we're deeply committed to workforce development and redevelopment, that we understand the value of public-private partnerships, and that we're eager to find new ways in which to benefit everyone from this further cooperation. So we're committed to the region, the state and the nation, in our past efforts in space, cyber security and links to our partners at, as I indicated, aerospace industry and governmental partners provides a unique position for us to move forward in the interface of space and cyber security. Thank you so much, John. >> President Armstrong, thank you very much for the comments and congratulations to Cal Poly for being on the forefront of innovation and really taking a unique, progressive view and want to tip a hat to you guys over there, thank you very much for those comments, appreciate it. Bong, Department of Defense. Exciting, you've got to defend the nation, space is global, your opening statement. >> Yes, sir, thanks John, appreciate that. Thank you everybody, I'm honored to be in this panel along with Preston Armstrong of Cal Poly and my longtime friend and colleague Steve Jacques of the National Security Space Association to discuss a very important topic of a cybersecurity workforce development as President Armstrong alluded to. I'll tell you, both of these organizations, Cal Poly and the NSSA have done and continue to do an exceptional job at finding talent, recruiting them and training current and future leaders and technical professionals that we vitally need for our nation's growing space programs, as well as our collective national security. Earlier today, during session three, I, along with my colleague, Chris Samson discussed space cyber security and how the space domain is changing the landscape of future conflicts. I discussed the rapid emergence of commercial space with the proliferation of hundreds, if not thousands of satellites, providing a variety of services including communications, allowing for global internet connectivity, as one example. Within DOD, we continued to look at how we can leverage this opportunity. I'll tell you, one of the enabling technologies, is the use of small satellites, which are inherently cheaper and perhaps more flexible than the traditional bigger systems that we have historically used and employed for DOD. Certainly not lost on me is the fact that Cal Poly pioneered CubeSats 28, 27 years ago, and they set a standard for the use of these systems today. So they saw the value and benefit gained way ahead of everybody else it seems. And Cal Poly's focus on training and education is commendable. I'm especially impressed by the efforts of another of Steven's colleague, the current CIO, Mr. Bill Britton, with his high energy push to attract the next generation of innovators. Earlier this year, I had planned on participating in this year's cyber innovation challenge in June, Oops, Cal Poly hosts California middle, and high school students, and challenge them with situations to test their cyber knowledge. I tell you, I wish I had that kind of opportunity when I was a kid, unfortunately, the pandemic changed the plan, but I truly look forward to future events such as these, to participate in. Now, I want to recognize my good friend, Steve Jacques, whom I've known for perhaps too long of a time here, over two decades or so, who was an acknowledged space expert and personally I've truly applaud him for having the foresight a few years back to form the National Security Space Association to help the entire space enterprise navigate through not only technology, but policy issues and challenges and paved the way for operationalizing space. Space, it certainly was fortifying domain, it's not a secret anymore, and while it is a unique area, it shares a lot of common traits with the other domains, such as land, air, and sea, obviously all are strategically important to the defense of the United States. In conflict, they will all be contested and therefore they all need to be defended. One domain alone will not win future conflicts, and in a joint operation, we must succeed in all. So defending space is critical, as critical as to defending our other operational domains. Funny, space is the only sanctuary available only to the government. Increasingly as I discussed in a previous session, commercial space is taking the lead in a lot of different areas, including R&D, the so-called new space. So cybersecurity threat is even more demanding and even more challenging. The U.S. considers and futhered access to and freedom to operate in space, vital to advancing security, economic prosperity and scientific knowledge of the country, thus making cyberspace an inseparable component of America's financial, social government and political life. We stood up US Space Force a year ago or so as the newest military service. Like the other services, its mission is to organize, train and equip space forces in order to protect U.S. and allied interest in space and to provide spacecape builders who joined force. Imagine combining that U.S. Space Force with the U.S. Cyber Command to unify the direction of the space and cyberspace operation, strengthen DOD capabilities and integrate and bolster a DOD cyber experience. Now, of course, to enable all of this requires a trained and professional cadre of cyber security experts, combining a good mix of policy, as well as a high technical skill set. Much like we're seeing in STEM, we need to attract more people to this growing field. Now, the DOD has recognized the importance to the cybersecurity workforce, and we have implemented policies to encourage its growth. Back in 2013, the Deputy Secretary of Defense signed a DOD Cyberspace Workforce Strategy, to create a comprehensive, well-equipped cyber security team to respond to national security concerns. Now, this strategy also created a program that encourages collaboration between the DOD and private sector employees. We call this the Cyber Information Technology Exchange program, or CITE that it's an exchange program, which is very interesting in which a private sector employee can naturally work for the DOD in a cyber security position that spans across multiple mission critical areas, important to the DOD. A key responsibility of the cyber security community is military leaders, unrelated threats, and the cyber security actions we need to have to defeat these threats. We talked about rapid acquisition, agile business processes and practices to speed up innovation, likewise, cyber security must keep up with this challenge. So cyber security needs to be right there with the challenges and changes, and this requires exceptional personnel. We need to attract talent, invest in the people now to grow a robust cybersecurity workforce for the future. I look forward to the panel discussion, John, thank you. >> Thank you so much, Bob for those comments and, you know, new challenges or new opportunities and new possibilities and freedom to operate in space is critical, thank you for those comments, looking forward to chatting further. Steve Jacques, Executive Director of NSSA, you're up, opening statement. >> Thank you, John and echoing Bongs, thanks to Cal Poly for pulling this important event together and frankly, for allowing the National Security Space Association be a part of it. Likewise, on behalf of the association, I'm delighted and honored to be on this panel of President Armstrong, along with my friend and colleague, Bong Gumahad. Something for you all to know about Bong, he spent the first 20 years of his career in the Air Force doing space programs. He then went into industry for several years and then came back into government to serve, very few people do that. So Bong, on behalf of the space community, we thank you for your lifelong devotion to service to our nation, we really appreciate that. And I also echo a Bong shout out to that guy, Bill Britton. who's been a long time co-conspirator of ours for a long time, and you're doing great work there in the cyber program at Cal Poly, Bill, keep it up. But Professor Armstrong, keep a close eye on him. (laughter) I would like to offer a little extra context to the great comments made by President Armstrong and Bong. And in our view, the timing of this conference really could not be any better. We all recently reflected again on that tragic 9/11 surprise attack on our homeland and it's an appropriate time we think to take pause. While a percentage of you in the audience here weren't even born or were babies then, for the most of us, it still feels like yesterday. And moreover, a tragedy like 9/11 has taught us a lot to include, to be more vigilant, always keep our collective eyes and ears open, to include those "eyes and ears from space," making sure nothing like this ever happens again. So this conference is a key aspect, protecting our nation requires we work in a cyber secure environment at all times. But you know, the fascinating thing about space systems is we can't see 'em. Now sure, we see space launches, man, there's nothing more invigorating than that. But after launch they become invisible, so what are they really doing up there? What are they doing to enable our quality of life in the United States and in the world? Well to illustrate, I'd like to paraphrase elements of an article in Forbes magazine, by Bongs and my good friend, Chuck Beames, Chuck is a space guy, actually had Bongs job a few years in the Pentagon. He's now Chairman and Chief Strategy Officer at York Space Systems and in his spare time, he's Chairman of the Small Satellites. Chuck speaks in words that everyone can understand, so I'd like to give you some of his words out of his article, paraphrase somewhat, so these are Chuck's words. "Let's talk about average Joe and plain Jane. "Before heading to the airport for a business trip "to New York city, Joe checks the weather forecast, "informed by NOAA's weather satellites, "to see what to pack for the trip. "He then calls an Uber, that space app everybody uses, "it matches riders with drivers via GPS, "to take him to the airport. "So Joe has launched in the airport, "unbeknownst to him, his organic lunch is made "with the help of precision farming "made possible to optimize the irrigation and fertilization "with remote spectral sensing coming from space and GPS. "On the plane, the pilot navigates around weather, "aided by GPS and NOAA's weather satellites "and Joe makes his meeting on time "to join his New York colleagues in a video call "with a key customer in Singapore, "made possible by telecommunication satellites. "En route to his next meeting, "Joe receives notice changing the location of the meeting "to the other side of town. "So he calmly tells Siri to adjust the destination "and his satellite-guided Google maps redirect him "to the new location. "That evening, Joe watches the news broadcast via satellite, "report details of meeting among world leaders, "discussing the developing crisis in Syria. "As it turns out various forms of "'remotely sensed information' collected from satellites "indicate that yet another banned chemical weapon "may have been used on its own people. "Before going to bed, Joe decides to call his parents "and congratulate them for their wedding anniversary "as they cruise across the Atlantic, "made possible again by communication satellites "and Joe's parents can enjoy the call "without even wondering how it happened. "The next morning back home, "Joe's wife, Jane is involved in a car accident. "Her vehicle skids off the road, she's knocked unconscious, "but because of her satellite equipped OnStar system, "the crash is detected immediately, "and first responders show up on the scene in time. "Joe receives the news, books an early trip home, "sends flowers to his wife "as he orders another Uber to the airport. "Over that 24 hours, "Joe and Jane used space system applications "for nearly every part of their day. "Imagine the consequences if at any point "they were somehow denied these services, "whether they be by natural causes or a foreign hostility. "In each of these satellite applications used in this case, "were initially developed for military purposes "and continued to be, but also have remarkable application "on our way of life, just many people just don't know that." So ladies and gentlemen, now you know, thanks to Chuck Beames. Well, the United States has a proud heritage of being the world's leading space-faring nation. Dating back to the Eisenhower and Kennedy years, today, we have mature and robust systems operating from space, providing overhead reconnaissance to "watch and listen," provide missile warning, communications, positioning, navigation, and timing from our GPS system, much of which you heard in Lieutenant General JT Thomson's earlier speech. These systems are not only integral to our national security, but also to our quality of life. As Chuck told us, we simply no longer can live without these systems as a nation and for that matter, as a world. But over the years, adversaries like China, Russia and other countries have come to realize the value of space systems and are aggressively playing catch up while also pursuing capabilities that will challenge our systems. As many of you know, in 2007, China demonstrated its ASAT system by actually shooting down one of its own satellites and has been aggressively developing counterspace systems to disrupt ours. So in a heavily congested space environment, our systems are now being contested like never before and will continue to be. Well, as a Bong mentioned, the United States have responded to these changing threats. In addition to adding ways to protect our system, the administration and the Congress recently created the United States Space Force and the operational United States Space Command, the latter of which you heard President Armstrong and other Californians hope is going to be located at Vandenberg Air Force Base. Combined with our intelligence community, today we have focused military and civilian leadership now in space, and that's a very, very good thing. Commensurately on the industry side, we did create the National Security Space Association, devoted solely to supporting the National Security Space Enterprise. We're based here in the DC area, but we have arms and legs across the country and we are loaded with extraordinary talent in scores of former government executives. So NSSA is joined at the hip with our government customers to serve and to support. We're busy with a multitude of activities underway, ranging from a number of thought-provoking policy papers, our recurring spacetime webcasts, supporting Congress's space power caucus, and other main serious efforts. Check us out at nssaspace.org. One of our strategic priorities and central to today's events is to actively promote and nurture the workforce development, just like Cal-Poly. We will work with our U.S. government customers, industry leaders, and academia to attract and recruit students to join the space world, whether in government or industry, and to assist in mentoring and training as their careers progress. On that point, we're delighted to be working with Cal Poly as we hopefully will undertake a new pilot program with them very soon. So students stay tuned, something I can tell you, space is really cool. While our nation's satellite systems are technical and complex, our nation's government and industry workforce is highly diverse, with a combination of engineers, physicists and mathematicians, but also with a large non-technical expertise as well. Think about how government gets these systems designed, manufactured, launching into orbit and operating. They do this via contracts with our aerospace industry, requiring talents across the board, from cost estimating, cost analysis, budgeting, procurement, legal, and many other support tasks that are integral to the mission. Many thousands of people work in the space workforce, tens of billions of dollars every year. This is really cool stuff and no matter what your education background, a great career to be part of. In summary, as Bong had mentioned as well, there's a great deal of exciting challenges ahead. We will see a new renaissance in space in the years ahead and in some cases it's already begun. Billionaires like Jeff Bezos, Elon Musk, Sir Richard Branson, are in the game, stimulating new ideas and business models. Other private investors and startup companies, space companies are now coming in from all angles. The exponential advancement of technology and micro electronics now allows a potential for a plethora of small sat systems to possibly replace older satellites, the size of a Greyhound bus. It's getting better by the day and central to this conference, cybersecurity is paramount to our nation's critical infrastructure in space. So once again, thanks very much and I look forward to the further conversation. >> Steve, thank you very much. Space is cool, it's relevant, but it's important as you pointed out in your awesome story about how it impacts our life every day so I really appreciate that great story I'm glad you took the time to share that. You forgot the part about the drone coming over in the crime scene and, you know, mapping it out for you, but we'll add that to the story later, great stuff. My first question is, let's get into the conversations, because I think this is super important. President Armstrong, I'd like you to talk about some of the points that was teased out by Bong and Steve. One in particular is the comment around how military research was important in developing all these capabilities, which is impacting all of our lives through that story. It was the military research that has enabled a generation and generation of value for consumers. This is kind of this workforce conversation, there are opportunities now with research and grants, and this is a funding of innovation that is highly accelerated, it's happening very quickly. Can you comment on how research and the partnerships to get that funding into the universities is critical? >> Yeah, I really appreciate that and appreciate the comments of my colleagues. And it really boils down to me to partnerships, public-private partnerships, you have mentioned Northrop Grumman, but we have partnerships with Lockheed Martin, Boeing, Raytheon, Space X, JPL, also member of an organization called Business Higher Education Forum, which brings together university presidents and CEOs of companies. There's been focused on cybersecurity and data science and I hope that we can spill into cybersecurity and space. But those partnerships in the past have really brought a lot forward. At Cal Poly, as mentioned, we've been involved with CubeSat, we've have some secure work, and we want to plan to do more of that in the future. Those partnerships are essential, not only for getting the R&D done, but also the students, the faculty, whether they're master's or undergraduate can be involved with that work, they get that real life experience, whether it's on campus or virtually now during COVID or at the location with the partner, whether it may be governmental or industry, and then they're even better equipped to hit the ground running. And of course we'd love to see more of our students graduate with clearance so that they could do some of that secure work as well. So these partnerships are absolutely critical and it's also in the context of trying to bring the best and the brightest in all demographics of California and the U.S. into this field, to really be successful. So these partnerships are essential and our goal is to grow them just like I know our other colleagues in the CSU and the UC are planning to do. >> You know, just as my age I've seen, I grew up in the eighties and in college and they're in that system's generation and the generation before me, they really kind of pioneered the space that spawned the computer revolution. I mean, you look at these key inflection points in our lives, they were really funded through these kinds of real deep research. Bong, talk about that because, you know, we're living in an age of cloud and Bezos was mentioned, Elon Musk, Sir Richard Branson, you got new ideas coming in from the outside, you have an accelerated clock now in terms of the innovation cycles and so you got to react differently, you guys have programs to go outside of the defense department, how important is this because the workforce that are in schools and/or folks re-skilling are out there and you've been on both sides of the table, so share your thoughts. >> No, thanks Johnny, thanks for the opportunity to respond to, and that's what, you know, you hit on the nose back in the 80's, R&D and space especially was dominated by government funding, contracts and so on, but things have changed as Steve pointed out, allow these commercial entities funded by billionaires are coming out of the woodwork, funding R&D so they're taking the lead, so what we can do within the DOD in government is truly take advantage of the work they've done. And since they're, you know, paving the way to new approaches and new way of doing things and I think we can certainly learn from that and leverage off of that, saves us money from an R&D standpoint, while benefiting from the product that they deliver. You know, within DOD, talking about workforce development, you know, we have prioritized and we have policies now to attract and retain the talent we need. I had the folks do some research and it looks like from a cybersecurity or workforce standpoint, a recent study done, I think last year in 2019, found that the cyber security workforce gap in U.S. is nearing half a million people, even though it is a growing industry. So the pipeline needs to be strengthened, getting people through, you know, starting young and through college, like Professor Armstrong indicated because we're going to need them to be in place, you know, in a period of about maybe a decade or so. On top of that, of course, is the continuing issue we have with the gap with STEM students. We can't afford not have expertise in place to support all the things we're doing within DoD, not only DoD but the commercial side as well, thank you. >> How's the gap get filled, I mean, this is, again, you've got cybersecurity, I mean, with space it's a whole other kind of surface area if you will, it's not really surface area, but it is an IOT device if you think about it, but it does have the same challenges, that's kind of current and progressive with cybersecurity. Where's the gap get filled, Steve or President Armstrong, I mean, how do you solve the problem and address this gap in the workforce? What are some solutions and what approaches do we need to put in place? >> Steve, go ahead., I'll follow up. >> Okay, thanks, I'll let you correct me. (laughter) It's a really good question, and the way I would approach it is to focus on it holistically and to acknowledge it upfront and it comes with our teaching, et cetera, across the board. And from an industry perspective, I mean, we see it, we've got to have secure systems in everything we do, and promoting this and getting students at early ages and mentoring them and throwing internships at them is so paramount to the whole cycle. And that's kind of, it really takes a focused attention and we continue to use the word focus from an NSSA perspective. We know the challenges that are out there. There are such talented people in the workforce, on the government side, but not nearly enough of them and likewise on the industry side, we could use more as well, but when you get down to it, you know, we can connect dots, you know, the aspects that Professor Armstrong talked about earlier to where you continue to work partnerships as much as you possibly can. We hope to be a part of that network, that ecosystem if you will, of taking common objectives and working together to kind of make these things happen and to bring the power, not just of one or two companies, but of our entire membership thereabout. >> President Armstrong-- >> Yeah, I would also add it again, it's back to the partnerships that I talked about earlier, one of our partners is high schools and schools Fortune, Margaret Fortune, who worked in a couple of administrations in California across party lines and education, their fifth graders all visit Cal Poly, and visit our learned-by-doing lab. And you've got to get students interested in STEM at an early age. We also need the partnerships, the scholarships, the financial aid, so the students can graduate with minimal to no debt to really hit the ground running and that's exacerbated and really stress now with this COVID induced recession. California supports higher education at a higher rate than most states in the nation, but that has brought this year for reasons all understand due to COVID. And so our partnerships, our creativity, and making sure that we help those that need the most help financially, that's really key because the gaps are huge. As my colleagues indicated, you know, half a million jobs and I need you to look at the students that are in the pipeline, we've got to enhance that. And the placement rates are amazing once the students get to a place like Cal Poly or some of our other amazing CSU and UC campuses, placement rates are like 94%. Many of our engineers, they have jobs lined up a year before they graduate. So it's just going to take a key partnerships working together and that continued partnership with government local, of course, our state, the CSU, and partners like we have here today, both Steve and Bong so partnerships is the thing. >> You know, that's a great point-- >> I could add, >> Okay go ahead. >> All right, you know, the collaboration with universities is one that we put on lot of emphasis here, and it may not be well known fact, but just an example of national security, the AUC is a national centers of academic excellence in cyber defense works with over 270 colleges and universities across the United States to educate and certify future cyber first responders as an example. So that's vibrant and healthy and something that we ought to take advantage of. >> Well, I got the brain trust here on this topic. I want to get your thoughts on this one point, 'cause I'd like to define, you know, what is a public-private partnership because the theme that's coming out of the symposium is the script has been flipped, it's a modern era, things are accelerated, you've got security, so you've got all of these things kind of happenning it's a modern approach and you're seeing a digital transformation play out all over the world in business and in the public sector. So what is a modern public-private partnership and what does it look like today because people are learning differently. COVID has pointed out, which is that we're seeing right now, how people, the progressions of knowledge and learning, truth, it's all changing. How do you guys view the modern version of public-private partnership and some examples and some proof points, can you guys share that? We'll start with you, Professor Armstrong. >> Yeah, as I indicated earlier, we've had, and I could give other examples, but Northrop Grumman, they helped us with a cyber lab many years ago that is maintained directly, the software, the connection outside it's its own unit so the students can learn to hack, they can learn to penetrate defenses and I know that that has already had some considerations of space, but that's a benefit to both parties. So a good public-private partnership has benefits to both entities and the common factor for universities with a lot of these partnerships is the talent. The talent that is needed, what we've been working on for years of, you know, the undergraduate or master's or PhD programs, but now it's also spilling into upskilling and reskilling, as jobs, you know, folks who are in jobs today that didn't exist two years, three years, five years ago, but it also spills into other aspects that can expand even more. We're very fortunate we have land, there's opportunities, we have ONE Tech project. We are expanding our tech park, I think we'll see opportunities for that and it'll be adjusted due to the virtual world that we're all learning more and more about it, which we were in before COVID. But I also think that that person to person is going to be important, I want to make sure that I'm driving across a bridge or that satellite's being launched by the engineer that's had at least some in person training to do that in that experience, especially as a first time freshman coming on campus, getting that experience, expanding it as an adult, and we're going to need those public-private partnerships in order to continue to fund those at a level that is at the excellence we need for these STEM and engineering fields. >> It's interesting people and technology can work together and these partnerships are the new way. Bongs too with reaction to the modern version of what a public successful private partnership looks like. >> If I could jump in John, I think, you know, historically DOD's had a high bar to overcome if you will, in terms of getting rapid... pulling in new companies, miss the fall if you will, and not rely heavily on the usual suspects, of vendors and the like, and I think the DOD has done a good job over the last couple of years of trying to reduce that burden and working with us, you know, the Air Force, I think they're pioneering this idea around pitch days, where companies come in, do a two-hour pitch and immediately notified of, you know, of an a award, without having to wait a long time to get feedback on the quality of the product and so on. So I think we're trying to do our best to strengthen that partnership with companies outside of the main group of people that we typically use. >> Steve, any reaction, any comment to add? >> Yeah, I would add a couple and these are very excellent thoughts. It's about taking a little gamble by coming out of your comfort zone, you know, the world that Bong and I, Bong lives in and I used to live in the past, has been quite structured. It's really about, we know what the threat is, we need to go fix it, we'll design as if as we go make it happen, we'll fly it. Life is so much more complicated than that and so it's really, to me, I mean, you take an example of the pitch days of Bong talks about, I think taking a gamble by attempting to just do a lot of pilot programs, work the trust factor between government folks and the industry folks and academia, because we are all in this together in a lot of ways. For example, I mean, we just sent a paper to the white house at their request about, you know, what would we do from a workforce development perspective and we hope to embellish on this over time once the initiative matures, but we have a piece of it for example, is a thing we call "clear for success," getting back to president Armstrong's comments so at a collegiate level, you know, high, high, high quality folks are in high demand. So why don't we put together a program that grabs kids in their underclass years, identifies folks that are interested in doing something like this, get them scholarships, have a job waiting for them that they're contracted for before they graduate, and when they graduate, they walk with an SCI clearance. We believe that can be done, so that's an example of ways in which public-private partnerships can happen to where you now have a talented kid ready to go on day one. We think those kinds of things can happen, it just gets back down to being focused on specific initiatives, giving them a chance and run as many pilot programs as you can, like pitch days. >> That's a great point, it's a good segue. Go ahead, President Armstrong. >> I just want to jump in and echo both the Bong and Steve's comments, but Steve that, you know, your point of, you know our graduates, we consider them ready day one, well they need to be ready day one and ready to go secure. We totally support that and love to follow up offline with you on that. That's exciting and needed, very much needed more of it, some of it's happening, but we certainly have been thinking a lot about that and making some plans. >> And that's a great example, a good segue. My next question is kind of re-imagining these workflows is kind of breaking down the old way and bringing in kind of the new way, accelerate all kinds of new things. There are creative ways to address this workforce issue and this is the next topic, how can we employ new creative solutions because let's face it, you know, it's not the days of get your engineering degree and go interview for a job and then get slotted in and get the intern, you know, the programs and you'd matriculate through the system. This is multiple disciplines, cybersecurity points at that. You could be smart in math and have a degree in anthropology and be one of the best cyber talents on the planet. So this is a new, new world, what are some creative approaches that's going to work for you? >> Alright, good job, one of the things, I think that's a challenge to us is, you know, somehow we got me working for, with the government, sexy right? You know, part of the challenge we have is attracting the right level of skill sets and personnel but, you know, we're competing, oftentimes, with the commercial side, the gaming industry as examples is a big deal. And those are the same talents we need to support a lot of the programs that we have in DOD. So somehow we have do a better job to Steve's point about making the work within DOD, within the government, something that they would be interested early on. So attract them early, you know, I could not talk about Cal Poly's challenge program that they were going to have in June inviting high school kids really excited about the whole idea of space and cyber security and so on. Those are some of the things that I think we have to do and continue to do over the course of the next several years. >> Awesome, any other creative approaches that you guys see working or might be an idea, or just to kind of stoke the ideation out there? Internships, obviously internships are known, but like, there's got to be new ways. >> Alright, I think you can take what Steve was talking about earlier, getting students in high school and aligning them sometimes at first internship, not just between the freshman and sophomore year, but before they enter Cal Poly per se and they're involved. So I think that's absolutely key, getting them involved in many other ways. We have an example of upskilling or work redevelopment here in the central coast, PG&E Diablo nuclear plant that is going to decommission in around 2024. And so we have a ongoing partnership to work and reposition those employees for the future. So that's, you know, engineering and beyond but think about that just in the manner that you were talking about. So the upskilling and reskilling, and I think that's where, you know, we were talking about that Purdue University, other California universities have been dealing with online programs before COVID, and now with COVID so many more Faculty were pushed into that area, there's going to be a much more going and talk about workforce development in upskilling and reskilling, the amount of training and education of our faculty across the country in virtual and delivery has been huge. So there's always a silver linings in the cloud. >> I want to get your guys' thoughts on one final question as we end the segment, and we've seen on the commercial side with cloud computing on these highly accelerated environments where, you know, SAS business model subscription, and that's on the business side, but one of the things that's clear in this trend is technology and people work together and technology augments the people components. So I'd love to get your thoughts as we look at a world now, we're living in COVID, and Cal Poly, you guys have remote learning right now, it's at the infancy, it's a whole new disruption, if you will, but also an opportunity enable new ways to encollaborate, So if you look at people and technology, can you guys share your view and vision on how communities can be developed, how these digital technologies and people can work together faster to get to the truth or make a discovery, hire, develop the workforce, these are opportunities, how do you guys view this new digital transformation? >> Well, I think there's huge opportunities and just what we're doing with this symposium, we're filming this on Monday and it's going to stream live and then the three of us, the four of us can participate and chat with participants while it's going on. That's amazing and I appreciate you, John, you bringing that to this symposium. I think there's more and more that we can do. From a Cal Poly perspective, with our pedagogy so, you know, linked to learn by doing in-person will always be important to us, but we see virtual, we see partnerships like this, can expand and enhance our ability and minimize the in-person time, decrease the time to degree, enhance graduation rate, eliminate opportunity gaps for students that don't have the same advantages. So I think the technological aspect of this is tremendous. Then on the upskilling and reskilling, where employees are all over, they can re be reached virtually, and then maybe they come to a location or really advanced technology allows them to get hands on virtually, or they come to that location and get it in a hybrid format. So I'm very excited about the future and what we can do, and it's going to be different with every university, with every partnership. It's one size does not fit all, There's so many possibilities, Bong, I can almost imagine that social network that has a verified, you know, secure clearance. I can jump in, and have a little cloak of secrecy and collaborate with the DOD possibly in the future. But these are the kind of crazy ideas that are needed, your thoughts on this whole digital transformation cross-pollination. >> I think technology is going to be revolutionary here, John, you know, we're focusing lately on what we call visual engineering to quicken the pace of the delivery capability to warfighter as an example, I think AI, Machine Language, all that's going to have a major play in how we operate in the future. We're embracing 5G technologies, and the ability for zero latency, more IOT, more automation of the supply chain, that sort of thing, I think the future ahead of us is very encouraging, I think it's going to do a lot for national defense, and certainly the security of the country. >> Steve, your final thoughts, space systems are systems, and they're connected to other systems that are connected to people, your thoughts on this digital transformation opportunity. >> Such a great question and such a fun, great challenge ahead of us. Echoing my colleagues sentiments, I would add to it, you know, a lot of this has, I think we should do some focusing on campaigning so that people can feel comfortable to include the Congress to do things a little bit differently. You know, we're not attuned to doing things fast, but the dramatic, you know, the way technology is just going like crazy right now, I think it ties back to, hoping to convince some of our senior leaders and what I call both sides of the Potomac river, that it's worth taking this gamble, we do need to take some of these things you know, in a very proactive way. And I'm very confident and excited and comfortable that this is going to be a great time ahead and all for the better. >> You know, I always think of myself when I talk about DC 'cause I'm not a lawyer and I'm not a political person, but I always say less lawyers, more techies than in Congress and Senate, so (laughter)I always get in trouble when I say that. Sorry, President Armstrong, go ahead. >> Yeah, no, just one other point and Steve's alluded to this and Bong did as well, I mean, we've got to be less risk averse in these partnerships, that doesn't mean reckless, but we have to be less risk averse. And also, as you talk about technology, I have to reflect on something that happened and you both talked a bit about Bill Britton and his impact on Cal Poly and what we're doing. But we were faced a few years ago of replacing traditional data, a data warehouse, data storage, data center and we partnered with AWS and thank goodness, we had that in progress and it enhanced our bandwidth on our campus before COVID hit, and with this partnership with the digital transformation hub, so there's a great example where we had that going. That's not something we could have started, "Oh COVID hit, let's flip that switch." And so we have to be proactive and we also have to not be risk-averse and do some things differently. That has really salvaged the experience for our students right now, as things are flowing well. We only have about 12% of our courses in person, those essential courses and I'm just grateful for those partnerships that I have talked about today. >> And it's a shining example of how being agile, continuous operations, these are themes that expand the space and the next workforce needs to be built. Gentlemen, thank you very much for sharing your insights, I know Bong, you're going to go into the defense side of space in your other sessions. Thank you gentlemen, for your time, for a great session, I appreciate it. >> Thank you. >> Thank you gentlemen. >> Thank you. >> Thank you. >> Thank you, thank you all. I'm John Furey with The Cube here in Palo Alto, California covering and hosting with Cal Poly, the Space and Cybersecurity Symposium 2020, thanks for watching. (bright atmospheric music)

>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation, >>Everyone. Welcome to this cube conversation. I'm John for host of the Cube here in the Cubes Palo Alto studios during the co vid crisis. Square Quarantine with our crew, but we got the remote interviews. Got great to get great guests here from 44 to guard Fortinet, 40 Guard Labs, Derek Manky chief Security Insights and Global Threat alliances. At 14 it's 40 guard labs and, um, are Lakhani. Who's the lead researcher for the Guard Labs. Guys, great to see you. Derek. Good to see you again. Um, are you meet you? >>Hey, it's it's it's been a while and that it happened so fast, >>it just seems, are say it was just the other day. Derek, we've done a couple interviews in between. A lot of flow coming out of Florida net for the guards. A lot of action, certainly with co vid everyone's pulled back home. The bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security. Uh, in terms of action, bad actors are at all time high new threats here is going on. Take us through what you guys were doing. What's your team makeup look like? What are some of the roles and you guys were seeing on your team? And how's that transcend to the market? >>Yeah, sure, Absolutely. So you're right. I mean, like, you know, like I was saying earlier this this is all this always happens fast and furious. We couldn't do this without, you know, a world class team at 40 guard labs eso we've grown our team now to over 235 globally. There's different rules within the team. You know, if we look 20 years ago, the rules used to be just very pigeonholed into, say, anti virus analysis. Right now we have Thio account for when we're looking at threats. We have to look at that growing attack surface. We have to look at where these threats coming from. How frequently are they hitting? What verticals are they hitting? You know what regions? What are the particular techniques? Tactics, procedures, You know, we have threat. This is the world of threat Intelligence, Of course. Contextualizing that information and it takes different skill sets on the back end, and a lot of people don't really realize the behind the scenes. You know what's happening on bears. A lot of magic happen not only from what we talked about before in our last conversation from artificial intelligence and machine learning, that we do a 40 yard labs and automation, but the people. And so today we want to focus on the people on and talk about you know how on the back ends, we approach a particular threat. We're going to talk to the world, a ransom and ransomware. Look at how we dissect threats. How correlate that how we use tools in terms of threat hunting as an example, And then how we actually take that to that last mile and and make it actionable so that, you know, customers are protected. How we share that information with Keith, right until sharing partners. But again it comes down to the people. We never have enough people in the industry. There's a big shortages, we know, but it it's a really key critical element, and we've been building these training programs for over a decade within 40 guard lab. So you know, you know, John, this this to me is why, exactly why, I always say, and I'm sure Americans share this to that. There's never a dull day in the office. I know we hear that all the time, but I think today you know, all the viewers really get a new idea of why that is, because this is very dynamic. And on the back end, there's a lot of things that doing together our hands dirty with this, >>you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different than sitting in the stands watching the game. You guys are certainly in that arena. And, you know, we've talked and we cover your your threat report that comes out, Um, frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware. What's going on? What's the state of the ransomware situation? Um, set the stage because that's still continues to be a threat. I don't go a week, but I don't read a story about another ransomware and then it leaks out. Yeah, they paid 10 million in Bitcoin or something like I mean, this Israel. That's a real ongoing threat. What is it, >>quite a bit? Yeah, eso I'll give sort of the one on one and then maybe capacity toe mark, who's on the front lines dealing with this every day. You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone extended way, way before, you know, cybersecurity. Right? Um, in the world of physical crime s Oh, of course. You know the world's first ransom, where viruses actually called PC cyborg. This is in 1989. The ransom payment was demanded to appeal box from leave. It was Panama City at the time not to effective on floppy disk. Very small audience. Not a big attack surface. I didn't hear much about it for years. Um, you know, in really it was around 2000 and 10. We started to see ransomware becoming prolific, and what they did was somewhat cybercriminals. Did was shift on success from ah, fake antivirus software model, which was, you know, popping up a whole bunch of, you know said your computer is infected with 50 or 60 viruses. Chaos will give you an anti virus solution, Which was, of course, fake. You know, people started catching on. You know, the giggles up people caught onto that. So they weren't making a lot of money selling this project software. Uh, enter Ransomware. And this is where ransomware really started to take hold because it wasn't optional to pay for the software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer the current. Uh, the encryption kind of decrypt it with any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw we've seen things like master boot record nbr around somewhere. This is persistent. It sits before your operating system when you boot up your computer. So it's hard to get rid of, um, very strong. Um, you know, public by the key cryptography that's being so each victim is infected with the different key is an example. The list goes on, and you know I'll save that for for the demo today. But that's basically it's It's very it's prolific and we're seeing shit. Not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted ransom cases that we're going after, you know, critical business. Essentially, it's like a D O s holding revenue streams around too. So the ransom demands were getting higher because of this is Well, it's complicated. >>Yeah, I was mentioning, Omar, I want you to weigh in. I mean, 10 million is a lot we reported earlier this month. Garment was the company that was act I t guy completely locked down. They pay 10 million. Um, garment makes all those devices and a Z. We know this is impacting That's real numbers. So I mean, it's another little ones, but for the most part, it's new. It's, you know, pain in the butt Thio full on business disruption and extortion. Can you explain how it all works before I got it? Before we go to the demo, >>you know, you're you're absolutely right. It is a big number, and a lot of organizations are willing to pay that number to get their data back. Essentially their organization and their business is at a complete standstill. When they don't pay, all their files are inaccessible to them. Ransomware in general, what does end up from a very basic or review is it basically makes your files not available to you. They're encrypted. They have a essentially a pass code on them that you have to have the correct pass code to decode them. Ah, lot of times that's in the form of a program or actually a physical password you have type in. But you don't get that access to get your files back unless you pay the ransom. Ah, lot of corporations these days, they are not only paying the ransom, they're actually negotiating with the criminals as well. They're trying to say, Oh, you want 10 million? How about four million? Sometimes that it goes on as well, but it's Ah, it's something that organizations know that if they don't have the proper backups and the Attackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicate files, so sometimes you don't have a choice, and organizations will will pay the ransom >>and it's you know they're smart. There's a business they know the probability of buy versus build or pay versus rebuild, so they kind of know where to attack. They know the tactics. The name is vulnerable. It's not like just some kitty script thing going on. This is riel system fistic ated stuff. It's and it's and this highly targeted. Can you talk about some use cases there and what's goes on with that kind of attack? >>Absolutely. The cybercriminals are doing reconnaissance. They're trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. Eh? So there's a lot of attacks going on. We usually we're finding now is ransomware is sometimes the last stage of an attack, so an attacker may go into on organization. They may already be taking data out of that organization. They may be stealing customer data P I, which is personal, identifiable information such as Social Security numbers or or driver's licenses or credit card information. Once they've done their entire attack, once they've gone, everything they can Ah, lot of times their end stage. There last attack is ransomware, and they encrypt all the files on the system and try and try and motivate the victim to pay as fast as possible and as much as possible as well. >>You know, it's interesting. I thought of my buddy today. It's like casing the joint. They check it out. They do their re kon reconnaissance. They go in, identify what's the move that's move to make. How to extract the most out of the victim in this case, Target. Um, and it really I mean, it's just go on a tangent, you know? Why don't we have the right to bear our own arms? Why can't we fight back? I mean, the end of the day, Derek, this is like, Who's protecting me? I mean, >>e do >>what? To protect my own, build my own army, or does the government help us? I mean, that's at some point, I got a right to bear my own arms here, right? I mean, this is the whole security paradigm. >>Yeah, so I mean, there's a couple of things, right? So first of all, this is exactly why we do a lot of that. I was mentioning the skills shortage and cyber cyber security professionals. Example. This is why we do a lot of the heavy lifting on the back end. Obviously, from a defensive standpoint, you obviously have the red team blue team aspect. How do you first, Um, no. There is what is to fight back by being defensive as well, too, and also by, you know, in the world that threat intelligence. One of the ways that we're fighting back is not necessarily by going and hacking the bad guys, because that's illegal in jurisdictions, right? But how we can actually find out who these people are, hit them where it hurts. Freeze assets go after money laundering that works. You follow the cash transactions where it's happening. This is where we actually work with key law enforcement partners such as Inter Pool is an example. This is the world, the threat intelligence. That's why we're doing a lot of that intelligence work on the back end. So there's other ways toe actually go on the offense without necessarily weaponizing it per se right like he's using, you know, bearing your own arms, Aziz said. There's different forms that people may not be aware of with that and that actually gets into the world of, you know, if you see attacks happening on your system, how you how you can use security tools and collaborate with threat intelligence? >>Yeah, I think that I think that's the key. I think the key is these new sharing technologies around collective intelligence is gonna be, ah, great way to kind of have more of an offensive collective strike. But I think fortifying the defense is critical. I mean, that's there's no other way to do that. >>Absolutely. I mean the you know, we say that's almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cyber criminal to operate. And there's many ways to do that right you could be could be a pain to them by by having a very rigid, hard and defense. That means that if if it's too much effort on their end, I mean, they have roos and their in their sense, right, too much effort on there, and they're gonna go knocking somewhere else. Um, there's also, you know, a zay said things like disruption, so ripping infrastructure offline that cripples them. Yeah, it's wack a mole they're going to set up somewhere else. But then also going after people themselves, Um, again, the cash networks, these sorts of things. So it's sort of a holistic approach between anything. >>Hey, it's an arms race. Better ai better cloud scale always helps. You know, it's a ratchet game. Okay, tomorrow I want to get into this video. It's of ransomware four minute video. I'd like you to take us through you to lead you to read. Researcher, >>take us >>through this video and, uh, explain what we're looking at. Let's roll the video. >>All right? Sure s. So what we have here is we have the victims. That's top over here. We have a couple of things on this. Victims that stop. We have ah, batch file, which is essentially going to run the ransom where we have the payload, which is the code behind the ransomware. And then we have files in this folder, and this is where you typically find user files and, ah, really world case. This would be like Microsoft Microsoft Word documents or your Power point presentations. Over here, we just have a couple of text files that we've set up we're going to go ahead and run the ransomware and sometimes Attackers. What they do is they disguise this like they make it look like a like, important word document. They make it look like something else. But once you run, the ransomware usually get a ransom message. And in this case, the ransom message says your files are encrypted. Uh, please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address that usually they look a little more complicated. But this is our fake Bitcoin address, but you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as the researchers, we see files like this all the time. We see ransomware all the all the time. So we use a variety of tools, internal tools, custom tools as well as open source tools. And what you're seeing here is open source tool is called the cuckoo sandbox, and it shows us the behavior of the ransomware. What exactly is a ransom we're doing in this case? You can see just clicking on that file launched a couple of different things that launched basically a command execute herbal, a power shell. It launched our windows shell and then it did things on the file. It basically had registry keys. It had network connections. It changed the disk. So this kind of gives us behind the scenes. Look at all the processes that's happening on the ransomware and just that one file itself. Like I said, there's multiple different things now what we want to do As researchers, we want to categorize this ransomware into families. We wanna try and determine the actors behind that. So we dump everything we know in the ransomware in the central databases. And then we mind these databases. What we're doing here is we're actually using another tool called malt ego and, uh, use custom tools as well as commercial and open source tools. But but this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking malty, go to look through our database and say, like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system because that helps us identify maybe where the ransom that's connecting to where it's going thio other processes that may be doing. In this case, we can see multiple I P addresses that are connected to it so we can possibly see multiple infections weaken block different external websites. If we can identify a command and control system, we can categorize this to a family. And sometimes we can even categorize this to a threat actor that has claimed responsibility for it. Eso It's essentially visualizing all the connections and the relationship between one file and everything else we have in our database in this example. Off course, we put this in multiple ways. We can save these as reports as pdf type reports or, you know, usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets when we're researching file based attacks when we're researching, um, you know, I P reputation We have a lot of different IOC's or indicators of compromise that we can correlate where attacks goes through and maybe even detective new types of attacks as well. >>So the bottom line is you got the tools using combination of open source and commercial products. Toe look at the patterns of all ransomware across your observation space. Is that right? >>Exactly. I should you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic that that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At four of our labs intelligence that we acquire that product, that product of intelligence, it's consumed directly by our projects. >>Also take me through what, what's actually going on? What it means for the customers. So border guard labs. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Is is that you guys were researching you Look at something pops on the radar. I mean, take us through What is what What goes on? And then how does that translate into a customer notification or impact? >>So So, yeah, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be a wear Some of the solutions we talked about before. And if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can't see. So you got to get your hands on visibility. We call these I, O. C s indicators a compromise. So this is usually something like, um, actual execute herbal file, like the virus from the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that seed, we call it a seed. We could do threat hunting from there, so we can analyze that right? If it's ah piece of malware or a botnet weaken do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things and we really you know, it's similar to the world of C. S. I write have these different gods that they're connecting. We're doing that at hyper scale on DWI. Use that through these tools that Omar was talking. So it's really a life cycle of getting, you know, the malware incoming seeing it first, um, analyzing it on, then doing action on that. Right? So it's sort of a three step process, and the action comes down to what tomorrow is saying water following that to our customers so that they're protected. But then in tandem with that, we're also going further. And I'm sharing it, if if applicable to, say, law enforcement partners, other threat Intel sharing partners to And, um, there's not just humans doing that, right? So the proactive peace again, This is where it comes to artificial intelligence machine learning. Um, there's a lot of cases where we're automatically doing that analysis without humans. So we have a I systems that are analyzing and actually creating protection on its own. Two. So it Zack white interest technology. >>A decision. At the end of the day, you want to protect your customers. And so this renders out if I'm afford a net customer across the portfolio. The goal here is to protect them from ransomware. Right? That's the end of game. >>Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes Thio the damages that air down from estimates. >>E not only is a good insurance, it's just good to have that fortification. Alright, So dark. I gotta ask you about the term the last mile because, you know, we were before we came on camera. You know, I'm band with junkie, always want more bandwidth. So the last mile used to be a term for last mile to the home where there was telephone lines. Now it's fiber and by five. But what does that mean to you guys and security is that Does that mean something specific? >>Yeah, Yeah, absolutely. The easiest way to describe that is actionable, right? So one of the challenges in the industry is we live in a very noisy industry when it comes thio cybersecurity. What I mean by that is because of that growing attacks for fists on do you know, you have these different attack vectors. You have attacks not only coming in from email, but websites from, you know, DDOS attacks. There's there's a lot of volume that's just going to continue to grow is the world of I G N O T. S O. What ends up happening is when you look at a lot of security operation centers for customers as an example, um, there are it's very noisy. It's, um you can guarantee that every day you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs, and when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually started to say, Hey, this looks like an attack. I'm gonna go investigate it and block it. So this is where the last mile comes in because ah, lot of the times that you know these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because The reality is, if it's just humans, doing it on that last mile is often going back to your bandwidth terms. There's too much too much lately. See right, So how do you reduce that late and see? That's where the automation the AI machine learning comes in. Thio solve that last mile problem toe automatically either protection. Especially important because you have to be quicker than the attacker. It's an arms race like E. >>I think what you guys do with four to Guard Labs is super important. Not like the industry, but for society at large, as you have kind of all this, you know, shadow, cloak and dagger kind of attacks systems, whether it's National Security international or just for, you know, mafias and racketeering and the bad guys. Can you guys take a minute and explain the role of 40 guards specifically and and why you guys exist? I mean, obviously there's a commercial reason you both on the four net that you know trickles down into the products. That's all good for the customers. I get that, but there's more to the fore to guard than just that. You guys talk about this trend and security business because it is very clear that there's a you know, uh, collective sharing culture developing rapidly for societal benefit. Can you take them into something that, >>Yeah, sure, I'll get my thoughts. Are you gonna that? So I'm going to that Teoh from my point of view, I mean, there's various functions, So we've just talked about that last mile problem. That's the commercial aspect we create through 40 yard labs, 40 yards, services that are dynamic and updated to security products because you need intelligence products to be ableto protect against intelligence attacks. That's just the defense again, going back to How can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that you do. But we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court, and because of that, a lot of these cybercriminals rain free. That's been a big challenge in the industry. So, you know, this has been close to my heart over 10 years, I've been building a lot of these key relationships between private public sector as an example, but also private sector things like Cyber Threat Alliance, where a founding member of the Cyber Threat Alliance, if over 28 members and that alliance. And it's about sharing intelligence to level that playing field because Attackers room freely. What I mean by that is there's no jurisdictions for them. Cybercrime has no borders. Um, they could do a million things, uh, wrong and they don't care. We do a million things right. One thing wrong, and it's a challenge. So there's this big collaboration that's a big part of 40 guard. Why exists to is to make the industry better. Thio, you know, work on protocols and automation and and really fight fight this together. Well, remaining competitors. I mean, we have competitors out there, of course, on DSO it comes down to that last mile problem. John is like we can share intelligence within the industry, but it's on Lee. Intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. And, >>um, are what's your take on this, uh, societal benefit because, you know, I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops on our soil, the government would respond. Um, but yet virtually they're here, and the private sector's defend for themselves. No support. So I think this private public partnership thing is very relevant. I think is ground zero of the future build out of policy because, you know, we pay for freedom. Why don't we have cyber freedom is if we're gonna run a business. Where's our help from the government? Pay taxes. So again, if a military showed up, you're not gonna see, you know, cos fighting the foreign enemy, right? So, again, this is a whole new change over it >>really is. You have to remember that cyberattacks puts everyone on even playing field, right? I mean, you know, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that, right? Anyone can basically come up to speed on cyber weapons as long as they have an Internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies, you know, But absolutely that I think a lot of us, You know, from a personal standpoint, a lot of us have seen researchers have seen organizations fail through cyber attacks. We've seen the frustration we've seen. Like, you know, besides organization, we've seen people like, just like grandma's loser pictures of their, you know, other loved ones because they can being attacked by ransom, where I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But But I will add that the least here in the U. S. The federal government actually has a lot of partnerships and ah, lot of programs to help organizations with cyber attacks. Three us cert is always continuously updating, you know, organizations about the latest attacks. Infra Guard is another organization run by the FBI, and a lot of companies like Fortinet and even a lot of other security companies participate in these organizations so everyone can come up to speed and everyone share information. So we all have a fighting chance. >>It's a whole new wave paradigm. You guys on the cutting edge, Derek? Always great to see a mark. Great to meet you remotely looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >>All right. Thank God. Pleasure is always >>okay. Q conversation here. I'm John for a host of the Cube. Great insightful conversation around security Ransomware with a great demo. Check it out from Derek and, um, are from 14 guard labs. I'm John Ferrier. Thanks for watching.

>>from around the globe. It's the queue with digital coverage of AWS Public sector online brought to you by Amazon Web services. Everyone welcome back to the Cube's virtual coverage of AWS Public sector online summit, which is also virtual. I'm John Furrier, host of the Cube, with a great interview. He remotely Jennifer Cronus, who's the general manager with the D. O. D. Account for Amazon Web services. Jennifer, welcome to the Cube, and great to have you over the phone. I know we couldn't get the remote video cause location, but glad to have you via your voice. Thanks for joining us. >>Well, thank you very much, John. Thanks for the opportunity here >>to the Department of Defense. Big part of the conversation over the past couple of years, One of many examples of the agencies modernizing. And here at the public sector summit virtual on line. One of your customers, the Navy with their air p is featured. Yes, this is really kind of encapsulate. It's kind of this modernization of the public sector. So tell us about what they're doing and their journey. >>Sure, Absolutely. So ah, maybe er P, which is Navy enterprise resource planning is the department of the Navy's financial system of record. It's built on S AP, and it provides financial acquisition and my management information to maybe commands and Navy leadership. Essentially keep the Navy running and to increase the effectiveness and the efficiency of baby support warfighter. It handles about $70 billion in financial transactions each year and has over 72,000 users across six Navy commands. Um, and they checked the number of users to double over the next five years. So essentially, you know, this program was in a situation where their on premises infrastructure was end of life. They were facing an expensive tech upgrade in 2019. They had infrastructure that was hard to steal and prone to system outages. Data Analytics for too slow to enable decision making, and users actually referred to it as a fragile system. And so, uh, the Navy made the decision last year to migrate the Europe E system to AWS Cloud along with S AP and S two to s AP National Security Services. So it's a great use case for a government organization modernizing in the cloud, and we're really happy to have them speaking at something this year. >>Now, was this a new move for the Navy to move to the cloud? Actually, has a lot of people are end life in their data center? Certainly seeing in public sector from education to modernize. So is this a new move for them? And what kind of information does this effect? I mean, ASAP is kind of like, Is it, like just financial data as an operational data? What is some of the What's the move about it Was that new? And what kind of data is impacted? >>Sure. Yeah, well, the Navy actually issued a Cloud First Policy in November of 2017. So they've been at it for a while, moving lots of different systems of different sizes and shapes to the cloud. But this migration really marked the first significant enterprise business system for the Navy to move to the actually the largest business system. My migrate to the cloud across D o D. Today to date. And so, essentially, what maybe Air P does is it modernizes and standardizes Navy business operation. So everything think about from time keeping to ordering missile and radar components for Navy weapon system. So it's really a comprehensive system. And, as I said, the migration to AWS govcloud marks the Navy's largest cloud migration to date. And so this essentially puts the movement and documentation of some $70 billion worth of parts of goods into one accessible space so the information can be shared, analyzed and protected more uniformly. And what's really exciting about this and you'll hear from the Navy at Summit is that they were actually able to complete this migration in just under 10 months, which was nearly half the time it was originally expected to take different sizing complexity. So it's a really, really great spring. >>That's huge numbers. I mean, they used to be years. Well, that was the minicomputer. I'm old enough to remember like, Oh, it's gonna be a two year process. Um, 10 months, pretty spectacular. I got to ask, What is some of the benefits that they're seeing in the cloud? Is that it? Has it changed the roles and responsibilities? What's what's some of the impact that they're seeing expecting to see quickly? >>Yeah, I'd say, you know, there's been a really big impact to the Navy across probably four different areas. One is in decision making. Also better customer experience improves security and then disaster recovery. So we just kind of dive into each of those a little bit. So, you know, moving the system to the cloud has really allowed the Navy make more timely and informed decisions, as well as to conduct advanced analytics that they weren't able to do as efficiently in the past. So as an example, pulling financial reports and using advanced analytics on their own from system used to take them around 20 hours. And now ah, maybe your API is able to all these ports in less than four hours, obviously allowing them to run the reports for frequently and more efficiently. And so this is obviously lead to an overall better customer experience enhance decision making, and they've also been able to deploy their first self service business intelligence capabilities. So to put the hat, you know, the capability, Ah, using these advanced analytics in the hands of the actual users, they've also experienced improve security. You know, we talk a lot about the security benefits of migrating to the cloud, but it's given them of the opportunity to increase their data protection because now there's only one based as a. We have data to protect instead of multiple across a whole host of your traditional computing hardware. And then finally, they've implemented a really true disaster recovery system by implementing a dual strategy by putting data in both our AWS about East and govcloud West. They were the first to the Navy to do those to provide them with true disaster become >>so full govcloud edge piece. So that brings up the question around. And I love all this tactical edge military kind of D o d. Thinking the agility makes total sense. Been following that for a couple of years now, is this business side of it that the business operations Or is there a tactical edge military component here both. Or is that next ahead for the Navy? >>Yeah. You know, I think there will ultimately both You know that the Navy's big challenge right now is audit readiness. So what they're focusing on next is migrating all of these financial systems into one General ledger for audit readiness, which has never been done before. I think you know, audit readiness press. The the D has really been problematic. So the next thing that they're focusing on in their journey is not only consolidating to one financial ledger, but also to bring on new users from working capital fund commands across the Navy into this one platform that is secure and stable, more fragile system that was previously in place. So we expect over time, once all of the systems migrate, that maybe your API is going to double in size, have more users, and the infrastructure is already going to be in place. Um, we are seeing use of all of the tactical edge abilities in other parts of the Navy. Really exciting programs for the Navy is making use of our snowball and snowball edge capabilities. And, uh, maybe your key that that this follows part of their migration. >>I saw snow cones out. There was no theme there. So the news Jassy tweeted. You know, it's interesting to see the progression, and you mentioned the audit readiness. The pattern of cloud is implementing the business model infrastructure as a service platform as a service and sass, and on the business side, you've got to get that foundational infrastructure audit, readiness, monitoring and then the platform, and then ultimately, the application so a really, you know, indicator that this is happening much faster. So congratulations. But I want to bring that back to now. The d o d. Generally, because this is the big surge infrastructure platform sas. Um, other sessions at the Public sector summit here on the D. O. D is the cybersecurity maturity model, which gets into this notion of base lining at foundation and build on top. What is this all about? The CME EMC. What does it mean? >>Yeah, well, I'll tell you, you know, I think the most people know that are U S defense industrial base of what we call the Dev has experienced and continues to experience an increasing number of cyber attacks. So every year, the loss of sensitive information and an election property across the United States, billions each year. And really, it's our national security. And there's many examples for weapons systems and sensitive information has been compromised. The F 35 Joint Strike Fighter C 17 the Empty Nine Reaper. All of these programs have unfortunately, experience some some loss of sensitive information. So to address this, the d o. D. Has put in place, but they all see em and see which is the Cybersecurity Maturity Models certification framework. It's a mouthful, which is really designed to ensure that they did the defense industrial base. And all of the contractors that are part of the Defense Supply Chain network are protecting federal contract information and controlled unclassified information, and that they have the appropriate levels of cyber security in place to protect against advanced, persistent, persistent threats. So in CMC, there are essentially five levels with various processes and practices in each level. And this is a morton not only to us as a company but also to all of our partners and customers. Because with new programs the defense, investor base and supply take, companies will be required to achieve a certain see MNC certification level based on the sensitivity of the programs data. So it's really important initiative for the for the Deal E. And it's really a great way for us to help >>Jennifer. Thanks so much for taking the time to come on the phone. I really appreciate it. I know there's so much going on the D o d Space force Final question real quick for a minute. Take a minute to just share what trends within the d o. D you're watching around this modernization. >>Yeah, well, it has been a really exciting time to be serving our customers in the D. And I would say there's a couple of things that we're really excited about. One is the move to tactical edge that you've talked about using out at the tactical edge. We're really excited about capabilities like the AWS Snowball Edge, which helped Navy Ear Key hybrid. So the cloud more quickly but also, as you mentioned, our AWS cone, which isn't even smaller military grades for edge computing and data transfer device that was just under £5 kids fitness entered mailbox or even a small backpacks. It's a really cool capability for our diode, the warfighters. Another thing. That's what we're really watching. Mostly it's DRDs adoption of artificial intelligence and machine learning. So you know, Dear D has really shown that it's pursuing deeper integration of AI and ML into mission critical and business systems for organizations like the Joint Artificial Intelligence. Enter the J and the Army AI task force to help accelerate the use of cloud based AI really improved war fighting abilities And then finally, what I'd say we're really excited about is the fact that D o. D is starting Teoh Bill. New mission critical systems in the cloud born in the cloud, so to speak. Systems and capabilities like a BMS in the airports. Just the Air Force Advanced data management system is being constructed and created as a born in the cloud systems. So we're really, really excited about those things and think that continued adoption at scale of cloud computing The idea is going to ensure that our military and our nation maintain our technological advantages, really deliver on mission critical systems. >>Jennifer, Thanks so much for sharing that insight. General General manager at Amazon Web services handling the Department of Defense Super important transformation efforts going on across the government modernization. Certainly the d o d. Leading the effort. Thank you for your time. This is the Cube's coverage here. I'm John Furrier, your host for AWS Public sector Summit online. It's a cube. Virtual. We're doing the remote interviews and getting all the content and share that with you. Thank you for watching. Yeah, Yeah, yeah, yeah, yeah

>> Narrator: Live from San Francisco. It's the theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconAngle Media. >> Alright, welcome to theCUBE coverage here at RSA Conference in San Francisco and Moscone Halls, theCUBE. I'm John Furrier, the host of theCUBE, in a cyber security is all about encryption data and also security. We have a very hot startup here, that amazing guest, Dr. Ellison Anne Williams, CEO and Founder of Enveil just recently secured a $10 million Series A Funding really attacking a real problem around encryption and use. Again, data ,security, analytics, making it all secure is great. Allison, and thanks for coming on. Appreciate your time. >> Thanks for having me. >> So congratulations on the funding before we get started into the interview talking about the hard news, you guys that are around the funding. How long have you guys been around? What's the funding going to do? What are you guys doing? >> Yeah, so we're about three and a half years old as a company. We just announced our Series A close last week. So that was led by C5. And their new US Funds The Impact Fund and participating. Other partners included folks like MasterCard, Capital One Ventures, Bloomberg, Beta 1843, etc. >> So some names jumped in C5 led the round. >> For sure. >> How did this get started? What was the idea behind this three years you've been actually doing some work? Are you going to production? Is it R&D? Is it in market? Give us a quick update on the status of product and solution? >> Yeah, so full production. For production of the product. We're in fact in 2.0 of the release. And so we got our start inside of the National Security Agency, where I spent the majority of my career. And we developed some breakthroughs in an area of technology called homomorphic encryption, that allows you to perform computations into the encrypted domain as if they were in the unencrypted world. So the tech had never existed in a practical capacity. So we knew that bringing seeds of that technology out of the intelligence community and using it to seed really and start the company, we would be creating a new commercial market. >> So look at this, right? So you're at the NSA, >> Correct >> Your practitioner, they're doing a lot of work in this area, pioneering a new capability. And did the NSA spin it out did they fund it was the seed capital there or did you guys bootstrap it >> No. So our seed round was done by an entity called Data Tribe. So designed to take teams in technologies that were coming out of the IC that wanted to commercialize to do so. So we took seed funding from them. And then we were actually one of the youngest company ever to be in the RSA Innovation Sandbox here in 2017, to be one of the winners and that's where the conversation really started to change around this technology called homomorphic encryption, the market category space called securing data in use and what that meant. And so from there, we started running the initial version of a product out in the commercial world and we encountered two universal reaction. One that we were expecting and one that we weren't. And the one that we were expecting is that people said, "holy cow, this actually works". Because what we say we do keeping everything encrypted during processing. Sounds pretty impossible. It's not just the math. And then the second reaction that we encountered that we weren't expecting is those initial early adopters turned around and said to us, "can we strategically invest in you?" So our second round of funding was actually a Strategic Round where folks like Bloomberg beta,Thomson Reuters, USA and Incue Towel came into the company. >> That's Pre Series A >> Pre Series A >> So you still moving along, if a sandbox, you get some visibility >> Correct. >> Then were the products working on my god is you know, working. That's great. So I want to get into before I get into some of the overhead involved in traditionally its encryption there always has been that overhead tax. And you guys seem to solve that. But can you describe first data-at-rest versus data-in-motion and data-in-user. data at rest, as means not doing anything but >> Yeah, >> In flight or in you so they the same, is there a difference? Can you just tell us the difference of someone this can be kind of confusing. >> So it's helpful to think of data security in three parts that we call the triad. So securing data at rest on the file system and the database, etc. This would be your more traditional in database encryption, or file based encryption also includes things like access control. The second area, the data security triad is securing data- in- transit when it's moving around through the network. So securing data at rest and in transit. Very well solution. A lot of big name companies do that today, folks like Talus and we partner with them, Talus, Gemalto, etc. Now, the third portion of the data security triad is what happens to that data when you go use or process it in some way when it becomes most valuable. And that's where we focus. So as a company, we secure data-in-use when it's being used or processed. So what does that mean? It means we can do things like take searches or analytics encrypt them, and then go run them without ever decrypting them at any point during processing. So like I said, this represents a new commercial market, where we're seeing it manifest most often right now are in things like enabling secure data sharing, and collaboration, or enabling secure data monetization, because its privacy preserving and privacy enabling as a capability. >> And so that I get this right, the problem that you solved is that during the end use parts of the triad, it had to be decrypted first and then encrypted again, and that was the vulnerability area. Look, can you describe kind of like, the main problem that you guys saw was that-- >> So think more about, if you've got data and you want to give me access to it, I'm a completely different entity. And the way that you're going to give me access to it is allowing me to run a search over your data holdings. We see this quite a bit in between two banks in the areas of anti-money laundering or financial crime. So if I'm going to go run a search in your environment, say I'm going to look for someone that's an EU resident. Well, their personal information is covered under GDPR. Right? So if I go run that search in your environment, just because I'm coming to look for a certain individual doesn't mean you actually know anything about that. And so if you don't, and you have no data on them whatsoever, I've just introduced a new variable into your environment that you now have to account for, From a risk and liability perspective under something like GDPR. Whereas if you use us, we could take that search encrypt it within our walls, send it out to you and you could process it in its encrypted state. And because it's never decrypted during processing, there's no risk to you of any increased liability because that PII or that EU resident identifier is never introduced into your space. >> So the operating side of the business where there's compliance and risk management are going to love this, >> For sure. >> Is that really where the action is? >> Yes, compliance risk privacy. >> Alright, so get a little nerdy action on this one. So encryption has always been an awesome thing depending on who you talk to you, obviously, but he's always been a tax associate with the overhead processing power. He said, there's math involved. How does homeomorphic work? Does it have problems with performance? Is that a problem? Or if not, how do you address that? Where does it? I might say, well, I get it. But what's the tax for me? Or is your tax? >> Encryption is never free. I always tell people that. So there always is a little bit of latency associated with being able to do anything in an encrypted capacity, whether that's at rest at in transit or in use. Now, specifically with homomorphic encryption. It's not a new area of encryption. It's been around 30 or so years, and it had often been considered to be the holy grail of encryption for exactly the reasons we've already talked about. Doing things like taking searches or analytics and encrypting them, running them without ever decrypting anything opens up a world of different types of use cases across verticals and-- >> Give those use case examples. What would be some that would be low hanging fruit. And it would be much more higher level. >> Some of the things that we're seeing today under that umbrella of secure data sharing and collaboration, specifically inside of financial services, for use cases around anti-money laundering and financial crimes so, allowing two banks to be able to securely collaborate with with each other, along the lines of the example that I gave you just a second ago, and then also for large multinational banks to do so across jurisdictions in which they operate that have different privacy and secrecy regulations associated with them. >> Awesome. Well, Ellison, and I want to ask you about your experience at the NSA. And now as an entrepreneur, obviously, you have some, you know, pedigree at the NSA, really, you know, congratulations. It's going to be smart to work there, I guess. Secrets, you know, >> You absolutely do. >> Brains brain surgeon rocket scientist, so you get a lot of good stuff. But now that you're on the commercial space, it's been a conversation around how public and commercial are really trying to work together a lot as innovations are happening on both sides of the fence there. >> Yeah. >> Then the ICC and the Intelligence Community as well as commercial. Yeah, you're an entrepreneur, you got to go make money, you got shareholders down, you got investors? What's the collaboration look like? How does the world does it change for you? Is it the same? What's the vibe in DC these days around the balance between collaboration or is there? >> Well, we've seen a great example of this recently in that anti-money laundering financial crime use case. So the FCA and the Financial Conduct Authority out of the UK, so public entity sponsored a whole event called a tech spread in which they brought the banks together the private entities together with the startup companies, so your early emerging innovative capabilities, along with the public entities, like your privacy regulators, etc, and had us all work together to develop really innovative solutions to real problems within the banks. In the in the context of this text spread. We ended up winning the know your customer customer due diligence side of the text brand and then at the same time that us held an equivalent event in DC, where FinCEN took the lead, bringing in again, the banks, the private companies, etc, to all collaborate around this one problem. So I think that's a great example of when your public and your private and your private small and your private big is in the financial services institutions start to work together, we can really make breakthroughs-- >> So you see a lot happening >> We see a lot happening. >> The encryption solution actually helped that because it makes sense. Now you have the sharing the encryption. >> Yeah. >> Does that help with some of the privacy and interactions? >> It breaks through those barriers? Because if we were two banks, we can't necessarily openly, freely share all the information. But if I can ask you a question and do so in a secure and private capacity, still respecting all the access controls that you've put in place over your own data, then it allows that collaboration to occur, whereas otherwise I really couldn't in an efficient capacity. >> Okay, so here's the curveball question for you. So anybody Startup Series today, but you really got advanced Series A, you got a lot of funding multiple years of operation. If I asked you what's the impact that you're going to have on the world? What would you say to that, >> Over creating a whole new market, completely changing the paradigm about where and how you can use data for business purposes. And in terms of how much funding we have, we have, we've had a few rounds, but we only have 15 million into the company. So to be three and a half years old to see this new market emerging and being created with with only $15 million. It's really pretty impressive. >> Yeah, it's got a lot of growth and keep the ownership with the employees and the founders. >> It's always good, but being bootstrap is harder than it looks, isn't it? >> Yeah. >> Or how about society at large impact. You know, we're living global society these days and get all kinds of challenges. You see anything else in the future for your vision of impact. >> So securing data and your supplies horizontally across verticals. So far we've been focused mainly on financial services. But I think healthcare is a great vertical to move out in. And I think there are a lot of global challenges with healthcare and the more collaborative that we could be from a healthcare standpoint with our data. And I think our capabilities enable that to be possible. And still respecting all the privacy regulations and restrictions. I think that's a whole new world of possibility as well. >> And your secret sauce is what math? What's that? What's the secret sauce, >> Math, Math and grit. >> Alright, so thanks for sharing the insights. Give a quick plug for the company. What are you guys looking to do? Honestly, $10 million in funding priorities for you and the team? What do you guys live in to do? >> So priorities for us? privacy is a global issue now. So we are expanding globally. And you'll be hearing more about that very shortly. We also have new product lines that are going to be coming out enabling people to do more advanced decisioning in a completely secure and private capacity. >> And hiring office locations DC. >> Yes. So our headquarters is in DC, but we're based on over the world, so we're hiring, check out our web page. We're hiring for all kinds of roles from engineering to business functionality >> And virtual is okay virtual hires school >> Virtual hires is great. We're looking for awesome people no matter where they are. >> You know, DC but primary. Okay, so great to have you gone. Congratulations for one, the financing and then three years of bootstrapping and making it happen. Awesome. >> Thank you. >> Thank you for coming ,appreciate it. So keep coming to your RSA conference in Moscone. I'm John Furrier. Thanks for watching more after this short break (pop music playing)

>> Announcer: From Las Vegas, it's theCUBE. Covering Qualys Security Conference 2019, brought to you by Qualys. >> Hey welcome back everybody, Jeff Frick here with theCUBE, we're in Las Vegas at the Bellagio, at the Qualys Security Conference, pretty amazing, it's been going on for 19 years, we heard in the keynote. It's our first time here, and we're excited to have our first guest, he was a keynote earlier this morning, the author of nine books, Richard Clarke, National Security and Cyber Risk expert, and author most recently of "The Fifth Domain." Dick, great to see you. >> Great to be with you. >> Absolutely. So you've been in this space for a very long time. >> I started doing cybersecurity in about 1996 or 1997. >> So early days. And preparing for this, I've watched some of your other stuff, and one of the things you said early on was before there was really nothing to buy. How ironic to think about that, that first there was a firewall, and basic kind of threat protection. Compare and contrast that to walking into RSA, which will be in a couple of months in Moscone, 50,000 people, more vendors than I can count on one hand, now there's too much stuff to buy. Do you look at this evolution? What's your take? And from a perspective of the CIO and the people responsible for protecting us, how should they work through this morass? >> Well, the CIO and the CFO, got used to thinking cyber security costs a little bit, 'cause you can only buy, this is 1997, you can only buy antivirus, firewall, and maybe, in 1997, you could buy an intrusion detection system. Didn't do anything, it just went "beep," but you could buy that too. So you had three things in 1997. And so that resulted in the IT budget having to take a tiny little bit of it, and put it aside for security, maybe 2%, 3% of the budget. Well, now, if you're only spending 2 or 3% of your IT budget on security, somebody owns your company, and it's not you (laughs). >> And that's 2 or 3% of the IT budget, that's not the whole budget. >> No, that's the IT budget. What we found in researching the book, is that secure companies, and there are some, there's companies that don't get hacked, or they get hacked, but the hack gets in, immediately contained, identified, quarantined. The damage is done, but it's easily repaired. Companies that are like that, the resilient companies, are spending 8%, 10%, we found companies at 12 and 17%, of their IT budget on security, and to your point, how many devices do you have to buy? You look at the floor at any of these RSA Conventions, Black Hat, or something, now there are 2000 companies at RSA, and they're all selling something, but their marketing message is all the same. So pity the poor CSO as she goes around trying to figure out, "Well, do I want to talk to that company? "What does it do?" We found that the big banks, and the big corporations, that are secure, have not three, anymore, but 75, 80, different, discreet cybersecurity products on their network, most of it software, some of it hardware. But if you've got 80 products, that's probably 60 vendors, and so you got to, for yourself, there's the big challenge, for a CSO, she's got to figure out, "What are the best products? "How do they integrate? "What are my priorities?" And, that's a tough task, I understand why a lot of the people want to outsource it, because it's daunting, especially for the small and medium-size business, you got to outsource it. >> Right, right. So the good news is, there's a silver lining. So traditionally, and you've talked about this, we talk about it all the time too, there's people that have been hacked and know it, and people that have been hacked and just don't know it yet, and the statistics are all over the map, anywhere you grab it, it used to be hundreds of days before intrusions were detected. Kind of the silver lining in your message is, with proper investments, with proper diligence and governance, you can be in that group, some they're trying to get in all the time, but you can actually stop it, you can actually contain it, you can actually minimize the damage. >> What we're saying is, used to be two kinds of companies, those that are hacked and knew it, and those that are hacked that don't, that didn't know it. Now there's a third kind of company. The company that's stopping the hack successfully, and the average, I think, is a 175 days to figure it out, now it's 175 minutes, or less. The attack gets in, there's all the five or six stages, of what's called "the attack killchain," and gets out very, very quickly. Human beings watching glass, looking at alerts, are not going to detect that and respond in time, it's got to be automated. Everybody says they got AI, but some people really do (laughs), and machine learning is absolutely necessary, to detect things out of the sea of data, 75 different kinds of devices giving you data, all of them alarming, and trying to figure out what's going on, and figure out in time, to stop that attack, quarantine it, you got to move very, very quickly, so you've got to trust machine learning and AI, you got to let them do some of the work. >> It's so funny 'cause people still are peeved when they get a false positive from their credit card company, and it's like (laughs), do you realize how many of those things are going through the system before one elevates to the level that you are actually getting an alert? >> So the problem has always been reducing the number of false positives, and identifying which are the real risks, and prioritizing, and humans can't do that anymore. >> Right, right, there's just too much data. So let's shift gears a little bit about in terms of how this has changed, and again, we hear about it over and over, right, the hacker used to be some malicious kid living in his mom's basement, being mischievous, maybe, actually doing some damage, or stealing a little money. Now it's government-funded, it's state attacks, for much more significant threats, and much more significant opportunities, targets of opportunity. You've made some interesting comments in some of your prior stuff, what's the role of the government? What's the role of the government helping businesses? What's the role of business? And then it also begs the question, all these multinational business, they don't even necessarily just exist in one place, but now, I've got to defend myself against a nation state, with, arguably, unlimited resources, that they can assign to this task. How should corporate CIOs be thinking about that, and what is the role, do you think, of the government? >> Let's say you're right. 20 years ago we actually used to see the number of cyber attacks go up on a Friday night and a Saturday night, because it was boys in their mother's basement who couldn't get a date, you know, and they were down there having fun with the computer. Now, it's not individuals who are doing the attacks. It is, as you say, nation states. It's the Russian Army, Russian Intelligence, Russian Military Intelligence, the GRU. The North Korean Army is funding its development of nuclear weapons by hacking companies and stealing money, all over the world, including central banks, in some cases. So, yeah, the threat has changed, and obviously, a nation state is going to be far more capable of attacking, military is going to be far more capable of attacking, so, CISOs say to me, "I'm being attacked by a foreign military, "isn't that the role of the Pentagon "to defend Americans, American companies?" And General Keith Alexander, who used to run Cyber Command, talks about, if a Russian bomber goes overhead, and drops a bomb on your plant, you expect the United States Air Force to intercept that Russian bomber, that's why you pay your taxes, assuming you pay taxes. What's the difference? General Alexander says, whether that's a Russian bomber attacking your plant, or a Russian cyber attack, attacking your plant, and he says, therefore, people should assume the Pentagon will protect them from foreign militaries. That sounds nice. There's a real ring of truth to that, right? But it doesn't work. I mean, how could the Pentagon defend your regional bank? How could the Pentagon defend the telephone company, or a retail store? It can't. It can barely defend itself, and they're not doing a great job of that either, defending the federal government. So, do you really want the Pentagon putting sensors on your network? Looking at your data? No, you don't. Moreover, they can't. They don't have enough people, they don't have enough skills. At the end of the day, whatever the analogy is about how the Defense Department should defend us from foreign military attack, they can't. And they shouldn't, by the way, in my view. The conclusion that that gets you to, is you got to defend yourself, and you can, right now, if you use the technology that exists. The government has a role, sure. It can provide you warnings, it can provide the community with intelligence, it can fund development and stuff, can train people, but it cannot defend your network, you have to defend your network. >> And you have municipalities, I think it's Atlanta, is the one that keeps getting hit, there's-- >> Well Louisiana, just the other night, the whole state of Louisiana government unplugged from the internet, because it was being hit by a ransomware attack. The whole city of Baltimore's been down, the whole city of Atlanta, as you said. There's a real problem here, because people, many of them are paying the ransom, and they pay the ransom, and they get their network back right away. People ask me, "Can I trust these criminals?" Well you can trust them to give you your network back, because they have a reputation to maintain. Think about that. This whole thing about ransomware depends on their reputation, the bad guys' reputation. If they get a reputation for not giving you your network back when you pay, no one's ever going to pay, so they do give it back, and sometimes that's a lot quicker, and a lot cheaper, than saying no and rebuilding your network. But if we give them the money, what are they doing with it? Yeah, they're buying Ferraris to drive round the streets of Moscow, but some of that money is going back into R&D, so they can develop more effective attacks. >> So it's an interesting take, right, so most people, I think, would say that the cybersecurity war is completely always going to be kind of cat and mouse, whack-a-mole, that the bad guys are always a little step ahead, and you're always trying to catch up, just the way the innovation cycle works. You specifically say no, that's not necessarily always true, that there are specific things you can do to, not necessarily have an impenetrable wall, but to really minimize the impact and neutralize these threats, like a super white blood cell, if you will. So what are those things that companies should be doing, to better increase their probability, their chance, of, I don't know, blocking-- >> Depends on the size of the company. >> Absorbing. >> Depends on the size of the company. But I think whether you're a small-to-medium business, or you're an enterprise, you begin in the same place. And I do this with all of my consulting contracts, I sit down with the leadership of the company individually, and I ask every one of them, "What are you worried about? "What could happen? "What could a bad guy do to you "that matters to your company?" 'Cause what matters to one company may not matter to another company. And you can't spend your entire budget defending the network, so let's figure out exactly what risk we're worried about, and what risk we're just kind of willing to tolerate. And then, we can design security around that, and sometimes that security will be outsourced, to a managed security provider. A lot of it means getting into the cloud, because if you're in Amazon or Microsoft's cloud, you've got some security automatically built in, they've got thousands of people doing the security of the cloud, and if your server's in your basement, good luck. (laughs) >> So, as you look forward, now you said you finished the book earlier in the year, it gets published, and it's out, and that's great, but as you said, it's a fast-moving train, and the spaces develops. 10 years from now, we don't want to look at 10 years from now, it's way too long. But as you look forward the next couple, two, three years, what are you keeping an eye on, that's going to be, again, another sea change of both challenge and opportunity in this space? >> The three technologies we talk about in the book, for the three-year time horizon, 'cause I can't get beyond three years, more machine learning on the defense, but also more machine learning on the offense, and where does that balance work out? To whose advantage? Secondly, quantum computing, which, we don't know how rapidly quantum computing will come onto the market, but we do know it's a risk for some people, in that it might break encryption, if the bad guys get their hands on the quantum computer, so that's a worry. But one I think most immediately, is 5G. What 5G allows people to do, is connect millions of things, at high speed, to the internet. And a lot of those things that will be connected are not defended right now, and are outside firewalls, and don't have end-point protection, and aren't really built into networks on a secure network. So I worry about 5G empowering the Internet of Things, and doing what we call expanding the attack surface, I worry about that. >> Right, Richard, well thank you for taking a few minutes, and congrats on the book, and I'm sure within a couple of years the gears will start turning and you'll put pen to paper and kick another one out for us. >> Number 10. >> All right. He's Richard, I'm Jeff, you're watching theCUBE, we're at the Qualys Security Conference at the Bellagio in Las Vegas, thanks for watching, we'll see you next time. (upbeat music)

>> Narrator: Live, from Washington DC, it's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in our nation's capital. I'm your host, Rebecca Knight. Co-hosting along side John Furrier. We are joined by Jamil Jaffer, he is the VP Strategy and Partnerships at IronNet. Thanks so much for coming on theCUBE. >> Thanks for having me Rebecca. >> Rebecca: I know you've been watching us for a long time so here you are, soon to be a CUBE alumn. >> I've always wanted to be in theCUBE, it's like being in the octagon but for computer journalists. (laughing) I'm pumped about it. >> I love it. Okay, why don't you start by telling our viewers a little bit about IronNet and about what you do there. >> Sure, so IronNet was started about 4 1/2 years ago, 5 years ago, by General Kieth Alexander, the former director of the NSA and founding commander of US Cyber command. And essentially what we do is, we do network traffic analytics and collective defense. Now I think a lot of people know what network traffic analytics are, you're looking for behavioral anomalies and network traffic, trying to identify the bad from the good. Getting past all the false positives, all the big data. What's really cool about what we do is collective defense. It's this idea that one company standing alone can't defend itself, it's got to work with multiple companies, it's got to work across industry sectors. Potentially even with the governments, and potentially across allied governments, really defending one another. And the way that works, the way we think about that, is we share all the anomalies we see across multiple companies to identify threat trends and correlations amongst that data, so you can find things before they happen to you. And so the really cool idea here is, that something may not happen to you, but it may happen to your colleague, you find about it, you're defended against it. And it takes a real commitment by our partners, our companies that we work with, to do this, but increasingly they're realizing the threat is so large, they have no choice but to work together, and we provide that platform that allows that to happen. >> And the premise is that sharing the data gives more observational space to have insights into that offense, correct? >> That's exactly right. It's as though, it's almost like you think about an air traffic control picture, or a radar picture, right? The idea being that if you want to know what's happening in the air space, you got to see all of it in real time at machine speed, and that allows you to get ahead of the threats rather than being reactive and talking about instant response, we're talking about getting ahead of the problems before they happen so you can stop them and prevent the damage ahead of time. >> So you're an expert, they're lucky to have you. Talk about what you've been doing before this. Obviously a lot of experience in security. Talk about some about some of the things you've done in the past. >> So I have to admit to being a recovering lawyer, but you have to forgive me because I did grow up with computers. I had a Tandy TRS-80 Color computer when I first started. 4K of all more RAM, we upgraded to 16K, it was the talk of the rainbow computer club, what are you doing, 16K of RAM? (laughing) I mean, it was-- >> Basic programming language, >> That's right. (laughing) Stored on cassette tapes. I remember when you used to have to punch a hole in the other side of a 5 1/4 floppy disc to make it double sided. >> Right, right. >> John: Glory days. >> Yeah, yeah. I paid my way through college running a network cable, but I'm a recovering lawyer, and so my job in the government, I worked at the House Intelligence Committee, the Senate Foreign Relations Committee and then the Bush administration on the Comprehensive National Cybersecurity Initiative, both the Justice Department and the White House. >> You've seen the arc, you've seen the trajectory, the progress we're making now seems to me slower than it should be, obviously a lot of inertia as Amy Chasity said today about these public sector government agencies, what not. But a real focus has been on it, we've been seeing activity. Where are we with the state of the union around the modernization of cyber and awareness to what's happening? How critical are people taking this threat seriously? >> Well I think I variety of things to say on that front. First, the government itself needs modernize its systems, right? We've seen that talked about in the Obama administration, we've seen President Trump put out an executive order on modernization of federal infrastructure. The need to move to the cloud, the need to move to shared services, make them more defensible, more resilient long-term. That's the right move. We've seen efforts at the Department of Defense and elsewhere. They aren't going as fast as the need to, more needs to happen on that front. IT modernization can really be accelerated by shifting to the cloud, and that's part of why that one of the things that IronNet's done really aggressively is make a move into the cloud space, putting all of our back end in the cloud and AWS. And also, ability, capability to do surveillance and monitoring. When I say surveillance I mean network threat detection not surveillance of the old kind. But network threat detection in the cloud, and in cloud-enabled instances too. So both are important, right? Classic data centers, but also in modern cloud infrastructure. >> Yeah, one of the things people want to know about is what your enemy looks like, and now with the democratization with open source, and democratization of tools, the enemies could be hiding through obscure groups. The states, the bad actors and the state actors can actually run covert activities through other groups, so this is kind of a dynamic that creates confusion. >> No, in fact, it's their actual mode of operating, right? It's exactly what they do, they use proxies, right? So you'll see the Russians operating, looking like a criminal hacker group operating out of the eastern Europe. In part because a lot of those Russian criminal rings, in actuality. You see a lot of patriotic hackers, right? I would tell most people, if you see a patriotic hacker there's probably a government behind that whole operation. And so the question becomes, how do you confront that threat, right? A lot of people say deterrence doesn't work in cyberspace. I don't believe that. I think deterrence can and does work in cyberspace, we just don't practice it. We don't talk about our capabilities, we don't talk our red lines, we don't talk about what'll happen if you cross our red lines, and when we do establish red lines and they're crossed, we don't really enforce them. So it's no surprise that our enemies, or advisories, are hitting us in cyberspace, are testing our boundaries. It's cause we haven't really give them a sense of where those lines are and what we're going to do if they cross them. >> Are we making an progress on doing anything here? What's the state of the market there? >> Well the government appears to have gotten more aggressive, right? We've seen efforts in congress to give the Department of Defense and the US Intelligence Committee more authorities. You can see the stand up of US Cyber Command. And we've seen more of a public discussion of these issues, right? So that's happening. Now, is it working? That's a harder question to know. But the real hard question is, what do you do on private sector defense? Because our tradition has been, in this country, that if it's a nation-state threat, the government defends you against it. We don't expect Target or Walmart or Amazon to have service to air missiles on the roof of your buildings to defend against Russian Bear bombers. We expect the government to do that. But in cyberspace, the idea's flipped on its head. We expect Amazon and every company in America, from a mom and pop shop, all the way up to the big players, to defend themselves against script kiddies, criminal hacker gangs, and nation-states. >> John: And randomware's been taking down cities, Baltimore, recent example, >> Exactly. >> John: multiple times. Hit that well many times. >> That's right, that's right. >> Talk about where the US compares. I mean, here as you said, the US, we are starting to have these conversations, there's more of an awareness of these cyber threats. But modernization has been slow, it does not quite have the momentum. How do we rate with other countries? >> Well I think in a lot of ways we have the best capabilities when it comes to identifying threats, identifying the adversary, the enemy, and taking action to respond, right? If we're not the top one, we're in the top two or three, right? And the question, though, becomes one of, how do you work with industry to help industry become that good? Now our industry is at the top of that game also, but when you're talking about a nation-state, which has virtually unlimited resources, virtually unlimited man-power to throw at a problem, it's not realistic to expect a single company to defend itself, and at the same time, we as a nation are prepared to say, "Oh, the Department of Defense should be sitting on "the boundaries of the US internet." As if you could identify them even, right? And we don't want that. So the question becomes, how does the government empower the private sector to do better defense for itself? What can the government do working with industry, and how can industry work with one another, to defend each other? We really got to do collective defense, not because it makes sense, which it does, but because there is no other option if you're going to confront nation-state or nation-state enabled actors. And that's another threat, we've seen the leakage of nation-state capabilities out to a lot broader of an audience now. That's a problem, even though that may be 2013 called and wants it's hack back, those things still work, right? What we saw in Baltimore was stuff that has been known for a long time. Microsoft has released patches long ago for that, and yet, still vulnerable. >> And the evolution of just cyber essential command, and Cyber Command, seems to be going slow, at least from my frame. Maybe I'm not in the know, but what is the imperative? I mean, there's a lot of problems to solve. How does the public sector, how does the government, solve these problems? Is cloud the answer? What are some of the things that people of this, the top minds, discussing? >> Well and I think cloud is clearly one part of the solution, right? There's no question that when you move to a cloud infrastructure, you have sort of a more bounded perimeter, right? And that provides that ability to also rapidly update, you could update systems in real time, and in mass. There's not going around and bringing your floppy disc and loading software, and it sounds like that's sort of a joke about an older era, but you look at what happened with NotPetya and you read this great Wired article about what happened with NotPetya, and you look at Maersk. And the way that Maersk brought its systems back up, was they had domain controller in Africa that had gone down due to a power surge, where they were able to recover the physical hard drive and re-image all their world-wide domain controls off of that one hard drive. You think about a major company that runs a huge percentage of the world's ports, right? And this is how they recovered, right? So we really are in that, take your disc and go to computers. In a cloud infrastructure you think about how you can do that in real time, or rapidly refresh, rapidly install patches, so there's a lot of that, that's like a huge part of it. It's not a complete solution, but it's an important part. >> Yeah, one of the things we talk about, a lot of tech guys, is that this debate's around complexity, versus simplicity. So if you store your data in one spot, it's easy to audit and better for governing compliance, but yet easier for hackers to penetrate. From an IQ standpoint, the more complex it is, distributed, harder. >> Yeah I think that's right. >> John: But what's the trade off there? How are people thinking about that kind of direction? >> No that's a great question, right? There's a lot of benefits to diversity of systems, there's a lot of benefit to spreading out your crown jewels, the heart of your enterprise. At the same time, there's real resilience in putting it in one place, having it well defended. Particularly when it's a shared responsibility and you have partial responsibility for the defense, but the provider to, I mean, Amazon, and all the other cloud providers, Microsoft and Google, all have it in their own self interest to really defend their cloud really well. Because whether or not you call it shared responsibility, it's your stock price that matters if you get hit, right? And so, instead of you, Amazon, and all the other cloud players have an incentive to do the right thing and do it really well. And so this shared responsibility can work to both side's benefits. That being said, there's an ongoing debate. A lot of folks want to do there stuff on-prem in a lot of ways. You know, a lot of us are old school, right? When you touch it, you feel it, you know it's there. And we're working through that conversation with folks, and I think that at the end of the day, the real efficiency gains and the power of having super computing power at your fingertips for analytics, for consumer purposes and the like. I really think there's no way to avoid moving to a cloud infrastructure in the long run. >> I know you said you were a recovering lawyer, but you are the founding director of the National Security Institute at the Antonin Scalia School of Law. How are you thinking about educating the next generation of lawyers who could indeed become policy makers or at least work on these committees, to think about these threats that we don't even know about yet? >> That's a great question. So one of the things we're doing, is we're working through the process with the state commission on establishing a new LLM and cyber intelligence national security law. That'll be a great opportunity for lawyers to actually get an advanced degree in these issues. But we're also training non-lawyers. One of the interesting things is, you know, One of the challenges DC has, is we make a lot of tech policy, a lot of it not great, because it's not informed by technologists, so we've got a great partnership with the Hewlett Foundation where we're bringing technologists from around the country, mid-career folks, anywhere from the age of 24 to 38. We're bringing them to DC and we're educating them on how to talk to policy makers. These are technologists, these are coders, data scientists, all the like, and it's a real opportunity for them to be able to be influential in the process of making laws, and know how to involve themselves and talk that speak. Cause, DC speak is a certain thing, right? (laughing) And it's not typically consistent with tech speak, so we're trying to bridge that gap and the Hewlett Foundation's been a great partner in that effort. >> On that point about this collaboration, Silicon Valley's been taking a lot of heat lately, obviously Zuckerberg and Facebook in the news again today, more issues around irresponsibility, but they were growing a rocket ship, I mean, company's only 15 years old roughly. So the impact's been significant, but tech has moved so fast. Tech companies usually hire policy folks in DC to speak the language, educate, a little bit different playbook. But now it's a forcing function between two worlds colliding. You got Washington DC, the Silicon Valley cultures have to blend now. What are some of the top minds thinking about this? What are some of the discussions happening? What's the topic of conversations? >> Well look, I mean, you've see it in the press, it's no surprise you're hearing this talk about breaking up big tech companies. I mean, it's astounding. We used to live in world in which being successful was the American way, right? And now, it seems like at least, without any evidence of anti-trust concerns, that we're talking about breaking up companies that have otherwise hugely successful, wildly innovative. It's sort of interesting to hear that conversation, it's not just one party, you're hearing this in a bipartisan fashion. And so it's a concern, and I think what it reveals to tech companies is, man, we haven't be paying a lot of attention to these guys in DC and they can cause real trouble. We need to get over there and starting talking to these folks and educating them on what we do. >> And the imperative for them is to do the right thing, because, I mean, the United States interest, breaking up, say, Facebook, and Google, and Apple, and Amazon, might look good on paper but China's not breaking up Alibaba anytime soon. >> To the contrary. They're giving them low-interest loans and helping them all to excel. It's crazy. >> Yeah, and they have no R&D by the way, so that's been- >> Jamil: Right, because they stole all of our IP. >> So the US invests in R&D that is easily moving out through theft, that's one issue. You have digital troops on our shores from foreign nations, some will argue, I would say yes. >> Jamil: Inside the border. >> Inside the border, inside the interior, with access to the power grids, our critical infrastructure, this is happening now. So is the government now aware of the bigger picture around what we have as capabilities and criticalities that were needed now for digital military? What is that conversation like? >> Well I think they're having this conversation, right? I think the government knows it's a problem, they know that actually in a lot of ways a partnership with tech is better than an adversary relationship. That doesn't change the fact that, for some reason, in the last three, four years, we really have seen what some people are calling a "techlash", right? A backlash against technology. It kind of strikes me as odd, because of course, the modern economy that we've so benefited from is literally built on the back of the innovations coming out of the Silicon Valley, out of the west coast, and out of the DC metro area, where a lot these tech companies are developing some of the most innovative new ideas. Now they're, frankly, helping government innovate. So Amazon's a key part of that effort, right? Here in the public sector. And so I'm hoping that education will help, I know that the arrival of tech companies here to really have that conversation in an open and sensible way, I hope will sort of waft back some of this. But I worry that for too long the tech and the policies have ignored on another. And now they're starting to intersect as you say, and it has the possibility of going wrong fast, and I'm hoping that doesn't happen. >> You know, one of the things that Rebecca and I were talking about was this talent gap between public sector and private sector. These agencies aren't going to go public anytime soon, so maybe they should get equity deals and get a financial incentive. (laughing) You know what I mean? Shrink down the cost, increase the value. But as you get the collaboration between the two parties, the cloud is attracting smart people, because it gives you an accelerant of value. So people can see some entry points to land, some value out of the gate, verus giving up and abandoning it through red tape, or in other processes. So you starting to see smart people get attracted to cloud as a tool for making change. How is that working? And how is that going to work? Cause this could be coming to the partnership side of it. People might not want to work for the government, but could work with the government. This is a dynamic that we see as real. What's your thoughts? >> I think that's exactly right. Having these cloud infrastructures gives the ability to one, leverage huge amounts of computing power, but also to leverage insights and knowledge from the private sector in ways that you never could have imagined. So I really do think the cloud is an opportunity to bring real benefits from private sector innovation into the public sector very rapidly, right? So, broad-clouded option. And that's part of why John Alexander, my boss, and I have been talking a lot about the need for broad-clouded option. It's not just innovative in technology, it's benefits to the war fighter, Right? I mean, these are real, tangible benefits pushing data in real time, the war fighter, You know John Alexander had one of the biggest innovations in modern war fighting, where he's able to take civil intelligence down from weeks and months, down to minutes and seconds, that the naval and our war fighters in Iraq and Afghanistan to really take the fight to the enemy. The cloud brings that power scaled up to a huge degree, right? By orders of magnitude. And so the government recognizes this and yet today we don't see them yet moving rapidly in that direction. So I think the EO was a good move, a good first step in that direction, now we got to see it implemented by the various agencies down below. >> Well we'll kep in touch, great to have you on. I know we're wrapping up the day here, they're breaking down, we're going to pull the plug literally. (laughing) We'll keep in touch and we'll keep progress on you. >> Thank you so much, I appreciate it. >> Rebecca: Jamil, you are now a CUBE alumn, >> I love it, thank you. >> Rebecca: So congrats, you've joined the club. >> I love it. >> I'm Rebecca Knight for John Furrier you have been watching theCUBE's live coverage of the AWS Public Sector Summit. (electronic music)

>> [Introduction Narrator] Live from Washington, D.C., it's theCUBE, covering AWS Public Sector Summit brought to you by Amazon Web Services. >> Welcome back everyone, to theCUBE's live coverage of the AWS Public Sector Summit here in Washington D.C. I'm your host, Rebecca Knight, along with my co-host, John Furrier. We are welcoming to the program Shannon Kellogg. He is the V.P. Public Policy Americas at AWS. Thanks so much for coming on the show. >> Thanks for having me. It's great to be back on theCUBE. >> Yes, I know. A CUBE veteran. >> Yeah, I feel like a CUBE alumni at this point. >> You are indeed, Shannon. >> Well, this is your show, I mean this is a policies front and center, here at AWS. You got Andy Jassy's Fireside Chat. >> Indeed. >> Kind of his first foray into revealing some of his political thoughts and his mission around what Amazon could do to change it. Pretty interesting time. >> Yeah, it was. I thought it was a really interesting Fireside Chat today with Andy and Teresa. You know, Andy talked about, of course, a lot of what's going on at AWS and some of the big picture challenges that our country faces, so it was great to hear him. >> Well, so that's what I want to get into right now, is that we are having this Summit with the backdrop of an emerging tech backlash, where not only are the regulators sharpening their focus on big tech, and a lot of political candidates saying they we want to break up these companies, the public becoming increasingly wary of big tech's power over us. Give us a little bit of a peek into your mindset and how AWS is thinking about all of these issues. >> Sure, well so I've been at Amazon for about seven years, and so I've seen the growth and evolution of the company firsthand. I've focused during that time frame mostly on working with our Amazon web services business, or AWS, which of course is all around us today. And you know we really, when I started working seven years ago here in Washington, D.C., a lot of people didn't even understand what cloud computing was. I remember one of my first conversations was going into a very senior policy maker on the Hill, and explaining to him what cloud was, and it was very hard to kind of understand during those days this transformation that had already begun if you're a policy maker. And there were a lot of questions back then around security and sort of how the cloud computing would fit within the security discussion. And there was even during that time frame a lot of national discussions around cyber security. And now that conversation has completely changed. More people know what cloud computing is, and now policy makers more and more are seeing cloud computing as part of the answer to help organizations and even governments strengthen their cyber security posture. And Andy talked a little bit about that today at the Fireside Chat. So the conversation has changed in areas like that, even though there are these broader, macro conversations going on as well. >> Well, Shannon, I want to get your thoughts, because you have a history in public policy and policy with tech, which is good. More than ever now, one of the things that we heard from Andy was the acceleration of change happening now. The ability to solve big problems now. New kinds of conversations and approaches are being invented to existing ways. So I got to ask you the question of how policy's modernizing with this modernization cloud trend and where it's remaining the same, so in some cases, the game is still the same, just kind of same wine, new bottle kind of thing, or is there areas that got to be changed. So, for instance, is there an approach that can still be evergreen today that's historically been working for government and private enterprises over the years, and where is it different where it needs to really change. >> Yeah. >> You've got to tease us and walk us through where that policy game is evolving to. >> Well when I started Amazon seven years ago, and started having conversations with customers and policy makers, like I was saying, there were still a lot of people even at the agency level who were experimenting very early on with cloud, and trying to figure out how they were going to use commercial cloud computing, right? And I would classify them as first movers. And so the conversation with them back then was really understanding what they were trying to do by moving a few applications to cloud. What kind of services they were trying to offer and new innovations that they were trying to offer. And so, the policy work that we did around that was much different than what we're doing today, because now you have so many organizations that are moving to cloud and you see this big push, not just in the U.S. but around the world toward IT modernization as an example. And if you're going to modernize your systems within government, then you actually ultimately have to do many different kinds of policy changes, unlike seven or eight years ago, right? And some of those include modernizing or updating your procurement policies and acquisition policies. Some of those include how you're budgeting and funding those initiatives, because there's a shift from capital expenditure into operational expenditure. Some of those policy conversations also involve updating your cyber security policies and your data protection policies. And so all of that is happening today, and we're seeing the federal government, Congress here wanting- >> Net new changes. Net new changes. >> Yeah, net new changes, and adapting, those policies and frameworks to how organizations are moving faster and faster to commercial cloud. >> Inside the policy beltway and even Silicon Valley, you've seen a lot of things that has worked and hasn't worked in the past. What do you think works for policy? If you look back histories, we've seen in the short history of technology and computer industries it's not that old, it's still young. We still have the internet, rise of the web, mobile computing, obviously spectrum and all these connectivity issues. What has worked that you think is relevant today that we should double down on and what should be taken away and reinvented? >> Well first of all, I think it's really important for, not just our company, and me as a leader at Amazon on public policy, but quite frankly, the entire industry, all of my peers, we all need to listen to what customers are trying to do to achieve their missions. And so when you think about whether it's NASA and the new initiatives that they have, to not only go back to the moon, but beyond to Mars, or you talk to health and human services or the Veterans Administration or some of our National Security agencies, they all have really, really important missions, so understanding what they are and how you can be supportive is very important. >> Well I mean, but there's all, I get that, that the customer's always right, listen to the customer, that's Andy's line, Amazon's line. But there's some potentially conflicting things, I'll just throw an example out there. Open government, open data creates more observability of data, hence more creativity, that's a theme that's getting a lot of traction in circles. And then customers want security and privacy. >> Right, so lots of unintended consequences to make all that. >> So as this new ground for a real, first-generational problem needs to be solved, you can't just pick one old way. Like you open it up, you're going to expose the data. >> Right. But I'm glad you mentioned open data, because it's actually one of the areas over the last few years that we've actually gotten some really important things done. There was federal legislation here in the U.S. that passed just, I think it was about 18 months ago, the first open data, comprehensive open data legislation. And we're seeing also other governments internationally kind of move in this direction as well. And I was part of those conversations, and other colleagues in my company were part of those conversations, took a lot of education. And took a lot of outreach to policy makers to get them to understand the benefits of open data and how technology could enable those benefits, which by the way, include getting more data sets so people can actually innovate on those data sets and build new businesses, which is a benefit and so- >> Keith Alexander's business, for instance, is all about visibility into threats, as one example. >> Right. But back to your question, what I found that was very helpful to policy makers is to give them a very baseline explanation of what open data was and how technology like cloud computing was enabling more access to that data or protections would need to be in place, but also how organizations and individuals and entrepreneurs were going to use that data, so having that conversation and educating. And I would say, John, that's sort of the new way of lobbying, the new conversations is to actually go in and try to understand, not only what's on a customer's mind, but what is on a policy maker's mind in terms of what do they really care about, and what are they trying to do to support whatever mission or to support whatever big initiative that matters to their district. >> So education is really the blocking and tackling tenet. You keep on pounding the education. Doing things in the open is interesting. You mentioned open data. We're in a world now in digital where everything's out in the open. You can't hide in the shadows. And so I wrote a story about Jedi, which through my sources, I essentially was referring to Oracle having this smear campaign against Amazon, which was supported by many sources. No one wanted to go on the record, so no other journalists reported it. But this is happening out in the open. These are old tactics of lobbying. >> They're old tactics, yeah. >> There's a sea change going on where open, turning the lights on, is more reality for policy lobbyists than ever before. Can you comment on your reaction to that? >> Sure. All anyone has to do, to look at some of the tactics that are being used by companies like Oracle, and we generally look at them as the legacy players, the legacy IT companies that are trying to protect their particular business model and their margins and the way that they're doing business, versus doing what I said earlier, which was listen to your customers, listen where they want to go, and try to align to that, right? Oracle is doing the exact opposite. It doesn't appear that they are listening to their customers at all. But putting Oracle aside as the only company doing this, there are other companies that are doing it as well, and if you look at the history of lobbying over the last 20 years, and you look at companies like Oracle or IBM, some of those players, they have done these kind of things previously, right? I mean, look at the original anti-trust case against Microsoft, or look at what Oracle was doing with Google and the EU on Fair Search. I mean, these are the same old tactics that these companies have used again and again and again, >> Beck and I were talking with the general Keith Alexander on this one point, where misinformation is so elevated now, and with machine learning and AI and openness, you can't do that anymore. There's no place to hide, so the transparency become a big part of processes. >> Right. >> Your reaction to how that's going to change, how policy is shaped, the participants and the actors involved, and potentially accelerated outcomes. Your thoughts on that. >> In terms of what the Department of Defense is trying to do, I think there's been a lot of transparency in that process, and there's been a lot of media coverage and light shown on what's going on there, so I don't probably need to go into those details. You know, I think it's really important for policy makers to always go out and get several perspectives. There are a lot of organizations out there that like policy makers and our general experience are trying to support the mission of these agencies that are trying to transform. And so if you looked at what the Department of Defense is trying to do or if you looked at what the intelligence community has already undergone several years of transformation with commercial cloud and emerging technologies, these are really important missions that policy makers want to support. >> John Furrier: And public policy- >> And you see that again and again and again. And other organizations. National Security think tanks, third party organizations and associations. They want to support that, too. So I would look to those voices versus listening to some of the same old tired IT legacy voices of the past. >> How do I know which entities are tainted or not tainted, because as someone who's not a big D.C. guy or tech guy, we got in through the cloud, and we're seeing all this stuff that's kind of, you see bad behavior and it's out in the open. Wow, I can't believe they're doing that. So the transparency is good, I get that, but how do I know- >> Transparency and learning from history. Look back and read about some of the tactics that have been used previously. I mean this is reported. >> So is there an organization out there that's like we're a think tank for the greater good of society. How do I know that they're not funded by someone? I mean, is there ways to detect- >> Various >> someone's reputation? Is there a working- >> Well there are organizations that are set up just to basically attack either other companies or another audience, and so those are generally known as astroturfing like organizations. >> I've seen those Google fair search, like they're really not a fair search, they're trying- >> And you can usually, if you look under the hood a little bit, you can usually figure out who those are. Not just those of us in the industry who have seen this playbook used again and again and again, by companies like Oracle and IBM, but also policy makers, if they just go out and talk to people they hear different perspectives, they're going to be able to figure out pretty quickly what is an astroturfing organization. Because they use the same old tactics that they've used for many years. >> I want to pick up on something that Andy Jassy was talking about during his Fireside Chat, and then he's talking about the culture of Amazon, which is the culture that tolerates failure, that allows people to go out and pursue these high-risk ideas which could be career-ending in other organizations. I want to hear what your thoughts are about the public sector, and I know the public sector is vast and not monolithic, but how would you describe the culture that you're seeing, the agencies you're working with, also the state and locals, the educational institutions, what are you seeing? >> Yeah, you bet. Well I think it's actually a really critical point in question, because we're seeing, at really every level of government that we work at, we're seeing people who are trying to be creative and innovate and offer new ways of services to citizens or to other constituencies that they serve, but we're also seeing cultural challenges, where you may have this particular group that is trying to come up with a new way to meet the mission, but then you have this other group over here, and they've always managed the data center, they've always been able to hug their box, their iron box, and see the blinking lights and get close to that, and it's hard sometimes for people who have done something for a certain amount of time in a certain way to necessarily embrace a new way of doing things. >> Rebecca Knight: Change is hard. >> For a couple of reasons. Change is hard, but also sometimes because of the, the fact is, if you look at really any level of government, there are always going to be IT failures, right? And there have been some doozies in the past, here at the federal level, as well as at the state and local level. And I would say consistently we've heard from government leaders who are trying to be first movers who are trying to be transformers, that sometimes they are tepid because of the failures of the past. And so then it gets them to step back and maybe go over to this group and do things the way they've always done them, versus take that risk. And what we need to do as citizens and as in our case, industry, and as a company like Amazon that is so customer-focused, we need to go out there and help them be creative, innovative, and have a voice. And that goes back to John's question about how policy has changed. That's the work I want to do. How do you help people who are really change agents who are trying to do the right thing for their constituents, do the right thing for their citizens, do the right thing for the National Security mission of the United States. Do the right thing for the war fighter who is out there executing the mission of the day. How do you help them achieve their goals and to be able to move forward and transform what they're doing. >> Well you got tail winds with the cloud, Andy pointed it out, we've been talking about it, but I think one thing that's key is, as you guys get the policy gurus together, as you lead the younger generation to shape these new territories, it's a - >> [ Shannon Kellogg] Thank you for calling me younger, John. >> Yeah, you're looking good, by the way. But you've been around the block, you've seen a few waves, and you've seen what works and what doesn't work, and when more than ever, younger majors are going to come in, whether they're from science, or different disciplines are going to be, you have to come and bring that interdisciplinary skill to really solve some of these world problems, I mean Andy's laid out a few. >> That's right. That's right. >> It's a critical... These are opportunities now that can be solved. >> Yeah, and by the way, that trend that you're pointing to is something that we're seeing not just domestically here in the U.S., but internationally. And we're seeing a lot of governments set up some kind of innovation units within government, so they bring in younger generation, but also entrepreneurs, folks that have been out in industry, creating and failing, and creating again and innovating, and bringing them in, and really trying to help them transform their missions. We're seeing that in so many different places now. >> Well, we're going to... you need to keep in touch, and check in on your progress and track the accountability of the industry. We've been really passionate about that, so thanks for sharing your vision and perspective. >> You bet. Thanks for having me on theCUBE again. It's really great to be back and to talk to you as always. >> Rebecca Knight: It's been a pleasure. >> Thank you. >> I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE's live coverage of the AWS Public Sector Summit. Stay tuned. (upbeat music)