>>covering the space and cybersecurity symposium 2020 hosted by Cal poly. Hold on. Welcome to this special presentation with Cal poly hosting the space and cybersecurity symposium, 2020 virtual, um, John for your host with the cube and Silicon angle here in our Palo Alto studios with our remote guests, we couldn't be there in person, but we're going to be here remotely. Got a great session and a panel for one hour topic preparing students for the jobs of today and tomorrow, but a great lineup. Bill Britain, Lieutenant Colonel from the us air force, retired vice president for information technology and CIO and the director of the California cyber security Institute for Cal poly bill. Thanks for joining us, dr. Amy Fisher, who's the Dean of the college of engineering at Cal poly and trunk fam professor and researcher at the U S air force Academy. Folks, thanks for joining me today. >>Our pleasure got a great, great panel. This is one of my favorite topics preparing students for the next generation, the jobs for today and tomorrow. We've got an hour. I'd love you guys to start with an opening statement, to kick things off a bill. We'll start with you. Well, I'm really pleased to be, to start on this. Um, as the director for the cybersecurity Institute and the CIO at Cal poly, it's really a fun, exciting job because as a Polytechnic technology, as such a forefront in what we're doing, and we've had a, a wonderful opportunity being 40 miles from Vandenberg air force base to really look at the nexus of space and cyber security. And if you add into that, uh, both commercial government and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the cyber security Institute, we partner with elements of the state and the university. >>And we try to really add value above our academic level, which is some of the highest in the nation and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools or middle schools in the state of California, that competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark autopsy and other tools that will give those high school students. What we hope is a huge desire to follow up and go into cyber and cyber space and space and follow that career path. And either come to Cal poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future >>Of our nation. >>Bill, thanks for that intro, by the way, it's gonna give you props for an amazing team and job you guys are doing at Cal poly, that Dex hub and the efforts you guys are having with your challenge. Congratulations on that great work. Thank you >>Star team. It's absolutely amazing. You find that much talent in one location. And I think Amy is going to tell you she's got the same amount of talent in her staff. So it's, it's a great place to be. >>Amy flasher. You guys have a great organization down there, amazing curriculum, grazing people, great community, your opening statement. >>Hello everybody. It's really great to be a part of this panel on behalf of the Cal poly college of engineering here at Cal poly, we really take preparing students for the jobs of today and tomorrow completely seriously. And we claim that our students really graduate. So they're ready day one for their first real job, but that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, but through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce here at Cal poly, we have more than 6,000 engineering students. >>We're one of the largest undergraduate engineering schools in the country. Um, and us news ranks us the eighth best undergraduate engineering program in the, in the country and the top ranked state school. We're really, really proud that we offer this impactful hands on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs and really we're talking today about cyber and space. And I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like Aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials, engineering, even manufacturing, civil and biomedical engineering. As there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers, and most of them are working right here in California. >>I'm with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon space, X, Virgin, galactic JPL, and so many other places where we have Cal poly engineer's impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs. And it's really a rapidly growing interest among our students. Computer science is our most popular major and industry interest and partnerships are integrated into our curriculum. And we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship and a cyber lab and from PG and E for critical infrastructure, cybersecurity lab, and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field's evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. >>In our aerospace program, we have an educational partnership with the air force research labs. That's allowing us to install new high performance computing capabilities and a space environments lab. That's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal poly is the founding home of the cube sat program, which pioneered small satellite capabilities. And we remain the worldwide leader in maintaining the cube set standard. And our student program has launched more cube sets than any other program. So here again, we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal poly space systems, which does really, really big rocket launches and our support program for women in both of these fields like wish, which is women in software and hardware. >>Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important and outreach and support to those demographics. Traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds, while we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows, we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard bill talking about the cyber cybersec, the California cybersecurity institutes a year late cyber challenge. There's a lot of other people who are working to bring in a wider variety of, uh, of people into the field, like girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges and a concert with Palo Alto networks. So we have our work cut out for us, but we know what we need to do. And if we're really committed to prep properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >>Yeah, you got a flashy for great, great comment, opening statement and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent and community as well. Thank thank you for that opening statement. Next step from Colorado Springs, trunk fam, who's a professor and researcher. The us air force Academy is doing a lot of research around the areas that are most important for the intersection of space and technology trunk. >>Good afternoon, first electric and Cal poli for the opportunity. And today I want to go briefly about cyber security in S application. Whenever we talk about cyber security, the impression is got yes, a new phew that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is in be complex because involve many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication sociology, law practice. And this practice of cyber security goes in on the info computer expert, but it's also info everybody else who has a computing device that is connected to the internet. And this participation is obviously every body in today's environment. When we think about the internet, we know that is a good source of information, but come with the convenience of information that we can access. >>We are constantly faced in being from the internet. Some of them, we might be aware of some of them we might not be aware of. For example, when we search on the internet, a lot of time, our browser will be saved and gotten this site is not trusted. So we will be more careful. What about the sites that we trusted? We know getting those salad chicken sites, but they're not a hundred percent good at proof. What happened? It was all side, uh, attack by hacker. And then they will be a silent source that we might not be aware of. So in the reality, we need to be more practicing the, um, cyber security from our SIBO point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware, a computer based tool by computer system and therefore the hardware and the software must go through some certification process so that they can be record that air with the flight. >>What the, when we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station and be communication is through the air, through the layby or signal. So anybody who has access to those communication regular signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. >>I'm not going to aspect of cybersecurity is we try to design the space system in a very strong manner. So it's almost impossible to hack in, but what about some August week system that might be connected to so strong system? For example, the spare system will be connected to the ground control station and on the ground control station, we have the human controller in those people have cell phone. They are allowed to use cell phones for communication, but at the same time, they are connected to the internet, to the cell phone and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is that we try to build strong system and we protected them, but there will be some weaker system that we could not intended, but exists to be connected to our strong system. And those are the points that hacker will be trying to attack. If we know how to control the access to those points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere, it's important to Merck that there is a source of opportunity for students to engage the workforce. To concede the obviously student in engineering can focus their knowledge and expertise to provide technological solution, to protect the system that we view. But we also >>Have students in business who can focus to write a business plan to reach the market. We also have student in law who can focus policy governing the cyber security. And we also have student in education who can focus the expert. She should be saying how to teach cyber security practice and students can focus the effort to implement security measures and it implies job opportunity. >>Thank you trunk for those great comments, great technology opportunities, but interesting as well as the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations and you pointed out some of them, dr. Fleischer did as well. And bill, you mentioned it. It's not one thing. It's not just technology, it's different skills. And, um, Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all of this is kind of balancing it's interdisciplinary. It's a structural change before we get into some of the, um, how they prepare the students. Can you guys talk about some of the structural changes that are modern now in preparing, um, in these opportunities because societal impact is a law potentially impact it's, it's how we educate there's no cross-discipline skillsets. It's not just get the degree, see out in the field bill, you want to start. >>Well, what's really fun about this job is, is that in the air force, uh, I worked in the space and missile business and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, uh, is a move to a digital environment. And the digital environment is a very quick and adaptive environment. And it's going to require a digital understanding. Matter of fact, um, the, uh, under secretary of the air force for acquisition, uh, rev recently referenced the need to understand the digital environment and how that's affecting acquisition. So as, as both Amy, um, and trunk said, even business students are now in the >>Cybersecurity business. And, and so, again, what we're seeing is, is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. Uh, one of the ways that we addressed that in the past was to look at high performance computing. It was a lot stricter control over how that worked, but now what we're seeing these adaptation of cloud cloud technologies in space support, space, data, command, and control. Uh, and so what we see is a modern space engineer who asked to understand digital, has to understand cloud and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer and what does a future engineer, both commercial or government? So I think the opportunity for all of these things is really good, particularly for a Polytechnic air force Academy and others that are focusing on a more, uh, widened experiential level of cloud and engineering and other capabilities. >>And I'll tell you the part that as the CIO, I have to remind everybody, all this stuff works for the it stuff. So you've got to understand how your it infrastructures are tied and working together. Um, as we noted earlier, one of the things is, is that these are all relays from point the point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware cyber knowledgeable, and in what we'd like to call as a cyber cognizant citizen, where they have to understand the context, patients chip software, that the Fleischer talk about your perspective, because you mentioned some of the things that computer science. Remember when I'm in the eighties, when I got my computer science degree, they call the software engineers, and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, um, and there's also business engineering business models. So talk about some of your comments was, you mentioned, computer science is hot. You got the aerospace, you've got these multidisciplines you got definitely diversity as well. It brings more perspectives in as well. Your thoughts on these structural interdisciplinary things. >>I think this is, this is really key to making sure that students are prepared to work in the workforce is looking at the, the blurring between fields no longer are you just a computer scientist, no longer are you just an aerospace engineer? You really have to have an expertise where you can work with people across disciplines. All of these, all of these fields are just working with each other in ways we haven't seen before. And bill brought up data, you know, data science is something that's cross cutting across all of our fields. So we want engineers that have the disciplinary expertise so that they can go deep into these fields, but we want them to be able to communicate with each and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. >>There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those, those disciplines. And as you, as Tron pointed out, you know, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the, the liberal arts and say, well, that's over there in general education. No ethics is an important part of what we're doing and how we integrate that into our curriculum. So it was communication. So is working on public policy and seeing where all of these different aspects tied together to make the impact that we want to have in the world. So it, you no longer can work solo in these fields. >>Great point. And bill also mentioned the cloud. One thing about the cloud that showed us as horizontal scalability has created a lot of value and certainly data is now horizontal Trung. You mentioned some of the things about cryptography for the kids out there. I mean, you can look at the pathway for career. You can do a lot of tech and, but you don't have to go deep. Sometimes you can go, you can go as deep as you want, but there's so much more there. Um, what technology do you see, how it's going to help students in your opinion? >>Well, I'm a professor in computer science, so I'd like to talk out a little bit about computer programming. Now we, uh, working in complex project. So most of the time we design a system from scratch. We view it from different components and the components that we have either we get it from or some time we get it from the internet in the open source environment, it's fun to get the source code and then work to our own application. So now when we are looking at a Logie, when we talk about encryption, for example, we can easily get the source code from the internet. And the question is, is safe to use those source code. And my, my, my question is maybe not. So I always encourage my students to learn how to write source score distribution, where that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful, especially with encryption is be quote that might be hidden in the, in the source, get the download here, some of the source. >>So open source, it's a wonderful place to be, but it's also that we have to be aware of >>Great point before we get into some of the common one quick thing for each of you like to get your comments on, you know, the there's been a big movement on growth mindset, which has been a great, I'm a big believer in having a growth mindset and learning and all that good stuff. But now that when you talk about some of these things that we're mentioning about systems, there's, there's an, there's a new trend around a systems mindset, because if everything's now a system distributed systems, now you have space in cyber security, you have to understand the consequences of changes. And you mentioned some of that Trung in changes in the source code. Could you guys share your quick opinions on the, the idea of systems thinking, is that a mindset that people should be looking at? Because it used to be just one thing, Oh, you're a systems guy or galley. There you go. You're done. Now. It seems to be in social media and data. Everything seems to be systems. What's your take dr. Fleischer, we'll start with you. >>Uh, I'd say it's a, it's another way of looking at, um, not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader, uh, system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see, where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. Bill. What's your thoughts? >>Um, I absolutely agree with Amy and I think there's a context here that reverse engineering, um, and forensics analysis and forensics engineering are becoming more critical than ever, uh, the ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets, or when you're given some software that's already been pre developed, checking it to make sure it is, is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis, >>The forensics analysis side, >>These are all things that are part of that system >>Approach that I think you could spend hours on. And we still haven't really done great job on it. So it's a, it's. One of my fortes is the really the whole analysis side of forensics and it reverse engineering >>Try and real quick systems thinking. >>Well, I'd like to share with you my experience. When I worked in the space patient program at NASA, we had two different approaches. One is a down approach where we design it from the system general point of view, where we put components to complex system. But at the same time, we have the bottom up approach where we have Ken Chile who spent time and effort the individual component. And they have to be expert in those Chinese component. That might be general component the gallery. And in the space station program, we bring together the welcome up engineer, who designed everything in detail in the system manager who manage the system design from the top down. And we meet in the middle and took the idea with compromise a lot of differences. Then we can leave a display station that we are operating to be okay, >>Great insight. And that's the whole teamwork collaboration that, that was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a, as a parent, I'm always trying to think about what's best for my kids in their friends, as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight, but this topics about students and helping them prepare. Uh, so we heard, you know, be, be multiple discipline, broaden your horizons, think like systems top down, bottom up, work together as a team and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well documented and certainly at the intersection of space and cyber, it's only gonna get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career at the flagship? We'll start with you in this one. >>I would say really one of the best ways to get students interested in the career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology sake, but that will limit you to a narrow set of students. And by showing that the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world, around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the, uh, the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers is going to be really critical. >>Real question, follow up. What do you think is the best entry point? You mentioned middle squad in here, elementary school. This comes, there's a lot of discussions around pipelining and we're going to get into women in tech and under-represented matters later, but you know, is it too early or what's the, what's your feeling on this? >>My feeling is the earlier we can normalize it the better the, uh, if you can normalize an interest in, in computers and technology and building an elementary school, that's absolutely critical. But the dropoff point that we're seeing is between what I would call like late elementary and early middle school. Um, and just kind of as an anecdote, I, for years ran an outreach program for girl Scouts in grades four and five and grade six, seven, and eight. And we had a hundred slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >>Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. Yeah. I mean, who wants to, who wouldn't want to be a white hat hacker? I mean, yeah, that sounds exciting. Yeah. Great questions. Let's start with some basic principles though. Is let me ask you a question, John, a name for me, one white hat, good person hacker. The name who works in the space industry and is an exemplar for students to look up to, um, you, um, Oh man. I'm hearing really. I can't, I can't, I can't, I can't imagine because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. I was going to be snarky and say, most white hackers won't even use their real name, but, um, there's a, there's an aura around their anonymity here. >>So, so again, the real question is, is how do we get them engaged and keep them engaged? And that's what Amy was pointing out too. Exactly the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that, uh, challenge environment and let them interact and let them talk about what they do and what they're doing in life would give them a challenging game format. Um, a lot of computer based training, um, capture the flag stuff is great, but if you can make it hands on, if you can make it a learn by doing experiment, if you can make it am personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. >>The second part is as part of what we're doing is, is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California, uh, of those 82 teams at six students team, middle school, high school, and many of those have company partners. And these are practitioners in cybersecurity who are working with those students to participate. It's it's that adult connectivity, it's that visualization. Um, so at the competition this year, um, we have the founder of Def con red flag is a participant to talk to the students. We have Vince surf as who is of course, very well known for something called the internet to participate. It's really getting the students to understand who's in this. Who can I look up to and how do I stay engaged with them? >>There's definitely a celebrity aspect of it. I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about, um, these ambassadors and, and, and how far along are you on that program? First of all, the challenge stuff is anything gamification wise. We've seen that with hackathons is just really works well. Grades, bonding, people who create together kinda get sticky and get very high community aspect to it. Talking about this ambassador thing. What does that industry is that academic >>Absolutely partners that we've identified? Um, some of which, and I won't hit all of them. So I'm sure I'll short changes, but, uh, Palo Alto, Cisco, um, Splunk, um, many of the companies in California and what we've done is identified, uh, schools, uh, to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. Uh, and so again, it's really about a constant connectivity and, uh, trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving, um, training and educational opportunities in the game of education side, since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the, >>You know, I've seen just the re randomly, just going to random thought, you know, robotics clubs are moving den closer into that middle school area, in fact Fleischer. And certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just combined made the JV at the college Dean, you know, it's big and it's up and serious. Right. And, um, it's fun. This is the aspect of fun. It's hands on. This is part of the culture down there you learn by doing, is there like a group? Is it like, um, is it like a club? I mean, how do you guys organize these bottoms up organically interest topics? >>So, so here in the college of engineering, uh, when we talk about learning by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at the, these types of, out of the classroom activities, we have over 80 clubs working on all different aspects of many of these are bottom up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train in the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. So, yeah, it's an absolutely great experience. And we don't define for them how their learned by doing experiences should be, we want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it. And, you know, we will help support those clubs as old clubs fade out and new clubs come in >>Trunk real quick. Before we go on the next, uh, talk track, what, what do you recommend for, um, middle school, high school or even elementary? Um, a little bit of coding Minecraft. I mean, what, how do you get them hooked on the fun and the dopamine of, uh, technology and cybersecurity? What's your, what's your take on that? >>On, on this aspect, I like to share with you my experience as a junior high and high school student in Texas, the university of Texas in Austin organized a competition for every high school in Texas. If we phew from poetry to mathematics, to science, computer engineering, but it's not about with university of Texas. The university of Texas is on the serving SSN for the final competition that we divide the competition to be strict and then regional, and then spit at each level, we have local university and colleges volunteering to host it competition and make it fun. >>Also students with private enterprises to raise funding for scholarship. So students who see the competition they get exposed to so they can see different option. They also get a scholarship when they attend university in college. So I've seen the combination in competition aspect would be a good thing to be >>Got the engagement, the aspiration scholarship, you know, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve jobs and was, was building the Mac, they call it bill Hewlett up in Palo Alto. It was in the phone book and they scoured some parts from them. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there, bill, we'll start with you? >>Well, I think it's really interesting. First thing I want to add is if I could have just a clarification, what's really cool that the competition that we have and we're running, it's run by student from Cal poly. Uh, so, you know, Amy referenced the clubs and other activities. So many of the, uh, organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition. And we use their areas of expertise, set design, and other things, uh, visualization of virtualization. Those are all part of how we then teach and educate cyber in our game effication and other areas. So they're all involved in their learning as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing, where our students are mentoring the other students. And I think it's also something that's really important in the game. Um, the first year we held the game, we had several all girl teams and it was really interesting because a, they, they didn't really know if they could compete. I mean, this is their, their reference point. We don't know if they did better than anybody. I mean, they, they knocked the ball out >>Of the park. The second part then is building that confidence level that they can going back and telling their cohorts that, Hey, it's not this thing you can't do. It's something real that you can compete and win. And so again, it's building that comradery, that spirit, that knowledge that they can succeed. And I think that goes a long way and an Amy's programs and the reach out and the reach out that Cal poly does to schools to develop. Uh, I think that's what it really is going to take. It. It is going to take that village approach to really increase diversity and inclusivity for the community. >>That's the flusher. I'd love to get your thoughts. You mentioned, um, your, your outreach program and the dropoff, some of those data, uh, you're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >>Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them, you know, what the exciting part is about it, right. But, you know, bill was, was alluding to this. And when he was talking about, you know, trying to name somebody that you can can point to. And I think having those visible people where you can see yourself in that is, is absolutely critical and those mentors and that mentorship program. So we use a lot of our students going out into California, middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our national society of black engineers or a society of Hispanic professional engineers or our society of women engineers. >>We have over a thousand members, a thousand student members in our society of women engineers who were doing these outreach programs. But like I also said, it's hitting them at the lower levels too. And girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges, starting in kindergarten. There's a cybersecurity badge for kindergarten and first graders. And it goes all the way up through late high school, the same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity and partnership with Palo Alto networks. And what you do is you want to build these, these skills that the girls are developing. And like bill said, work in and girl led teams where they can do it. And if they're doing it from kindergarten on, it just becomes normal. And they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >>Yeah. It's interesting. You used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't learn how to be a white, white hat hacker, or have fun or learn new skills just in, in the, in the grind of your fun day. Super exciting. Okay. Trung your thoughts on this. I mean, you have a diverse diversity. It brings perspective to the table in cybersecurity because you have to think like the other, the adversary, you got to be the white headed hippie, a white hat, unless you know how black hat thinks. So there's a lot of needs here for more, more, more points of view. How are we going to get people trained on this from under represented minorities and women? What's your thoughts? >>Well, as a member of, I took a professional society of directed pool in the electronic engineer. You have the, uh, we participate in the engineering week. We'll be ploy our members to local junior high school and high school to talk about our project, to promote the discovery of engineering. But at the same time, we also participate in the science fair that we scaled up flex. As the squad organizing our engineer will be mentoring students, number one, to help them with the part check, but number two, to help us identify talents so that we can recruit them further into the field of STEM. One of the participation that week was the competition of the, what they call future CV. We're still going, we'll be doing a CT on a computer simulation. And in recent year we promote ops smart CV where CT will be connected the individual houses to be added in through the internet. >>And we want to bring awareness of cybersecurity into competition. So we deploy engineer to supervise the people, the students who participate in the competition, we bring awareness, not in the technical be challenged level, but in what we've called the compound level. So speargun will be able to know what is, why to provide cyber security for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the room. And so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to get students to continue education in Epic college level. So with scholarship, it's very easy to recruit them, to give you and then push them to go further into the cyber security Eylea. >>Yeah. I mean, you know, I see a lot of the parents like, Oh, my kid's going to go join the soccer team, >>Private lessons, and maybe look at a scholarship >>Someday. Well, they only do have scholarships anyway. I mean, this is if they spent that time doing other things, it's just, again, this is a new lifestyle, like the girl Scouts. And this is where I want to get into this whole silo breaking down because Amy, you brought this up and bill, you were talking about as well, you've got multiple stakeholders here with this event. You got, you know, public, you got private and you've got educators. It's the intersection of all of them. It's again, that those, if those silos break down the confluence of those three stakeholders have to work together. So let's, let's talk about that. Educators. You guys are educating young minds, you're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity is maybe it's more recent, it's cutting edge, best practices, but still it's an, it's an evolving playbook. What's your thoughts for educators, bill? We'll start with you. >>Well, I don't really, I'm going to turn it off. >>I would say, I would say as, as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and, um, applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that, that works in both ways that, you know, we can talk as educators and we can be telling industry what we're working on and what are types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way as well. >>And I think it's just all part of this is really looking at, at what's going to be happening and how do we get people talking to each other and the same thing with looking at public policy and bringing that into our education and into these real hands on experiences. And that's how you really cement this type of knowledge with students, not by not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just up and you keep going. >>And these are important skills that you develop along the way >>You mentioned, um, um, sharing too. That's the key collaborating and sharing knowledge. It's an open, open world and everyone's collaborating feel private public partnerships. I mean, there's a real private companies. You mentioned Palo Alto networks and others. There's a real intersection there there's, they're motivated. They could, the scholarship opportunities, trunk points to that. What is the public private educator view there? How do companies get involved? What's the benefit for them? >>Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes, people who are really focused on developing and furthering those public private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, uh, not to take away from the academic side, but to add additional opportunities for both sides. Remember in a public private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject space and cyber security. This has been an absolute banner year for space. The Stanhope of space force, the launch of commercial partnership, leaving commercial platforms, delivering astronauts to the space station, recovering them and bringing back the ability of a commercial satellite platform to be launched a commercial platforms that not only launch, but return back to where they're launched from. >>These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested, they're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that public private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil moving from one side of the earth, to the other via space. And it's about government. And what's really cool for us. All those things are in our backyard. Yeah. That's where that public private comes together. The government's involved, the private sector is involved. The educators are involved and we're all looking at the same things and trying to figure out like this forum, what works best to go to the future. >>You know, if people are bored and they want to look for an exciting challenge, he couldn't have laid it out any clearer. It's the most exciting discipline. It hits everything. I mean, we just talk about space. GPS is everything we do is well tested. Do with satellites. >>I have to tell you a story on that, right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the air force. So you can't get better than that when it comes to being connected to all those platforms. So we, we really want to say, you know, this is so exciting for all of us because >>It gives everybody a job for a long time. >>You know, the kids that don't think tick toxic, exciting, wait til they see what's going on here with you guys, this program, trunk final word on this from the public side, you're at the air force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >>I think it's the same in athlete university CP in the engineering program will require our students to be final project before graduation. And in this kind of project, we send them out to work in the private industry. The private company got sponsor. Then they get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Some, some kind of, we call that a core program, some kind, we call that a capstone program and the company will accept the students on a trial PRCS, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final of the job. >>So the collaboration between university and private sector is really important. We, when I joined a faculty, normally they already exist that connection. It came from. Normally it came from the Dean of engineering who would whine and dine with companies. We work relationship and sign up women, but it's approach to do a good performance so that we can be credibility to continue the relationship with those company and the students that we selected to send to those company. We have to make sure that they will represent the university. Well, they will go a good job and they will make a good impression. >>Thank you very much for great insight, trunk, bill, Amy, amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung bill and Amy Truong, the importance of cybersecurity space statement. >>We know that it's affecting components that we are using and we are connecting to. And normally we use them for personal purpose. But when we connect to the important system that the government public company put into space, so it's really important to practice cyber security and a lot of time, it's very easy to know concept. We have to be careful, but in reality, we tend to forget to partnership the way we forget how to ride safely. And with driving a car, we have a program called defensive driving that requires every two or three years to get. We can get discount. >>We are providing the cyber security practice, not to tell people about the technology, but to remind them not practicing cybersecurity. And it's a requirement for every one of us, bill, the importance of cyber security to space. It's not just about young people. It's about all of us as we grow and we change as I referenced it, you know, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine. We need to be just as cognizant about cybersecurity practice as the young people, we need to understand how it affects our lives and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data, transfer all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expensive for all of us, Amy, the importance of cybersecurity space, >>Uh, and the, the emphasis of cybersecurity is space. Just simply, can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students, to children >>Today. But these are my really interesting fields that you need to consider. >>Thank you very much. I'm John foray with the cube and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people and society. Thank you to Cal poly. And thank you for watching the Cypress of computer security and space symposium 2020.

from around the globe it's thecube covering space and cyber security symposium 2020 hosted by cal poly hello everyone welcome to the space and cyber security symposium 2020 hosted by cal poly where the intersection of space and security are coming together i'm john furrier your host with thecube here in california i want to welcome our featured guest lieutenant general john f thompson with the united states space force approach to cyber security that's the topic of this session and of course he's the commander of the space and missile system center in los angeles air force base also heading up space force general thank you for coming on really appreciate you kicking this off welcome to the symposium hey so uh thank you very much john for that very kind introduction also uh very much thank you to cal poly uh for this opportunity to speak to this audience today also a special shout out to one of the organizers uh dustin brun for all of his work uh helping uh get us uh to this point uh ladies and gentlemen as uh as uh john mentioned uh i'm jt thompson uh i lead the 6 000 men and women of the united states space forces space and missile system center which is headquartered here at los angeles air force base in el segundo if you're not quite sure where that's at it's about a mile and a half from lax this is our main operating location but we do have a number of other operating locations around the country with about 500 people at kirtland air force base in albuquerque new mexico uh and about another 500 people on the front range of the rockies uh between colorado springs and uh and denver plus a smattering of other much smaller operating locations nationwide uh we're responsible for uh acquiring developing and sustaining the united states space force's critical space assets that includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites and we also are in charge of procuring launch services for the u.s space force and a number of our critical mission partners across the uh department of defense and the intelligence community um just as a couple of examples of some of the things we do if you're unfamiliar with our work we developed and currently sustained the 31 satellite gps constellation that satellite constellation while originally intended to help with global navigation those gps signals have provided trillions of dollars in unanticipated value to the global economy uh over the past three decades i mean gps is everywhere i think everybody realizes that agriculture banking the stock market the airline industry uh separate and distinct navigation systems it's really pervasive across both the capabilities for our department of defense and capabilities for our economy and and individuals billions of individuals across our country and the planet some of the other work we do for instance in the communications sector uh secure communications satellites that we design and build that link america's sons and daughters serving in the military around the world and really enable real-time support and comms for our deployed forces and those of our allies we also acquire uh infrared missile warning satellites uh that monitor the planet for missile launches and provide advanced warning uh to the u.s homeland and to our allies uh in case some of those missile launches are uh nefarious um on a note that's probably a lot closer to home maybe a lot closer to home than many of us want to think about here in the state of california in 2018 smc jumped through a bunch of red tape and bureaucracy uh to partner with the u.s forest service during the two of the largest wildfires in the state's history the camp and woolsey fires in northern california as those fires spread out of control we created processes on the fly to share data from our missile warning satellites those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet and we collaborated with the us forest service so that firefighters on the ground uh could track those fires more in real time and better forecast fires and where they were spreading thereby saving lives and and property by identifying hot spots and flare-ups for firefighters that data that we were able to working with our contractors pass to the u.s forest service and authorities here in california was passed in less than an hour as it was collected to get it into the hands of the emergency responders the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters it was really instrumental in fighting those fires and stopping their spread we've continued uh that involvement in recent years using multiple systems to support firefighters across the western u.s this fall as they battled numerous wildfires that unfortunately continue working together with the u.s forest service and with other partners uh we like to make uh we like to think that we made a difference here but there's still a lot more work to go and i think that we should always be asking ourselves uh what else can space data be used for and how can we more rapidly get that space data to uh stakeholders so that they can use it for for purposes of good if you will how else can we protect our nation how else can we protect our friends and allies um i think a major component of the of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly um just over the past few years uh john and i were talking before we went live here and 80 nations now have uh space programs 80 nearly 80 space faring nations on the planet um if you just look at one mission area that uh the department of defense is interested in and that's small launch there are currently over a hundred different small launch companies uh within the u.s industrial base vying for commercial dod and civil uh payload capabilities uh mostly to low earth orbit it's it's just truly a remarkable time if you factor in those things like artificial intelligence and machine learning um where we're revolutionary revolutionizing really uh the ways that we generate process and use data i mean it's really remarkable in 2016 so if you think about this four years ago uh nasa estimated that there were 28 terabytes of information transiting their space network each day and that was four years ago um uh obviously we've got a lot of desire to work with a lot of the people in the audience of this congress or in this conference uh we need to work with big thinkers like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data we need new generations of thinkers to help apply cutting edge edge theories of data mining cyber behaviorism and internet of things 2.0 it's just truly a remarkable time uh to be in the space business and the cyber aspects of the states of the space business are truly truly daunting and important to uh to all of us um integrating cyber security into our space systems both commercial and government is a mandate um it's no longer just a nice to have as the us space force and department of the air force leadership has said many times over the past couple of years space is becoming congested and contested and that contested aspect means that we've got to focus on cyber security uh in the same way that the banking industry and cyber commerce focus on uh cyber security day in and day out the value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer from the ground control segments associated with it and this value is not just military it's also economic and it's not just american it's also a value for the entire world particularly particularly our allies as we all depend upon space and space systems your neighbors and friends here in california that are employed at the space and missile system center uh work with network defenders we work with our commercial contractors and our systems developers um our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global commons of space free and open for exploration and for commerce um as john and i were talking earlier before we came online there's an aspect of cyber security for space systems especially for some of our legacy systems that's more how do we bolt this on because we fielded those space systems a number of years ago and the the challenges of cyber security in the space domain have grown so we have a part that we have to worry about bolting it on but then we have to worry about building it in as we as we field new systems and build in a flexibility that that realizes that the cyber threat or the cyber security landscape will evolve over time it's not just going to be stagnant there will always be new vulnerabilities and new threat vectors that we always have to look at look uh as secretary barrett who is our secretary of the air force likes to say most americans use space before they have their first cup of coffee in the morning the american way of life really depends on space and as part of the united states space force we work with defense leaders our congress joint and international military teammates and industry to ensure american leadership in space i really thank you for this opportunity to address the audience today john and thanks so much to cal poly for letting me be one of the speakers at this event i really look forward to this for uh several months and so with that i look forward to your questions as we kind of move along here general thank you very much for the awesome uh introductory statement uh for the folks watching on the stream brigadier general carthan is going to be in the chat answering any questions feel free to chat away he's the vice commander of space and missile systems center he'll be available um a couple comments from your keynote before i get to my questions because it just jumped in my head you mentioned the benefits of say space but the fires in california we're living that here that's really real time that's a benefit you also mentioned the ability for more people launching payloads into space and i only imagine moore's law smaller faster cheaper applies to rockets too so i'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned so you know is it going to be more rules around that i mean this is an interesting question because it's exciting space force but for all the good there is potentially bad out there yeah so i i john i think the uh i think the basics of your question is as space becomes more congested and contested is there a need for more international norms of how satellites fly in space what kind of basic features satellites have to perhaps deorbit themselves what kind of basic protections does do all satellites should all satellites be afforded as part of a peaceful global commons of space i think those are all fantastic questions and i know that u.s and many uh allied policy makers are looking very very hard at those kinds of questions in terms of what are the norms of behavior and how we uh you know how how we field and field is the military term but you know how we uh populate uh using civil or uh commercial terms uh that space layer at different altitudes uh low earth orbit mid mid-earth orbit geosynchronous earth orbit different kinds of orbits uh what the kind of mission areas we accomplish from space that's all things that need to be definitely taken into account as uh as the place gets a little bit not a little bit as the place gets increasingly more popular day in and day out well i'm super excited for space force i know that a new generation of young folks are really interested in it's an emerging changing great space the focus here at this conference is space and cyber security intersection i'd like to get your thoughts on the approach that space force is taking to cyber security and how it impacts our national goals here in the united states yeah yeah so that's a that's a great question john let me let me talk about in two uh two basic ways but number one is and and i know um some people in the audience this might make them a little bit uncomfortable but i have to talk about the threat right um and then relative to that threat i really have to talk about the importance of uh of cyber and specifically cyber security as it relates to that threat um the threats that we face um really represent a new era of warfare and that new era of warfare involves both space and cyber uh we've seen a lot of action in recent months uh from certain countries notably china and russia uh that have threatened what i referred to earlier as the peaceful global commons of space for example uh it through many unclassified sources and media sources everybody should understand that um uh the russians have been testing on orbit uh anti-satellite capabilities it's been very clear if you were following just the week before last the department of defense released its uh 2020 military and security developments involving the people's republic of china um uh and uh it was very clear that china is developing asats electronic jammers directed energy weapons and most relevant to today's discussion offensive cyber uh capabilities there are kinetic threats uh that are very very easy to see but a cyber attack against a critical uh command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of gps and important to note that that gps system also impacts many civilians who are dependent upon those systems from a first response perspective and emergency services a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to a system to mislead operators so that they send emergency services personnel to the to the wrong address right attacks on spacecraft on orbit whether directly via a network of intrusion or enabled through malware introduced during the systems production uh while we're building the satellite can [ __ ] or corrupt the data denial of service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control i mean if gps went down i you know i hesitate to say it this way because we might elicit some screams from the audience but if gps went down a starbucks wouldn't be able to handle your mobile order uber drivers wouldn't be able to find you and domino's certainly certainly wouldn't be able to get there in 30 minutes or less right so with a little bit of tongue-in-cheek there from a military operations perspective it's dead serious um uh we have become accustomed in the commercial world to threats like lance ransomware and malware and those things have unfortunately become commonplace in commercial terrestrial networks and computer systems however what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled if you will to use against our national security space systems uh day in and day out um as i said during my opening remarks on the importance of cyber the value of these systems is directly tied to their integrity if commanders in the field uh firefighters in california or baristas in in starbucks can't trust the data they see they're receiving then that really harms their decision-making capabilities one of the big trends we've recently seen is the mood move towards proliferated leo uh uh constellations obviously uh spacex's uh starlink uh on the commercial side and on the military side the work that darpa and my organization smc are doing on blackjack and casino as well as some space transport layer constellation work that the space development agency is designing are all really really important types of mesh network systems that will revolutionize how we plan and field warfighting systems and commercial communications and internet providing systems but they're also heavily reliant on cyber security uh we've got to make sure that they are secured to avoid an accident or international damage uh loss of control of these constellations really could be catastrophic from both a mission perspective or from uh you know satellites tumbling out of low earth orbit perspective another trend is introductions in artificial intelligence and machine learning on board spacecraft or at the edge our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector they're basically flying boxes full of software right and we need to ensure the data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms govern governing the right actions and that those uh that those systems are impervious to the extent possible uh to nefarious uh modifications so in summation a cyber security is vital element of everything in our national security space goals and i would argue for our national uh goals uh writ large including uh economic and information uh uh dimensions uh the space force leadership at all levels uh from uh some of the brand new second lieutenants that general raymond uh swore into the space force this morning uh ceremonially from the uh air force association's air space and cyberspace conference uh to the various highest levels general raymond uh general d t thompson myself and a number of other senior leaders in this enterprise we've got to make sure that we're all working together to keep cyber security at the forefront of our space systems because it they absolutely depend on it you know you mentioned uh hardware software threats opportunities challenges i want to ask you because you you got me thinking of the minute there around infrastructure i mean we've heard critical infrastructure you know grids here on on earth you're talking about critical infrastructure a redefinition of what critical infrastructure is an extension of what we have so i'd love to get your thoughts about space force's view of that critical infrastructure vis-a-vis the threat vectors because you know the term threat vectors has been kicked around in the cyber space oh yeah threat vectors they're always increasing the surface area well if the surface area is from space it's an unlimited surface area so you got different vectors so you got new critical infrastructure developing real time really fast and you got an expanded threat vector landscape putting that in perspective for the folks that aren't really inside the ropes on these critical issues how would you explain this and how would you talk about those two things well so i tell you um i just like um uh just like uh i'm sure people in the security side or the cyber security side of the business in the banking industry feel they feel like it's uh all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system to the financial sector on the department of defense side we've got to have sort of the same mindset um that threat vector from to and through space against critical space systems ground segments the launch enterprise or transportation uh to orbit and the various different uh domains within uh within space itself like i mentioned before uh leo mio and geo-based satellites with different orbits all of the different mission areas that are accomplished from space that i mentioned earlier some that i didn't mention like weather tactical or wide band communications uh various new features of space control all of those are things that we have to worry about from a cyber security uh threat perspective and it's a it's a daunting challenge right now right yeah it's awesome and one of the things we've been following on the hardware side here in the on the ground is the supply chain we've seen you know malware being you know really put into really obscure hardware who manufactures it as being outsourced obviously government has restrictions but with the private sector uh you mentioned china and and the us kind of working together across these these peaceful areas but you got to look at the supply chain how does the supply chain the security aspect impact the mission of the u.s space force yeah yeah so so um how about another um just in terms of an example another kind of california-based historical example right um the very first u.s satellite uh explorer one was built by uh the jet propulsion uh laboratory folks uh not far from here in el segundo up in uh up in pasadena um that satellite when it was first built in the late 50s uh weighed a little bit over 30 pounds and i'm sure that each and every part was custom made and definitely made by u.s companies fast forward to today the global supply chain is so tightly coupled and frankly many industries are so specialized almost specialized regionally around the planet we focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them but it becomes more difficult and more difficult to understand the the heritage if you will of some of the parts that are used the thousands of parts that are used in some of our satellites that are literally school bus sized right the space industry especially uh national security space sector um uh is relatively small compared to other commercial industries and we're moving to towards using more and more parts uh from non-us companies uh cyber security and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily um understand 100 percent like an explorer one uh the the lineage of that particular part the environmental difficulties in space are well known the radiation environment the temperature extremes the vacuum those require specialized component and the us military is not the only uh customer in that space in fact we're definitely not the dominant customer uh in space anymore all those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains from a quality perspective a security perspective and availability um there's open source reporting on supply training intrusions from um many different breaches of commercial retailers to the infectious spread of uh you know compromised patches if you will and our adversaries are aware of these techniques as i mentioned earlier with other forms of attack considering our supply chains and development networks really becomes fair game for our adversaries so we have to uh take that threat seriously um between the government and industry sectors here in the u.s we're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities last fall we completed an extensive review of all of our major contracts here at space and missile system center to determine the levels of cyber security requirements we've implemented across our portfolio and it sounds really kind of you know businessy geeky if you will you know hey we looked at our contracts to make sure that we had the right clauses in our contracts to address cyber security as dynamically as we possibly could and so we found ourselves having to add new language to our contracts to require system developers to implement some more advanced uh protective measures in this evolving cyber security environment so that data handling and supply chain perspective uh protections um from contract inception to launch and operations were taken into account uh cyber security really is a key performance parameter for us now it's as important as the the mission performance of the system it's as important as cost it's as important as schedule because if we deliver the perfect system on time and on cost uh it can perform that missile warning or that communications mis mission perfectly but it's not cyber secure if it doesn't have cyber protections built into it or the ability to implement mitigations against cyber uh threats then we've essentially fielded a shoe box in space that doesn't do the k the the war fighter or the nation uh any good um supply chain risk management is a is a major challenge for us uh we're doing a lot to coordinate with our industry partners uh we're all facing it head on uh to try and build secure and trusted components uh that keep our confidence as leaders firefighters and baristas uh as the case may be uh but it is a challenge and we're trying to rise to that challenge you know this so exciting this new area because it really touches everything you know talk about geeking out on on the tech the hardware the systems but also you put your kind of mba hat on you go what's the roi of the extra development and how you how things get built because the always the exciting thing for space geeks is like you're building cool stuff people love it's it's exciting but you still have to build and cyber security has proven that security has to be baked in from the beginning and be thought as a system architecture so you're still building things which means you've got to acquire things you got to acquire parts you got to acquire build software and and sustain it how is security impacting the acquisition and the sustainment of these systems for space yeah from initial development uh through planning for the acquisition design development fielding or production fielding and sustainment it impacts all aspects of of the life cycle john uh we simply especially from the concept of baking in cyber security uh we can't wait until something is built and then try and figure out how to make it cyber secure so we've moved way further uh towards working side by side with our system developers to strengthen cyber security from the very beginning of a system's development cyber security and the resilience associated with it really have to be treated as a key system attribute as i mentioned earlier equivalent with data rates or other metrics of performance we like to talk in uh in the space world about uh mission assurance and mission assurance has always you know sort of taken us as we as we technically geek out right mission assurance has always taken us to the will this system work in space right can it work in a vacuum can it work in you know as it as it uh you know transfers through uh the van allen radiation belt or through the the um the southern hemisphere's electromagnetic anomaly right will it work out in space and now from a resiliency perspective yeah it has to work in space it's got to be functional in space but it's also got to be resistant to these cyber security threats it's it's not just i think uh general dt thompson quoted this term it's not just widget assurance anymore it's mission assurance um uh how does that satellite uh operator that ground control segment operate while under attack so let me break your question a little bit uh just for purposes of discussion into into really two parts uh cyber uh for cyber security for systems that are new and cyber security uh for systems that are in sustainment or kind of old and legacy um obviously there's cyber vulnerabilities that threaten both and we really have to employ different strategies for for defense of of each one for new systems uh we're desperately trying to implement across the department of defense in particular in the space world a kind of a devsecops methodology and practice to delivering software faster and with greater security for our space systems here at smc we have a program called enterprise ground services which is a tool kit basically a collection of tools for common command and control of different satellite systems egs as we call it has an integrated suite for defensive cyber capabilities network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of of bad behavior malicious behavior if you will um uh it's rudimentary at this point but because we're using devsecops and that incremental development approach as we scale it it just becomes more and more capable you know every every product increment that we field here at uh at uh la air force base uh uh we have the united space space forces west coast software factory which we've dubbed kobayashi maru they're using those agile devops uh software development practices uh to deliver uh space awareness software uh to the combined space operations center uh affectionately called the csp that c-spock is just down the road uh from cal poly uh there in san luis obispo at vandenberg air force base they've securely linked the c-spock with other space operation centers around the planet our allies australia canada and the uk uh we're partnering with all of them to enable secure and enhanced combined space operations so lots of new stuff going on as we bake in new development uh capabilities for our our space systems but as i mentioned earlier we've got large constellations on satellite of satellites on orbit right now some of them are well in excess of a decade or more old on orbit and so the design aspects of those satellites are several decades old and so but we still have to worry about them because they're critical to our space capabilities um we've been working with an air force materiel command organization uh called crows which stands for the cyber resiliency office for uh weapon systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to to live through this increasingly cyber security uh concerned era that we currently live in our industry partners have been critical to to both of those different avenues both new systems and legacy systems we're working closely with them to defend and upgrade uh national assets and develop the capabilities to do similar with uh with new national assets coming online the vulnerabilities of our space systems really kind of threaten the way we've done business in the past both militarily and in the case of gps economically the impacts of that cyber security risk are clear in our acquisition and sustainment processes but i've got to tell you it that as the threat vectors change as the vulnerabilities change we've got to be nimble enough agile enough to be able to bounce back and forth we can't just say uh many people in the audience are probably familiar with the rmf or the risk management framework approach to um to reviewing uh the cyber security of a system we can't have program managers and engineers just accomplish an rmf on a system and then hey high five we're all good uh it's a journey not a destination that's cyber security and it's a constant battle rhythm throughout a weapon systems life cycle not just a single event i want to get to this commercial business needs and your needs on the next question but before i go there you mentioned the agile and i see that clearly because when you have accelerated innovation cycles you've got to be faster and we saw this in the computer industry mainframes mini computers and then when you started getting beyond me when the internet hit and pcs came out you saw the big enterprises the banks and and government start to work with startups it used to be a joke in the entrepreneurial circles is that you know there's no way if you're a startup you're ever going to get a contract with a big business enterprise now that used to be for public sector and certainly uh for you guys so as you see startups out there and there's acquisition involved i'm sure would love to love to have a contract with space force there's an roi calculation where if it's in space and you have a sustainment view edit software you might have a new kind of business model that could be attractive to startups could you share your thoughts on the folks who want to be a supplier to you uh whether they're a startup or an existing business that wants to be agile but they might not be that big company we are john that's a fantastic question we are desperately trying to reach out to to those new space advocates to those startups to those um what we sometimes refer to within the department of defense those non-traditional uh defense contractors a couple of things just for uh thinking purposes on some of the things that we're trying to highlight um uh three years ago we created here at uh space and missile system center uh the space enterprise consortium uh to provide a platform uh a contractual vehicle really to enable us to rapidly prototype uh development of space systems and to collaborate uh between the u.s space force uh traditional defense contractors non-traditional vendors like startups and even some academic institutions uh spec as we call it space enterprise consortium uses a specialized contracting tool to get contracts uh awarded quickly many in the audience may be familiar with other transaction agreements and that's what spec is based on and so far in just three years spec has awarded 75 different uh prototyping contracts worth over 800 million dollars with a 36 reduction in time to award and because it's a consortium based competition for um for these kinds of prototyping efforts the barrier to entry for small and non-traditional for startups even for academic institutions to be able to compete for these kinds of prototypings is really lowered right um uh these types of partnerships uh that we've been working through on spec uh have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security uh for their systems both their developmental systems and the systems that they're designing and trying to build we want to provide ways for companies large and small to partner together and support um uh kind of mutually beneficial uh relationships between all um recently uh at the annual air force association uh conference that i mentioned earlier i moderated a panel with several space industry leaders uh all from big traditional defense contractors by the way and they all stressed the importance of building bridges and partnerships uh between major contractors in the defense industry and new entrants uh and that helps us capture the benefits of speed and agility that come with small companies and startups as well as the expertise and specialized skill sets of some of those uh larger contractors uh that we rely on day in and day out advanced cyber security protections and utilization of secure facilities are just a couple of things that i think we could be prioritizing more so in those collaborations as i mentioned earlier the spec has been very successful in awarding a number of different prototyping contracts and large dollar values and it's just going to get better right there's over 400 members of the space enterprise consortium 80 of them are non-traditional kinds of vendors and we just love working with them another thing that many people in the audience may be familiar with in terms of our outreach to innovators uh if you will and innovators that include uh cyber security experts is our space pitch day events right so we held our first event last november in san francisco uh where we awarded over a two-day period about 46 million dollars to 30 different companies um that had potentially game-changing ideas these were phase two small business innovative research efforts uh that we awarded with cash on the spot uh we're planning on holding our second space pitch day in the spring of 2021. uh we're planning on doing it right here in los angeles uh covent 19 environment permitting um and we think that these are you know fantastic uh uh venues for identifying and working with high-speed startups startups and small businesses who are interested in uh really truly partnering with the us air force it's a as i said before it's a really exciting time to be a part of this business uh and working with the innovation economy uh is something that the department of defense uh really needs to do in that um the innovation that we used to think was ours you know that 80 percent of the industrial-based innovation that came from the department of defense uh the the script has been flipped there and so now more than 70 percent uh particularly in space innovation uh comes from the commercial sector not from uh not from the defense business itself and so um that's a tsunami of uh investment and a tsunami of uh capability and i need to figure out how to get my surfboard out and ride it you know what i mean yeah i mean it's one of those things where the flip the script has been flipped but it's exciting because it's impacting everything are you talking about systems architecture you're talking about software you're talking about a business model you talk about devsecops from a technical perspective but now you have a business model innovation all the theaters of uh are exploding in innovation technical business personnel this brings up the workforce challenge you've got the cyber needs for the u.s space force there's probably a great roi model for new kinds of software development that could be priced into contracts that's a entrepreneurial innovation you got the the business model theater you've got the personnel how does the industry adopt and change you guys are clearly driving this how does the industry adjust to you yeah so um i think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the u.s space force from a from an acquisition perspective and in this particular case from a from a cyber security perspective as i mentioned earlier it's the most exciting time to be in space programs uh really since the days of apollo um uh you know just to put it in terms that you know maybe have an impact with the audience uh from 1957 until today approximately 9 000 satellites uh have been launched from the various space faring countries around the planet uh less than two thousand of those nine thousand are still up on orbit and operational and yet in the new space regime um players like spacex have plans to launch you know 12 000 satellites for some of their constellations alone it really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities whether they're commercial civil or defense are going to require appropriate cyber security uh protections it's just a really exciting time uh to be working in stuff like this and so uh folks like the folks in this audience who have a passion about space and a passion about cyber security are just the kind of people that we want to work with because we need to make sure our systems are are secure and resilient we need folks that have technical and computing expertise engineering skills to be able to design cybersecure systems that can detect and mitigate attacks uh but we also as you alluded to we need people that have that business and um you know business acumen human networking background so that we can launch the startups and work with the non-traditional businesses uh help to bring them on board help to secure both their data and our data and uh and and make sure our processes and systems are are free as much as possible from uh uh from attack um for preparation for for audience members who are young and maybe thinking about getting into this uh trade space um you gotta be smart on digital networking uh you gotta understand basic internet protocols concepts uh programming languages uh database design uh learn what you can from penetration or vulnerability testing and and uh risk assessment i will tell you this and i don't think he will i know he will not mind me telling you this but you've got to be a lifelong learner and so two years ago i'm at home one evening and i get a phone call on my cell phone and it's my boss the commander of air force space command uh general j raymond who is now currently the chief of space operations and he is on temporary duty flying overseas he lands where he's going and he first thing he does when he lands is he calls me and he goes jt um while i was traveling um i noticed that there were e-books available on the commercial airliner i was traveling on and there was an e-book on something called scrumming and agile devsecops and i read it have you read it um and i said no sir but if you tell me what the title of the book is i will read it and so i got to go to my staff meeting um you know the very next week the next time we had a staff meeting and tell everybody in the stab meeting hey if the four star and the three star can read the book about scrumming then i'm pretty sure all of you around this table and all our lieutenants and our captains our gs13s all of our government employees can get smart on uh the scrumming development process and interestingly as another side i had a telephone call with him last year during the holidays where he was trying to take some leave and i said sir what are you up to today are you are you you know making eggnog for the event tonight or whatever and the chief of space operations told me no i'm trying to teach myself python i'm at lesson two and it's not going so well but i'm i'm gonna figure this out and so that kind of thing if the chief of staff or the you know the the the chief of space operations can prioritize scrumming and python language and innovation in his daily schedule then we're definitely looking for other people who can do that and we'll just say lower levels of rank uh throughout our entire space force enterprise um look i i we don't need to need people that can code a satellite from scratch but we need to know we need to have people that have a basic grasp of the programming basics and cyber security requirements and that can turn those things into into meaningful actions obviously in the space domain things like basic physics and orbital mechanics are also important uh space is not an intuitive uh domain so under understanding how things survive uh on orbit is really critical to making the right design and operational decisions and you know i know there's probably a lot because of this conference i know there's a probably a whole lot of high-speed cyber security experts out in the audience and i need those people in the u.s space force the the country is counting on it but i wouldn't discount having people that are just cyber aware or cyber savvy right i have contracting officers and logisticians and program managers and they don't have to be high-end cyber security experts but they have to be aware enough about it to be able to implement cyber security protections um into our space system so the skill set is is really really broad um our adversaries are pouring billions of dollars into uh define designing uh and fielding offensive and destructive space cyber security weapons right they've repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit and the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that as i mentioned before peaceful uh global commons of space we really need all hands on deck if you're interested in helping in uniform if you're interested in helping uh not in uniform uh but as a government employee a commercial or civil employee to help us make cyber security more important uh or more cape more able to be developed for our space systems then we'd really love to uh to work with you or have you on the team to build that safe and secure future for our space systems lieutenant general john thompson great insight thank you for sharing all that awesome stories too and motivation for the young next generation the united states space force approach of cyber security really amazing talk thank you for your time final parting question is as you look out and you had your magic wand what's your view for the next few years in terms of things that we could accomplish it's a super exciting time what do you hope for so um um first of all john thanks to you and and thanks to cal poly uh for the invitation and and thanks to everybody for uh for their interest in cyber security especially as it relates to space systems that's here at the conference um uh there's a quote and i'll read it here uh from uh bernard schriever who was the uh the founder if you will uh a legend in uh dod space the founder of the western development division which was a predecessor organization to space and missile systems center general shrever i think captures the essence of what how we see the next couple of years the world has an ample supply of people who can always come up with a dozen good reasons why new ideas will not work and should not be tried but the people who produce progress are breed apart they have the imagination the courage and the persistence to find solutions and so i think if you're hoping that the next few years of space innovation and cyber security innovation are going to be a pony ride at the county fair then perhaps you should look for another line of work because i think the next few years in space and cyber security innovation are going to be more like a rodeo um and a very dynamic rodeo as it goes it is a an awesome privilege to be part of this ecosystem it's really an honor for me to um to be able to play some small role uh in the space ecosystem and trying to improve it uh while i'm trying to improve the chances of uh of the united states of america in a uh in a space war fighting uh uh environment um and so i thank all of you for uh participating today and for this little bit of time that you've allowed me to share with you thank you sir thank you for your leadership and thank you for the for the time for this awesome event space and cyber security symposium 2020 i'm john furrier on behalf of cal poly thanks for watching [Music]

>> Announcer: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020, hosted by Cal Poly. >> Everyone, welcome to this special presentation with Cal Poly hosting the Space and Cybersecurity Symposium 2020 virtual. I'm John Furrier, your host with theCUBE and SiliconANGLE here in our Palo Alto studios with our remote guests. We couldn't be there in person, but we're going to be here remote. We got a great session and a panel for one hour, topic preparing students for the jobs of today and tomorrow. Got a great lineup. Bill Britton, Lieutenant Colonel from the US Air Force, retired vice president for information technology and CIO and the director of the California Cybersecurity Institute for Cal Poly. Bill, thanks for joining us. Dr. Amy Fleischer, who's the dean of the College of Engineering at Cal Poly, and Trung Pham, professor and researcher at the US Air Force Academy. Folks, thanks for joining me today. >> Our pleasure. >> Got a great- >> Great to be here. >> Great panel. This is one of my favorite topics. >> Thank you for the opportunity. >> Preparing students for the next generation, the jobs for today and tomorrow. We got an hour. I'd love you guys to start with an opening statement to kick things off. Bill, we'll start with you. >> Well, I'm really pleased to be, to start on this as the director for the Cybersecurity Institute and the CIO at Cal Poly, it's really a fun, exciting job, because as a polytechnic, technology has such a forefront in what we're doing, and we've had a wonderful opportunity being 40 miles from Vandenberg Air Force Base to really look at the nexus of space and cybersecurity. And if you add into that both commercial, government, and civil space and cybersecurity, this is an expanding wide open time for cyber and space. In that role that we have with the Cybersecurity Institute, we partner with elements of the state and the university, and we try to really add value above our academic level, which is some of the highest in the nation, and to really merge down and go a little lower and start younger. So we actually are running the week prior to this showing a cybersecurity competition for high schools and middle schools in the state of California. That competition this year is based on a scenario around hacking of a commercial satellite and the forensics of the payload that was hacked and the networks associated with it. This is going to be done using products like Wireshark, Autopsy, and other tools that will give those high school students what we hope is a huge desire to follow up and go into cyber and cyberspace and space and follow that career path and either come to Cal Poly or some other institution that's going to let them really expand their horizons in cybersecurity and space for the future of our nation. >> Bill, thanks for that intro. By the way, I just want to give you props for an amazing team and job you guys are doing at Cal Poly, the DxHub and the efforts you guys are having with your challenge. Congratulations on that great work. >> Thank you. It's a rock star team. It's absolutely amazing to find that much talent at one location. And I think Amy's going to tell you, she's got the same amount of talent in her staff, so it's a great place to be. >> Dr. Amy Fleischer. You guys have a great organization down there, amazing curriculum, amazing people, great community. Your opening statement. >> Hello everybody. It's really great to be a part of this panel on behalf of the Cal Poly College of Engineering. Here at Cal Poly, we really take preparing students for the jobs of today and tomorrow completely seriously, and we can claim that our students really graduate so they're ready day one for their first real job. But that means that in getting them to that point, we have to help them get valuable and meaningful job experience before they graduate, both through our curriculum and through multiple internship or summer research opportunities. So we focus our curriculum on what we call a learn by doing philosophy. And this means that we have a combination of practical experience and learn by doing both in and out of the classroom. And we find that to be really critical for preparing students for the workforce. Here at Cal Poly, we have more than 6,000 engineering students. We're one of the largest undergraduate engineering schools in the country. And US News ranks us the eighth best undergraduate engineering program in the country and the top ranked state school. We're really, really proud that we offer this impactful hands-on engineering education that really exceeds that of virtually all private universities while reaching a wider audience of students. We offer 14 degree programs, and really, we're talking today about cyber and space, and I think most of those degree programs can really make an impact in the space and cybersecurity economy. And this includes not only things like aero and cyber directly, but also electrical engineering, mechanical engineering, computer engineering, materials engineering, even manufacturing, civil, and biomedical engineering, as there's a lot of infrastructure needs that go into supporting launch capabilities. Our aerospace program graduates hundreds of aerospace engineers and most of them are working right here in California with many of our corporate partners, including Northrop Grumman, Lockheed, Boeing, Raytheon, SpaceX, Virgin Galactic, JPL, and so many other places where we have Cal Poly engineers impacting the space economy. Our cybersecurity focus is found mainly in our computer science and software engineering programs, and it's really a rapidly growing interest among our students. Computer science is our most popular major, and industry interests and partnerships are integrated into our cyber curriculum, and we do that oftentimes through support from industry. So we have partnerships with Northrop Grumman for professorship in a cyber lab and from PG&E for critical infrastructure cybersecurity lab and professorship. And we think that industry partnerships like these are really critical to preparing students for the future as the field is evolving so quickly and making sure we adapt our facilities and our curriculum to stay in line with what we're seeing in industry is incredibly important. In our aerospace program, we have an educational partnership with the Air Force Research Labs that's allowing us to install new high-performance computing capabilities and a space environments lab that's going to enhance our satellite design capabilities. And if we talk about satellite design, Cal Poly is the founding home of the CubeSat program, which pioneered small satellite capabilities, And we remain the worldwide leader in maintaining the CubeSat standard, and our student program has launched more CubeSats than any other program. So here again we have this learn by doing experience every year for dozens of aerospace, electrical, computer science, mechanical engineering students, and other student activities that we think are just as important include ethical hacking through our white hat club, Cal Poly Space Systems, which does really, really big rocket launches, and our support program for women in both of these fields, like WISH, which is Women In Software and Hardware. Now, you know, really trying to bring in a wide variety of people into these fields is incredibly important, and outreach and support to those demographics traditionally underrepresented in these fields is going to be really critical to future success. So by drawing on the lived experiences by people with different types of backgrounds will we develop the type of culture and environment where all of us can get to the best solution. So in terms of bringing people into the field, we see that research shows we need to reach kids when they're in late elementary and middle schools to really overcome that cultural bias that works against diversity in our fields. And you heard Bill talking about the California Cybersecurity Institute's yearly cyber challenge, and there's a lot of other people who are working to bring in a wider variety of people into the field, like Girl Scouts, which has introduced dozens of new badges over the past few years, including a whole cybersecurity series of badges in concert with Palo Alto Networks. So we have our work cut out for us, but we know what we need to do, and if we're really committed to properly preparing the workforce for today and tomorrow, I think our future is going to be bright. I'm looking forward to our discussion today. >> Thank you, Dr. Fleischer, for a great comment, opening statement, and congratulations. You got the right formula down there, the right mindset, and you got a lot of talent, and community, as well. Thank you for that opening statement. Next up, from Colorado Springs, Trung Pham, who's a professor and researcher at the US Air Force Academy. He's doing a lot of research around the areas that are most important for the intersection of space and technology. Trung. >> Good afternoon. First I'd like to thank Cal Poly for the opportunity. And today I want to go briefly about cybersecurity in space application. Whenever we talk about cybersecurity, the impression is that it's a new field that is really highly complex involving a lot of technical area. But in reality, in my personal opinion, it is indeed a complex field because it involves many disciplines. The first thing we think about is computer engineering and computer networking, but it's also involving communication, sociology, law practice. And this practice of cybersecurity doesn't only involve computer expert, but it's also involve everybody else who has a computing device that is connected to the internet, and this participation is obviously everybody in today's environment. When we think about the internet, we know that it's a good source of information but come with the convenience of information that we can access, we are constantly facing danger from the internet. Some of them we might be aware of. Some of them we might not be aware of. For example, when we search on the internet, a lot of time our browser will be saying that this site is not trusted, so we will be more careful. But what about the sites that we trusted? We know that those are legitimate sites, but they're not 100% bulletproof. What happen if those site are attacked by a hacker and then they will be a silent source of danger that we might not be aware of. So in the reality, we need to be more practicing the cybersecurity from our civil point of view and not from a technical point of view. When we talk about space application, we should know that all the hardware are computer-based or controlled by by computer system, and therefore the hardware and the software must go through some certification process so that they can be rated as airworthy or flightworthy. When we know that in the certification process is focusing on the functionality of the hardware and software, but one aspect that is explicitly and implicitly required is the security of those components. And we know that those components have to be connected with the ground control station, and the communication is through the air, through the radio signal, so anybody who has access to those communication radio signal will be able to control the space system that we put up there. And we certainly do not want our system to be hijacked by a third party. Another aspect of cybersecurity is that we try to design the space system in a very strong manner so it's almost impossible to hack in. But what about some other weak system that might be connected to the strong system? For example, the space system will be connected to the ground control station, and on the ground control station, we have the human controller, and those people have cell phone. They are allowed to use cell phone for communication. But at the same time, they are connected to the internet through the cell phone, and their cell phone might be connected to the computer that control the flight software and hardware. So what I want to say is we try to build strong system and we've protected them, but there will be some weaker system that we could not intended but exists to be connected to our strong system, and those are the points the hacker will be trying to attack. If we know how to control the access to those weak points, we will be having a much better system for the space system. And when we see the cybersecurity that is requiring the participation everywhere it's important to notice that there is a source of opportunity for students who enter the workforce to consider. Obviously students in engineering can focus their knowledge and expertise to provide technological solution to protect the system that we view. But we also have students in business who can focus their expertise to write business plan so that they can provide a pathway for the engineering advances to reach the market. We also have student in law who can focus their expertise in policy governing the internet, governing the cybersecurity practice. And we also have student in education who can focus their expertise to design how to teach cybersecurity practice, and student in every other discipline can focus their effort to implement security measure to protect the system that they are using in their field. So it's obvious that cybersecurity is everywhere and it implies job opportunity everywhere for everybody in every discipline of study. Thank you. >> Thank you, Trung, for those great comments. Great technology opportunities. But interesting, as well, is the theme that we're seeing across the entire symposium and in the virtual hallways that we're hearing conversations, and you pointed out some of them. Dr. Fleischer did, as well. And Bill, you mentioned it. It's not one thing. It's not just technology. It's different skills. And Amy, you mentioned that computer science is the hottest degree, but you have the hottest aerospace program in the world. I mean, so all this is kind of balancing. It's interdisciplinary. It's a structural change. Before we get into some of the, how they prepare the students, can you guys talk about some of the structural changes that are modern now in preparing in these opportunities, because societal impact is a, law potentially impact, it's how we educate. There's now cross-discipline skill sets. It's not just get the degree, see you out in the field. Bill, you want to start? >> Well, what's really fun about this job is that in the Air Force, I worked in the space and missile business, and what we saw was a heavy reliance on checklist format, security procedures, analog systems, and what we're seeing now in our world, both in the government and the commercial side, is a move to a digital environment, and the digital environment is a very quick and adaptive environment, and it's going to require a digital understanding. Matter of fact, the undersecretary of Air Force for acquisition recently referenced the need to understand the digital environment and how that's affecting acquisition. So as both Amy and Trung said, even business students are now in the cybersecurity business. And so again, what we're seeing is the change. Now, another phenomenon that we're seeing in the space world is there's just so much data. One of the ways that we addressed that in the past was to look at high-performance computing. There was a lot stricter control over how that worked. But now what we're seeing is adaptation of cloud, cloud technologies in space support, space data, command and control. And so what we see is a modern space engineer who has to understand digital, has to understand cloud, and has to understand the context of all those with a cyber environment. That's really changing the forefront of what is a space engineer, what is a digital engineer, and what is a future engineer, both commercial or government. So I think the opportunity for all of these things is really good, particularly for a polytechnic, Air Force Academy, and others that are focusing on a more widened experiential level of cloud and engineering and other capabilities. And I'll tell you the part that as the CIO I have to remind everybody, all this stuff works with the IT stuff. So you've got to understand how your IT infrastructures are tied and working together. As we noted earlier, one of the things is that these are all relays from point to point, and that architecture is part of your cybersecurity architecture. So again, every component has now become a cyber aware, cyber knowledgeable, and what we like to call as a cyber cognizant citizen where they have to understand the context. (speaking on mute) >> (indistinct) software Dr. Fleischer, talk about your perspective, 'cause you mentioned some of the things about computer science. I remember in the '80s when I got my computer science degree, they called us software engineers and then you became software developers. And then, so again, engineering is the theme. If you're engineering a system, there's now software involved, and there's also business engineering, business models. So talk about some of your comments, 'cause you mentioned computer science is hot. You got the aerospace. You got these multi-disciplines. You got definitely diversity, as well, brings more perspectives in, as well. Your thoughts on these structural interdisciplinary things? >> I think this is really key to making sure that students are prepared to work in the workforce is looking at the blurring between fields. No longer are you just a computer scientist. No longer are you just an aerospace engineer. You really have to have an expertise where you can work with people across disciplines. All of these fields are just working with each other in ways we haven't seen before. And Bill brought up data. You know, data science is something that's cross-cutting across all of our fields. So we want engineers that have the disciplinary expertise that they can go deep into these fields, but we want them to be able to communicate with each other and to be able to communicate across disciplines and to be able to work in teams that are across disciplines. You can no longer just work with other computer scientists or just work with other aerospace engineers. There's no part of engineering that is siloed anymore. So that's how we're changing. You have to be able to work across those disciplines. And as you, as Trung pointed out, ethics has to come into this. So you can no longer try to fully separate what we would traditionally have called the liberal arts and say, well, that's over there in general education. No, ethics is an important part of what we're doing and how we integrate that into our curriculum. So is communication. So is working on public policy and seeing where all these different aspects tie together to make the impact that we want to have in the world. So you no longer can work solo in these fields. >> That's great point. And Bill also mentioned the cloud. One thing about the cloud that's showed us is horizontal scalability has created a lot of value, and certainly data is now horizontal. Trung, you mentioned some of the things about cryptography for the kids out there, I mean, you can look at the pathway for career. You can do a lot of tech, but you don't have to go deep sometimes. You can as deep as you want, but there's so much more there. What technology do you see that's going to help students, in your opinion? >> Well, I'm a professor in computer science, so I like to talk a little bit about computer programming. Now we are working in complex projects. So most of the time we don't design a system from scratch. We build it from different components, and the components that we have, either we get it from vendors or sometimes we get it from the internet in the open source environment. It's fun to get the source code and then make it work to our own application. So now when we are looking at cryptology, when we talk about encryption, for example, we can easily get the source code from the internet. And the question, is it safe to use those source code? And my question is maybe not. So I always encourage my students to learn how to write source code the traditional way that I learned a long time ago before I allow them to use the open source environment. And one of the things that they have to be careful especially with encryption is the code that might be hidden in the source that they downloaded. Some of the source might be harmful. It might open up back gate for a hacker to get in later. We've heard about these back gates back then when Microsoft designed the operating system with the protection of encryption, and it is true that is existing. So while open source code is a wonderful place to develop complex system, but it's also a dangerous place that we have to be aware of. >> Great point. Before we get into the comments, one quick thing for each of you I'd like to get your comments on. There's been a big movement on growth mindset, which has been a great big believer in having a growth mindset and learning and all that good stuff. But now when you talk about some of these things we're mentioning about systems, there's a new trend around a systems mindset, because if everything's now a system, distributed systems now you have space and cybersecurity, you have to understand the consequences of changes. And you mention some of that, Trung, in changes in the source code. Could you guys share your quick opinions on the of systems thinking? Is that a mindset that people should be looking at? Because it used to be just one thing. Oh, you're a systems guy or gal. There you go. You're done. Now it seems to be in social media and data, everything seems to be systems. What's your take? Dr. Fleischer, we'll start with you. >> I'd say it's another way of looking at not being just so deep in your discipline. You have to understand what the impact of the decisions that you're making have on a much broader system. And so I think it's important for all of our students to get some exposure to that systems level thinking and looking at the greater impact of the decision that they're making. Now, the issue is where do you set the systems boundary, right? And you can set the systems boundary very close in and concentrate on an aspect of a design, or you can continually move that system boundary out and see where do you hit the intersections of engineering and science along with ethics and public policy and the greater society. And I think that's where some of the interesting work is going to be. And I think at least exposing students and letting them know that they're going to have to make some of these considerations as they move throughout their career is going to be vital as we move into the future. >> Bill, what's your thoughts? >> I absolutely agree with Amy. And I think there's a context here that reverse engineering and forensics analysis and forensics engineering are becoming more critical than ever. The ability to look at what you have designed in a system and then tear it apart and look at it for gaps and holes and problem sets. Or when you're given some software that's already been pre-developed, checking it to make sure it is really going to do what it says it's going to do. That forensics ability becomes more and more a skillset that also you need the verbal skills to explain what it is you're doing and what you found. So the communication side, the systems analysis side, the forensics analysis side, these are all things that are part of system approach that I think you could spend hours on and we still haven't really done a great job on it. So it's one of my fortes is really the whole analysis side of forensics and reverse engineering. >> Trung, real quick, systems thinking, your thoughts. >> Well, I'd like to share with you my experience when I worked in the space station program at NASA. We had two different approaches. One is a compound approach where we design it from the system general point of view where we put components together to be a complex system. But at the same time, we have the (indistinct) approach where we have an engineer who spent time and effort building individual component and they have to be expert in those tiny component that general component they deliver. And in the space station program, we bring together the (indistinct) engineer who designed everything in detail and the system manager who managed the system design from the top down, and we meet in the middle, and together we compromised a lot of differences and we delivered the space station that we are operating today. >> Great insight. And that's the whole teamwork collaboration that Dr. Fleischer was mentioning. Thanks so much for that insight. I wanted to get that out there because I know myself as a parent, I'm always trying to think about what's best for my kids and their friends as they grow up into the workforce. I know educators and leaders in industry would love to know some of the best practices around some of the structural changes. So thanks for that insight. But this topic's about students and helping them prepare. So we heard be multiple discipline, broaden your horizons, think like systems, top down, bottom up, work together as a team, and follow the data. So I got to ask you guys, there's a huge amount of job openings in cybersecurity. It's well-documented. And certainly with the intersection of space and cyber, it's only going to get bigger, right? You're going to see more and more demand for new types of jobs. How do we get high school and college students interested in security as a career? Dr. Fleischer, we'll start with you on this one. I would say really one of the best ways to get students interested in a career is to show them the impact that it's going to have. There's definitely always going to be students who are going to want to do the technology for the technology's sake, but that will limit you to a narrow set of students, and by showing the greater impact that these types of careers are going to have on the types of problems that you're going to be able to solve and the impact you're going to be able to have on the world around you, that's the word that we really need to get out. And a wide variety of students really respond to these messages. So I think it's really kind of reaching out at the elementary, the middle school level, and really kind of getting this idea that you can make a big difference, a big positive difference in the field with some of these careers, is going to be really critical. >> Real question to follow up. What do you think is the best entry point? You mentioned middle. I didn't hear elementary school. There's a lot of discussions around pipelining, and we're going to get into women in tech and underrepresented minorities later. But is it too early, or what's your feeling on this? >> My feeling is the earlier we can normalize it, the better. If you can normalize an interest in computers and technology and building in elementary school, that's absolutely critical. But the drop-off point that we're seeing is between what I would call late elementary and early middle school. And just kind of as an anecdote, I for years ran an outreach program for Girl Scouts in grades four and five and grade six, seven, and eight. And we had 100 slots in each program. And every year the program would sell out for girls in grades four and five, and every year we'd have spots remaining in grades six, seven, and eight. And that's literally where the drop-off is occurring between that late elementary and that middle school range. So that's the area that we need to target to make sure we keep those young women involved and interested as we move forward. >> Bill, how are we going to get these kids interested in security? You mentioned a few programs you got. >> Yeah. >> I mean, who wouldn't want to be a white hat hacker? I mean, that sounds exciting. >> So yeah, great questions. Let's start with some basic principles, though, is let me ask you a question, John. Name for me one white hat, good person hacker, the name, who works in the space industry and is an exemplar for students to look up to. >> You? >> Oh man, I'm feeling really... >> I'm only, I can't imagine a figure- >> (indistinct) the answer because the answer we normally get is the cricket sound. So we don't have individuals we've identified in those areas for them to look up to. >> I was going to be snarky and say most white hackers won't even use their real name, but... >> Right, so there's an aura around their anonymity here. So again, the real question is how do we get them engaged and keep them engaged? And that's what Amy was pointing out to exactly, the engagement and sticking with it. So one of the things that we're trying to do through our competition on the state level and other elements is providing connections. We call them ambassadors. These are people in the business who can contact the students that are in the game or in that challenge environment and let 'em interact and let 'em talk about what they do and what they're doing in life. But give them a challenging game format. A lot of computer-based training, capture the flag stuff is great, but if you can make it hands-on, if you can make it a learn by doing experiment, if you can make it personally involved and see the benefit as a result of doing that challenge and then talk to the people who do that on a daily basis, that's how you get them involved. The second part is part of what we're doing is we're involving partnership companies in the development of the teams. So this year's competition that we're running has 82 teams from across the state of California. Of those 82 teams at six students a team, middle school, high school, and many of those have company partners, and these are practitioners in cybersecurity who are working with those students to participate. It's that adult connectivity. It's that visualization. So at the competition this year, we have the founder of Defcon Red Flag is a participant to talk to the students. We have Vint Cerf, who is, of course, very well-known for something called the internet, to participate. It's really getting the students to understand who's in this, who can I look up to, and how do I stay engaged with them? >> There's definitely a celebrity aspect of it, I will agree. I mean, the influencer aspect here with knowledge is key. Can you talk about these ambassadors, and how far along are you on that program? First of all, the challenge stuff is, anything gamification-wise, we've seen that with hackathons, it just really works well. Creates bonding. People who create together can get sticky and get very high community aspect to it. Talk about this ambassador thing. What is that, industry, is that academic? >> Yeah, absolutely. >> What is this ambassador thing? >> Industry partners that we've identified, some of which, and I won't hit all of 'em, so I'm sure I'll short change this, but Palo Alto, Cisco, Splunk, many of the companies in California, and what we've done is identified schools to participate in the challenge that may not have a strong STEM program or have any cyber program. And the idea of the company is they look for their employees who are in those school districts to partner with the schools to help provide outreach. It could be as simple as a couple hours a week, or it's a team support captain or it's providing computers and other devices to use. And so again, it's really about a constant connectivity and trying to help where some schools may not have the staff or support units in an area to really provide them what they need for connectivity. What that does is it gives us an opportunity to not just focus on it once a year, but throughout the year. So for the competition, all the teams that are participating have been receiving training and educational opportunities in the gamification side since they signed up to participate. So there's a website, there's learning materials, there's materials provided by certain vendor companies like Wireshark and others. So it's a continuum of opportunity for the students. >> You know, I've seen, just randomly, just got a random thought. Robotics clubs are moving then closer into that middle school area, Dr. Fleischer, and in certainly in high schools, it's almost like a varsity sport. E-sports is another one. My son just called me. "I made the JV at the college team." It's big and serious, right? And it's fun. This is the aspect of fun. It's hands-on. This is part of the culture down there. Learn by doing. Is there, like, a group? Is it, like, a club? I mean, how do you guys organize these bottoms-up organically interest topics? >> So here in the college of engineering, when we talk about learn by doing, we have learned by doing both in the classroom and out of the classroom. And if we look at these types of out of the classroom activities, we have over 80 clubs working on all different aspects, and many of these are bottom-up. The students have decided what they want to work on and have organized themselves around that. And then they get the leadership opportunities. The more experienced students train the less experienced students. And it continues to build from year after year after year with them even doing aspects of strategic planning from year to year for some of these competitions. Yeah, it's an absolutely great experience. And we don't define for them how their learn by doing experiences should be. We want them to define it. And I think the really cool thing about that is they have the ownership and they have the interest and they can come up with new clubs year after year to see which direction they want to take it, and we will help support those clubs as old clubs fade out and new clubs come in. >> Trung, real quick, before we go on the next talk track, what do you recommend for middle school, high school, or even elementary? A little bit of coding, Minecraft? I mean, how do you get 'em hooked on the fun and the dopamine of technology and cybersecurity? What's your take on that? >> On this aspect, I'd like to share with you my experience as a junior high and high school student in Texas. The university of Texas in Austin organized a competition for every high school in Texas in every field from poetry to mathematics to science, computer engineering. But it's not about the University of Texas. The University of Texas is only serving as a center for the final competition. They divide the competition to district and then regional and then state. At each level, we have local university and colleges volunteering to host the competition and make it fun for the student to participate. And also they connected the students with private enterprises to raise fund for scholarship. So student who see the competition is a fun event for them, they get exposed to different university hosting the event so that they can see different option for them to consider college. They also get a promise that if they participate, they will be considered for scholarship when they attend university and college. So I think the combination of fun and competition and the scholarship aspect will be a good thing to entice the student to commit to the area of cybersecurity. >> Got the engagement, the aspiration, scholarship, and you mentioned a volunteer. I think one of the things I'll observe is you guys are kind of hitting this as community. I mean, the story of Steve Jobs and Woz building the Mac, they called Bill Hewlett up in Palo Alto. He was in the phone book. And they scoured some parts from him. That's community. This is kind of what you're getting at. So this is kind of the formula we're seeing. So the next question I really want to get into is the women in technology, STEM, underrepresented minorities, how do we get them on cybersecurity career path? Is there a best practices there? Bill, we'll start with you. >> Well, I think it's really interesting. First thing I want to add is, if I could, just a clarification. What's really cool, the competition that we have and we're running, it's run by students from Cal Poly. So Amy referenced the clubs and other activities. So many of the organizers and developers of the competition that we're running are the students, but not just from engineering. So we actually have theater and liberal arts majors and technology for liberal arts majors who are part of the competition, and we use their areas of expertise, set design and other things, visualization, virtualization. Those are all part of how we then teach and educate cyber in our gamification and other areas. So they're all involved and they're learning, as well. So we have our students teaching other students. So we're really excited about that. And I think that's part of what leads to a mentoring aspect of what we're providing where our students are mentoring the other students. And I think it's also something that's really important in the game. The first year we held the game, we had several all-girl teams, and it was really interesting because A, they didn't really know if they could compete. I mean, this is their reference point. We don't know if. They did better than anybody. I mean, they just, they knocked the ball out of the park. The second part, then, is building that confidence level that can, going back and telling their cohorts that, hey, it's not this obtuse thing you can't do. It's something real that you can compete and win. And so again, it's building that camaraderie, that spirit, that knowledge that they can succeed. And I think that goes a long way. And Amy's programs and the reach out and the reach out that Cal Poly does to schools to develop, I think that's what it really is going to take. It is going to take that village approach to really increase diversity and inclusivity for the community. >> Dr. Fleischer, I'd love to get your thoughts. You mentioned your outreach program and the drop-off, some of those data. You're deeply involved in this. You're passionate about it. What's your thoughts on this career path opportunity for STEM? >> Yeah, I think STEM is an incredible career path opportunity for so many people. There's so many interesting problems that we can solve, particularly in cyber and in space systems. And I think we have to meet the kids where they are and kind of show them what the exciting part is about it, right? But Bill was alluding to this when he was talking about trying to name somebody that you can point to. And I think having those visible people where you can see yourself in that is absolutely critical, and those mentors and that mentorship program. So we use a lot of our students going out into California middle schools and elementary schools. And you want to see somebody that's like you, somebody that came from your background and was able to do this. So a lot of times we have students from our National Society of Black Engineers or our Society of Hispanic Professional Engineers or our Society of Women Engineers, which we have over 1,000 members, 1,000 student members in our Society of Women Engineers who are doing these outreach programs. But like I also said, it's hitting them at the lower levels, too, and Girl Scouts is actually distinguishing themselves as one of the leading STEM advocates in the country. And like I said, they developed all these cybersecurity badges starting in kindergarten. There's a cybersecurity badge for kindergartener and first graders. And it goes all the way up through late high school. The same thing with space systems. And they did the space systems in partnership with NASA. They did the cybersecurity in partnership with Palo Alto Networks. And what you do is you want to build these skills that the girls are developing, and like Bill said, work in girl-led teams where they can do it, and if they're doing it from kindergarten on, it just becomes normal, and they never think, well, this is not for me. And they see the older girls who are doing it and they see a very clear path leading them into these careers. >> Yeah, it's interesting, you used the word normalization earlier. That's exactly what it is. It's life, you get life skills and a new kind of badge. Why wouldn't you learn how to be a white hat hacker or have some fun or learn some skills? >> Amy: Absolutely. >> Just in the grind of your fun day. Super exciting. Okay, Trung, your thoughts on this. I mean, you have a diverse, diversity brings perspective to the table in cybersecurity because you have to think like the other guy, the adversary. You got to be the white hat. You can't be a white hat unless you know how black hat thinks. So there's a lot of needs here for more points of view. How are we going to get people trained on this from underrepresented minorities and women? What's your thoughts? >> Well, as a member of the IEEE Professional Society of Electrical and Electronic Engineers, every year we participate in the engineering week. We deploy our members to local junior high school and high school to talk about our project to promote the study of engineering. But at the same time, we also participate in the science fair that the state of Texas is organizing. Our engineer will be mentoring students, number one, to help them with the project, but number two, to help us identify talent so that we can recruit them further into the field of STEM. One of the participation that we did was the competition of the, what they call Future City, where students will be building a city on a computer simulation. And in recent year, we promote the theme of smart city where city will be connected the individual houses and together into the internet. And we want to bring awareness of cybersecurity into that competition. So we deploy engineer to supervise the people, the students who participate in the competition. We bring awareness not in the technical detail level, but in what we've call the compound level so student will be able to know what required to provide cybersecurity for the smart city that they are building. And at the same time, we were able to identify talent, especially talent in the minority and in the woman, so that we can recruit them more actively. And we also raise money for scholarship. We believe that scholarship is the best way to entice student to continue education at the college level. So with scholarship, it's very easy to recruit them to the field and then push them to go further into the cybersecurity area. >> Yeah, I mean, I see a lot of the parents like, oh, my kid's going to go join the soccer team, we get private lessons, and maybe they'll get a scholarship someday. Well, they only do half scholarships. Anyway. I mean, if they spent that time doing these other things, it's just, again, this is a new life skill, like the Girl Scouts. And this is where I want to get into this whole silo breaking down, because Amy, you brought this up, and Bill, you were talking about it, as well. You got multiple stakeholders here with this event. You've got public, you've got private, and you've got educators. It's the intersection of all of them. It's, again, if those silos break down, the confluence of those three stakeholders have to work together. So let's talk about that. Educators. You guys are educating young minds. You're interfacing with private institutions and now the public. What about educators? What can they do to make cyber better? 'Cause there's no real manual. I mean, it's not like this court is a body of work of how to educate cybersecurity. Maybe it's more recent. There's cutting edge best practices. But still, it's an evolving playbook. What's your thoughts for educators? Bill, we'll start with you. >> Well, I'm going to turn to Amy and let her go first. >> Let you go. >> That's fine. >> I would say as educators, it's really important for us to stay on top of how the field is evolving, right? So what we want to do is we want to promote these tight connections between educators and our faculty and applied research in industry and with industry partnerships. And I think that's how we're going to make sure that we're educating students in the best way. And you're talking about that inner, that confluence of the three different areas. And I think you have to keep those communication lines open to make sure that the information on where the field is going and what we need to concentrate on is flowing down into our educational process. And that works in both ways, that we can talk as educators and we can be telling industry what we're working on and what types of skills our students have and working with them to get the opportunities for our students to work in industry and develop those skills along the way, as well. And I think it's just all part of this really looking at what's going to be happening and how do we get people talking to each other? And the same thing with looking at public policy and bringing that into our education and into these real hands-on experiences. And that's how you really cement this type of knowledge with students, not by talking to them and not by showing them, but letting them do it. It's this learn by doing and building the resiliency that it takes when you learn by doing. And sometimes you learn by failing, but you just pick up and you keep going. And these are important skills that you develop along the way. >> You mentioned sharing, too. That's the key. Collaborating and sharing knowledge. It's an open world and everyone's collaborating. Bill, private-public partnerships. I mean, there's a real, private companies, you mentioned Palo Alto Networks and others. There's a real intersection there. They're motivated. They could, there's scholarship opportunities. Trung points to that. What is the public-private educator view there? How do companies get involved and what's the benefit for them? >> Well, that's what a lot of the universities are doing is to bring in as part of either their cyber centers or institutes people who are really focused on developing and furthering those public-private partnerships. That's really what my role is in all these things is to take us to a different level in those areas, not to take away from the academic side, but to add additional opportunities for both sides. Remember, in a public-private partnership, all entities have to have some gain in the process. Now, what I think is really interesting is the timing on particularly this subject, space and cybersecurity. This has been an absolute banner year for space. The standup of Space Force, the launch of commercial partnership, you know, commercial platforms delivering astronauts to the space station, recovering them, and bringing them back. The ability of a commercial satellite platform to be launched. Commercial platforms that not only launch but return back to where they're launched from. These are things that are stirring the hearts of the American citizens, the kids, again, they're getting interested. They're seeing this and getting enthused. So we have to seize upon that and we have to find a way to connect that. Public-private partnerships is the answer for that. It's not one segment that can handle it all. It's all of them combined together. If you look at space, space is going to be about commercial. It's going to be about civil. Moving from one side of the Earth to the other via space. And it's about government. And what's really cool for us, all those things are in our backyard. That's where that public-private comes together. The government's involved. The private sector's involved. The educators are involved. And we're all looking at the same things and trying to figure out, like this forum, what works best to go to the future. >> You know, if people are bored and they want to look for an exciting challenge, you couldn't have laid it out any clearer. It's the most exciting discipline. It's everything. I mean, we just talk about space. GPS is, everything we do is involved, has to do with satellites. (laughs) >> I have to tell you a story on that right? We have a very unique GPS story right in our backyard. So our sheriff is the son of the father of GPS for the Air Force. So you can't get better than that when it comes to being connected to all those platforms. So we really want to say, you know, this is so exciting for all of us because it gives everybody a job for a long time. >> You know, the kids that think TikTok's exciting, wait till they see what's going on here with you guys, this program. Trung, final word on this from the public side. You're at the Air Force. You're doing research. Are you guys opening it up? Are you integrating into the private and educational sectors? How do you see that formula playing out? And what's the best practice for students and preparing them? >> I think it's the same in every university in the engineering program will require our students to do the final project before graduation. And in this kind of project, we send them out to work in the private industry, the private company that sponsor them. They get the benefit of having an intern working for them and they get the benefit of reviewing the students as the prospective employee in the future. So it's good for the student to gain practical experience working in this program. Sometimes we call that a co-op program. Sometimes we call that a capstone program. And the company will accept the student on a trial basis, giving them some assignment and then pay them a little bit of money. So it's good for the student to earn some extra money, to have some experience that they can put on their resume when they apply for the final, for the job. So the collaboration between university and private sector is really important. When I join a faculty normally there already exist that connection. It came from normally, again, from the dean of engineering, who would wine and dine with companies, build up relationship, and sign up agreement. But it's us professor who have to do the (indistinct) approach to do a good performance so that we can build up credibility to continue the relationship with those company and the student that we selected to send to those company. We have to make sure that they will represent the university well, they will do a good job, and they will make a good impression. >> Thank you very much for a great insight, Trung, Bill, Amy. Amazing topic. I'd like to end this session with each of you to make a statement on the importance of cybersecurity to space. We'll go Trung, Bill, and Amy. Trung, the importance of cybersecurity to space, brief statement. >> The importance of cybersecurity, we know that it's affecting every component that we are using and we are connecting to, and those component, normally we use them for personal purpose, but when we enter the workforce, sometimes we connect them to the important system that the government or the company are investing to be put into space. So it's really important to practice cybersecurity, and a lot of time, it's very easy to know the concept. We have to be careful. But in reality, we tend to forget to to practice it the way we forget how to drive a car safely. And with driving a car, we have a program called defensive driving that requires us to go through training every two or three years so that we can get discount. Every organization we are providing the annual cybersecurity practice not to tell people about the technology, but to remind them about the danger of not practicing cybersecurity and it's a requirement for every one of us. >> Bill, the importance of cybersecurity to space. >> It's not just about young people. It's about all of us. As we grow and we change, as I referenced it, we're changing from an analog world to a digital world. Those of us who have been in the business and have hair that looks like mine, we need to be just as cognizant about cybersecurity practice as the young people. We need to understand how it affects our lives, and particularly in space, because we're going to be talking about people, moving people to space, moving payloads, data transfer, all of those things. And so there's a whole workforce that needs to be retrained or upskilled in cyber that's out there. So the opportunity is ever expansive for all of us. >> Amy, the importance of cybersecurity in space. >> I mean the emphasis of cybersecurity is space just simply can't be over emphasized. There are so many aspects that are going to have to be considered as systems get ever more complex. And as we pointed out, we're putting people's lives at stake here. This is incredibly, incredibly complicated and incredibly impactful, and actually really exciting, the opportunities that are here for students and the workforce of the future to really make an enormous impact on the world around us. And I hope we're able to get that message out to students and to children today, that these are really interesting fields that you need to consider. >> Thank you very much. I'm John Furrier with theCUBE, and the importance of cybersecurity and space is the future of the world's all going to happen in and around space with technology, people, and society. Thank you to Cal Poly, and thank you for watching the Cybersecurity and Space Symposium 2020. (bright music)

>> Narrator: From around the globe. It's theCUBE covering space in cybersecurity symposium 2020 hosted by Cal Poly. >> Hello, everyone. Welcome to the space and cybersecurity symposium, 2020 hosted by Cal Poly where the intersection of space and security are coming together. I'm John Furrier, your host with theCUBE here in California. I want to welcome our featured guest, Lieutenant General, John F. Thompson with the United States Space Force approach to cybersecurity. That's the topic of this session. And of course he's the commander of the space and missile system center in Los Angeles Air Force Base. Also heading up Space Force. General, thank you for coming on. I really appreciate to you kicking this off. Welcome to the symposium. >> Hey, so thank you very much, John, for that very kind introduction. Also very much thank you to Cal Poly for this opportunity to speak to this audience today. Also a special shout out to one of the organizers, Dustin Debrun, for all of his work, helping get us to this point. Ladies and gentlemen as a John mentioned, I'm JT Thompson. I lead the 6,000 men and women of the United States Space Force's Space and Missile System Center, which is headquartered here at Los Angeles Air Force Base and El Segundo. If you're not quite sure where that's at, it's about a mile and a half from LAX. This is our main operating location, but we do have a number of other operating locations around the country. We're about 500 people at Kirtland Air Force Base in Albuquerque, New Mexico, and an about another 500 people on the front range of the Rockies between Colorado Springs and Denver plus a smattering of other much smaller operating locations nationwide. We're responsible for acquiring, developing and sustaining the United States Space Force's, critical space assets. That includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites. And we also are in charge of procuring launch services for the US Space Force and a number of our critical mission partners across the Department of Defense and the intelligence community. Just as a couple of examples of some of the things we do, if you're unfamiliar with our work we developed and currently sustain the 31 satellite GPS constellation that satellite constellation, while originally intended to help with global navigation, those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. GPS is everywhere. I think everybody realizes that. Agriculture, banking, the stock market, the airline industry, separate and distinct navigation systems. It's really pervasive across both capabilities for our Department of Defense and capabilities for our economy and individuals, billions of individuals across our country and the planet. Some of the other work we do for instance, in the communications sector, secure communications satellites that we designed and build that link America's sons and daughters serving in the military around the world and really enable real time support and comms for our deployed forces. And those of our allies. We also acquire infrared missile warning satellites that monitor the planet for missile launches that provide advanced warning to the US Homeland and to our allies in case some of those missile launches are nefarious. On a note, that's probably a lot closer to home, maybe a lot closer to home than many of us want to think about here in the state of California. In 2018, SMC jumped through a bunch of red tape and bureaucracy to partner with the US Forest Service during two of the largest wildfires in the state's history, the Camp and Woolsey fires in Northern California. As those fires spread out of control, we created processes on the fly to share data from our missile warning satellites. Those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet. And we collaborated with the US Forest Service so that firefighters on the ground could track those fires more in real time and better forecast fires and where they were spreading, thereby saving lives and property by identifying hotspots and flareups for firefighters. That data that we were able to working with our contractors pass to the US Forest Service and authorities here in California, was passed in less than an hour as it was collected to get it into the hands of the emergency responders, the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters. It was really instrumental in fighting those fires and stopping their spread. We've continued that involvement in recent years, using multiple systems to support firefighters across the Western US this fall, as they battled numerous wildfires that unfortunately continue. Working together with the US Forest Service and with other partners we'd like to think that we've made a difference here, but there's still a lot more work to go. And I think that we should always be asking ourselves what else can space data be used for and how can we more rapidly get that space data to stakeholders so that they can use it for purposes of good, if you will. How else can we protect our nation? How else can we protect our friends and allies? I think a major component of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly. Just over the past few years, John and I were talking before we went live here and 80 nations now have space programs. Nearly 80 space faring nations on the planet. If you just look at one mission area that the Department of Defense is interested in, and that's small launch, there are currently over 100 different small launch companies within the US industrial base vying for commercial DoD and civil payload capabilities, mostly to lower earth orbit. It's truly a remarkable time. If you factor in those things like artificial intelligence and machine learning, where we're revolutionizing really, the ways that we generate process and use data. It's really remarkable. In 2016, so if you think about this four years ago, NASA estimated that there were 28 terabytes of information transiting their space network each day. And that was four years ago. Obviously we've got a lot of desire to work with a lot of the people in the audience in this conference, we need to work with big thinkers, like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data. We need new generations of thinkers to help apply cutting edge theories of data mining, cyber behaviorism, and Internet of Things 2.0, it's just truly a remarkable time to be in the space business and the cyber aspects of the space business are truly, truly daunting and important to all of us. Integrating cyber security into our space systems, both commercial and government is a mandate. it's no longer just a nice to have as the US Space Force and Department of the Air Force leadership has said many times over the past couple of years, space is becoming congested and contested. And that contested aspect means that we've got to focus on cyber security in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out. The value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer, from the ground control segments associated with it. And this value is not just military, it's also economic and it's not just American, it's also a value for the entire world, particularly our allies, as we all depend upon space and space systems. Your neighbors and friends here in California that are employed at the space and missile system center work with network defenders. We work with our commercial contractors and our systems developers, our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global comments of space free and open for exploration and for commerce as John and I were talking earlier, before we came online, there's an aspect of cybersecurity for space systems, especially for some of our legacy systems, that's more, how do we bolt this on? Cause we fielded those space systems a number of years ago, and the challenges of cybersecurity in the space domain have grown. So we have a part that we have to worry about, bolting it on, but then we have to worry about building it in as we field new systems and build in a flexibility that realizes that the cyber threat or the cybersecurity landscape will evolve over time. It's not just going to be stagnant. There will always be new vulnerabilities and new threat vectors that we all have to look at. Look, as Secretary Barrett, who is our secretary of the air force likes to say most Americans use space before they have their first cup of coffee in the morning. The American way of life really depends on space. And as part of the United States Space Force, we work with defense leaders, our Congress joint, and international military teammates and industry to ensure American leadership in space. I really thank you for this opportunity to address the audience today, John, and thanks so much to Cal Poly for letting me be one of the speakers at this event. I've really looked forward to this for several months. And so with that, I look forward to your questions as we kind of move along here. >> General, thank you very much for those awesome introductory statement. For the folks watching on the stream, Brigadier General Carthan's going to be in the chat, answering any questions, feel free to chat away. He's the vice commander of Space and Missile System Center, he'll be available. A couple of comments from your keynote before I get to my questions. Cause it just jumped into my head. You mentioned the benefits of say space with the fires in California. We're living that here. That's really realtime. That's a benefit. You also mentioned the ability for more people launching payloads into space. I'm only imagined Moore's law smaller, faster, cheaper applies to rockets too. So I'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned. So is it going to be more rules around that? This is an interesting question cause it's exciting Space Force, but for all the good there is potentially bad out there. >> Yeah. So John, I think the basics of your question is as space becomes more congested and contested, is there a need for more international norms of how satellites fly in space? What kind of basic features satellites have to perhaps de orbit themselves? What kind of basic protections should all satellites be afforded as part of a peaceful global commons of space? I think those are all fantastic questions. And I know that US and many allied policy makers are looking very, very hard at those kinds of questions in terms of what are the norms of behavior and how we field, and field as the military term. But how we populate using civil or commercial terms that space layer at different altitudes, lower earth orbit, mid earth orbit, geosynchronous earth orbit, different kinds of orbits, what the kind of mission areas we accomplished from space. That's all things that need to be definitely taken into account as the place gets a little bit, not a little bit as the place gets increasingly more popular day in and day out. >> I'm super excited for Space Force. I know that a new generation of young folks are really interested in it's an emerging, changing great space. The focus here at this conference is space and cybersecurity, the intersection. I'd like to get your thoughts on the approach that a space force is taking to cybersecurity and how it impacts our national goals here in the United States. >> Yeah. So that's a great question John, let me talk about it in two basic ways. At number one is an and I know some people in the audience, this might make them a little bit uncomfortable, but I have to talk about the threat. And then relative to that threat, I really have to talk about the importance of cyber and specifically cyber security, as it relates to that threat. The threats that we face really represented a new era of warfare and that new era of warfare involves both space and cyber. We've seen a lot of action in recent months from certain countries, notably China and Russia that have threatened what I referred to earlier as the peaceful global commons of space. For example, it threw many unclassified sources and media sources. Everybody should understand that the Russians have been testing on orbit anti-satellite capabilities. It's been very clear if you were following just the week before last, the Department of Defense released its 2020 military and security developments involving the People's Republic of China. And it was very clear that China is developing ASATs, electronic jammers, directed energy weapons, and most relevant to today's discussion, offensive cyber capabilities. There are kinetic threats that are very, very easy to see, but a cyber attack against a critical command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of GPS and important to note that that GPS system also impacts many civilians who are dependent on those systems from a first response perspective and emergency services, a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to assist them to mislead operators so that they sent emergency services personnel to the wrong address. Attacks on spacecraft on orbit, whether directly via a network intrusion or enabled through malware introduced during the system's production while we're building the satellite can cripple or corrupt the data. Denial-of-service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control. If GPS went down, I hesitate to say it this way, cause we might elicit some screams from the audience. But if GPS went down a Starbucks, wouldn't be able to handle your mobile order, Uber drivers wouldn't be able to find you. And Domino's certainly wouldn't be able to get there in 30 minutes or less. So with a little bit of tongue in cheek there from a military operations perspective, it's dead serious. We have become accustomed in the commercial world to threats like ransomware and malware. And those things have unfortunately become commonplace in commercial terrestrial networks and computer systems. However, what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled, if you will, to use against our national security space systems day in and day out. As I said, during my opening remarks on the importance of cyber, the value of these systems is directly tied to their integrity. If commanders in the field, firefighters in California or baristas in Starbucks, can't trust the data they're receiving, then that really harms their decision making capabilities. One of the big trends we've recently seen is the move towards proliferated LEO constellations, obviously Space X's Starlink on the commercial side and on the military side, the work that DARPA and my organization SMC are doing on Blackjack and Casino, as well as some space transport layer constellation work that the space development agency is designing are all really, really important types of mesh network systems that will revolutionaries how we plan and field war fighting systems and commercial communications and internet providing systems. But they're also heavily reliant on cybersecurity. We've got to make sure that they are secured to avoid an accident or international damage. Loss of control of these constellations really could be catastrophic from both a mission perspective or from a satellites tumbling out of low earth orbit perspective. Another trend is introductions in artificial intelligence and machine learning, onboard spacecraft are at the edge. Our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector, they're basically flying boxes full of software. And we need to ensure that data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms, governing the right actions and that those systems are impervious to the extent possible to nefarious modifications. So in summation, cybersecurity is a vital element of everything in our national security space goals. And I would argue for our national goals, writ large, including economic and information dimensions, the Space Force leadership at all levels from some of the brand new second lieutenants that general Raymond swore in to the space force this morning, ceremonially from the air force associations, airspace and cyberspace conference to the various highest levels, General Raymond, General DT Thompson, myself, and a number of other senior leaders in this enterprise. We've got to make sure that we're all working together to keep cyber security at the forefront of our space systems cause they absolutely depend on it. >> You mentioned hardware, software threats, opportunities, challenges. I want to ask you because you got me thinking of the minute they're around infrastructure. We've heard critical infrastructure, grids here on earth. You're talking about critical infrastructure, a redefinition of what critical infrastructure is, an extension of what we have. So I'd love to get your thoughts about Space Force's view of that critical infrastructure vis-a-vis the threat vectors, because the term threat vectors has been kicked around in the cyberspace. Oh you have threat vectors. They're always increasing the surface area. If the surface area is from space, it's an unlimited service area. So you got different vectors. So you've got new critical infrastructure developing real time, really fast. And you got an expanded threat vector landscape. Putting that in perspective for the folks that aren't really inside the ropes on these critical issues. How would you explain this and how would you talk about those two things? >> So I tell you, just like, I'm sure people in the security side or the cybersecurity side of the business in the banking industry feel, they feel like it's all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system, to the financial sector. On the Department of Defense side, we've got to have sort of the same mindset. That threat vector from, to, and through space against critical space systems, ground segments, the launch enterprise, or transportation to orbit and the various different domains within space itself. Like I mentioned before, LEO, MEO and GEO based satellites with different orbits, all of the different mission areas that are accomplished from space that I mentioned earlier, some that I did mention like a weather tactical or wide band communications, various new features of space control. All of those are things that we have to worry about from a cyber security threat perspective. And it's a daunting challenge right now. >> Yeah, that's awesome. And one of the things we've been falling on the hardware side on the ground is the supply chain. We've seen, malware being, really put in a really obscure hardware. Who manufactures it? Is it being outsourced? Obviously government has restrictions, but with the private sector, you mentioned China and the US kind of working together across these peaceful areas. But you got to look at the supply chain. How does the supply chain in the security aspect impact the mission of the US space Force? >> Yeah. Yeah. So how about another, just in terms of an example, another kind of California based historical example. The very first US Satellite, Explorer 1, was built by the jet propulsion laboratory folks, not far from here in El Segundo, up in Pasadena, that satellite, when it was first built in the late 50s weighing a little bit, over 30 pounds. And I'm sure that each and every part was custom made and definitely made by US companies. Fast forward to today. The global supply chain is so tightly coupled, and frankly many industries are so specialized, almost specialized regionally around the planet. We focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them, but it becomes more difficult and more difficult to understand the heritage, if you will, of some of the parts that are used, the thousands of parts that are used in some of our satellites that are literally school bus sized. The space industry, especially national security space sector is relatively small compared to other commercial industries. And we're moving towards using more and more parts from non US companies. Cybersecurity and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily understand 100% like an Explorer one, the lineage of that particular part. The environmental difficulties in space are well known. The radiation environment, the temperature extremes, the vacuum, those require specialized component. And the US military is not the only customer in that space. In fact, we're definitely not the dominant customer in space anymore. All those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains, from a quality perspective, a security perspective and availability. There's open source reporting on supply training intrusions from many different breaches of commercial retailers to the infectious spread of compromised patches, if you will. And our adversaries are aware of these techniques. As I mentioned earlier, with other forms of attack, considering our supply chains and development networks really becomes fair game for our adversaries. So we have to take that threat seriously. Between the government and industry sectors here in the US. We're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities. Last fall, we completed an extensive review of all of our major contracts here at Space and Missile System Center to determine the levels of cyber security requirements we've implemented across our portfolio. And it sounds really kind of businessy geeky, if you will. Hey, we looked at our contracts to make sure that we had the right clauses in our contracts to address cybersecurity as dynamically as we possibly could. And so we found ourselves having to add new language to our contracts, to require system developers, to implement some more advanced protective measures in this evolving cyber security environment. So that data handling and supply chain protections from contract inception to launch and operations were taken into account. Cyber security really is a key performance parameter for us now. Performance of the system, It's as important as cost, it's as important as schedule, because if we deliver the perfect system on time and on cost, it can perform that missile warning or that communications mission perfectly, but it's not cyber secure. If it's doesn't have cyber protections built into it, or the ability to implement mitigations against cyber threats, then we've essentially fielded a shoe box in space that doesn't do the CA the war fighter or the nation any good. Supply chain risk management is a major challenge for us. We're doing a lot to coordinate with our industry partners. We're all facing it head on to try and build secure and trusted components that keep our confidence as leaders, firefighters, and baristas as the case may be. But it is a challenge. And we're trying to rise to that challenge. >> This is so exciting this new area, because it really touches everything. Talk about geeking out on the tech, the hardware, the systems but also you put your kind of MBA hat on you go, what's the ROI of extra development and how things get built. Because the always the exciting thing for space geeks is like, if you're building cool stuff, it's exciting, but you still have to build. And cybersecurity has proven that security has to be baked in from the beginning and be thought as a system architecture. So you're still building things, which means you got to acquire things, you got to acquire parts, you got acquire build software and sustain it. How is security impacting the acquisition and the sustainment of these systems for space? >> Yeah. From initial development, through planning for the acquisition, design, development, our production fielding and sustainment, it impacts all aspects of the life cycle, John. We simply, especially from the concept of baking in cybersecurity, we can't wait until something is built and then try and figure out how to make it cyber secure. So we've moved way further towards working side by side with our system developers to strengthen cybersecurity from the very beginning of a systems development, cyber security, and the resilience associated with it really have to be treated as a key system attribute. As I mentioned earlier, equivalent with data rates or other metrics of performance. We like to talk in the space world about mission assurance and mission assurance has always sort of taken us as we technically geek out. Mission assurance has always taken us to the will this system work in space. Can it work in a vacuum? Can it work in as it transfers through the Van Allen radiation belt or through the Southern hemisphere's electromagnetic anomaly? Will it work out in space? And now from a resiliency perspective, yeah, it has to work in space. It's got to be functional in space, but it's also got to be resistant to these cybersecurity threats. It's not just, I think a General D.T Thompson quoted this term. It's not just widget assurance anymore. It's mission assurance. How does that satellite operator that ground control segment operate while under attack? So let me break your question a little bit, just for purposes of discussion into really two parts, cybersecurity, for systems that are new and cybersecurity for systems that are in sustainment are kind of old and legacy. Obviously there's cyber vulnerabilities that threatened both, and we really have to employ different strategies for defensive of each one. For new systems. We're desperately trying to implement across the Department of Defense and particularly in the space world, a kind of a dev sec ops methodology and practice to delivering software faster and with greater security for our space systems. Here at SMC, we have a program called enterprise ground services, which is a toolkit, basically a collection of tools for common command and control of different satellite systems, EGS as we call it has an integrated suite for defensive cyber capabilities. Network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of a bad behavior, malicious behavior, if you will, it's rudimentary at this point, but because we're using DevSecOps and that incremental development approach, as we scale it, it just becomes more and more capable. Every product increment that we feel. Here at LA Air Force Base, we have the United Space Force's West Coast Software Factory, which we've dubbed the Kobayashi Maru. They're using those agile DevOps software development practices to deliver a space awareness software to the combined space operations center. Affectionately called the CSpock that CSpock is just on the road from Cal Poly there in San Luis Obispo at Vandenberg Air Force Base. They've so securely linked the sea Spock with other space operation centers around the planet, our allies, Australia, Canada, and the UK. We're partnering with all of them to enable secure and enhanced combined space operations. So lots of new stuff going on as we bake in new development capabilities for our space systems. But as I mentioned earlier, we've got large constellations of satellites on orbit right now. Some of them are well in excess of a decade or more or old on orbit. And so the design aspects of those satellites are several decades old. But we still have to worry about them cause they're critical to our space capabilities. We've been working with an air force material command organization called CROWS, which stands for the Cyber Resiliency Office for Weapon Systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to live through this increasingly cybersecurity concerned era that we currently live in. Our industry partners have been critical to both of those different avenues. Both new systems and legacy systems. We're working closely with them to defend and upgrade national assets and develop the capabilities to do similar with new national assets coming online. The vulnerabilities of our space systems really kind of threatened the way we've done business in the past, both militarily and in the case of GPS economically. The impacts of that cybersecurity risk are clear in our acquisition and sustainment processes, but I've got to tell you, as the threat vectors change, as the vulnerabilities change, we've got to be nimble enough, agile enough, to be able to bounce back and forth. We can't just say, many people in the audience are probably familiar with the RMF or the Risk Management Framework approach to reviewing the cyber security of a system. We can't have program managers and engineers just accomplish an RMF on a system. And then, hey, high five, we're all good. It's a journey, not a destination, that's cybersecurity. And it's a constant battle rhythm through our weapon systems lifecycle, not just a single event. >> I want to get to this commercial business needs and your needs on the next question. But before I go there, you mentioned agile. And I see that clearly because when you have accelerated innovation cycles, you've got to be faster. And we saw this in the computer industry, mainframes, mini computers, and then we started getting beyond maybe when the internet hit and PCs came out, you saw the big enterprises, the banks and government start to work with startups. And it used to be a joke in the entrepreneurial circles is that, there's no way if you are a startup you're ever going to get a contract with a big business enterprise. Now that used to be for public sector and certainly for you guys. So as you see startups out there and there's acquisition involved, I'm sure would love to have a contract with Space Force. There's an ROI calculation where if it's in space and you have a sustainment view and it's software, you might have a new kind of business model that could be attractive to startups. Could you share your thoughts on the folks who want to be a supplier to you, whether they're a startup or an existing business that wants to be agile, but they might not be that big company. >> John, that's a fantastic question. We're desperately trying to reach out to those new space advocates, to those startups, to those what we sometimes refer to, within the Department of Defense, those non traditional defense contractors. A couple of things just for thinking purposes on some of the things that we're trying to highlight. Three years ago, we created here at Space and Missile System Center, the Space Enterprise Consortium to provide a platform, a contractual vehicle, really to enable us to rapidly prototype, development of space systems and to collaborate between the US Space Force, traditional defense contractors, non traditional vendors like startups, and even some academic institutions. SPEC, as we call it, Space Enterprise Consortium uses a specialized contracting tool to get contracts awarded quickly. Many in the audience may be familiar with other transaction agreements. And that's what SPEC is based on. And so far in just three years, SPEC has awarded 75 different prototyping contracts worth over $800 million with a 36% reduction in time to award. And because it's a consortium based competition for these kinds of prototyping efforts, the barrier to entry for small and nontraditional, for startups, even for academic institutions to be able to compete for these kinds of prototyping has really lowered. These types of partnerships that we've been working through on spec have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security for their systems, both our developmental systems and the systems that they're designing and trying to build. We want to provide ways for companies large and small to partner together in support kind of mutually beneficial relationships between all. Recently at the Annual Air Force Association conference that I mentioned earlier, I moderated a panel with several space industry leaders, all from big traditional defense contractors, by the way. And they all stressed the importance of building bridges and partnerships between major contractors in the defense industry and new entrance. And that helps us capture the benefits of speed and agility that come with small companies and startups, as well as the expertise and specialized skill sets of some of those larger contractors that we rely on day in and day out. Advanced cyber security protections and utilization of secure facilities are just a couple of things that I think we could be prioritizing more so in those collaborations. As I mentioned earlier, the SPEC has been very successful in awarding a number of different prototyping contracts and large dollar values. And it's just going to get better. There's over 400 members of the space enterprise consortium, 80% of them are non traditional kinds of vendors. And we just love working with them. Another thing that many people in the audience may be familiar with in terms of our outreach to innovators, if you will, and innovators that include cyber security experts is our space pitch day events. So we held our first event last November in San Francisco, where we awarded over a two day period about $46 million to 30 different companies that had potentially game changing ideas. These were phase two small business innovative research efforts that we awarded with cash on the spot. We're planning on holding our second space pitch day in the spring of 2021. We're planning on doing it right here in Los Angeles, COVID-19 environment permitting. And we think that these are fantastic venues for identifying and working with high-speed startups, and small businesses who are interested in really, truly partnering with the US Air Force. It's, as I said before, it's a really exciting time to be a part of this business. And working with the innovation economy is something that the Department of Defense really needs to do in that the innovation that we used to think was ours. That 80% of the industrial base innovation that came from the Department of Defense, the script has been flipped there. And so now more than 70%, particularly in space innovation comes from the commercial sector, not from the defense business itself. And so that's a tsunami of investment and a tsunami of a capability. And I need to figure out how to get my surfboard out and ride it, you know what I mean? >> Yeah, It's one of those things where the script has been flipped, but it's exciting because it's impacting everything. When you're talking about systems architecture? You're talking about software, you're talking about a business model. You're talking about dev sec opsx from a technical perspective, but now you have a business model innovation. All the theaters are exploding in innovation, technical, business, personnel. This brings up the workforce challenge. You've got the cyber needs for the US Space Force, It's probably great ROI model for new kinds of software development that could be priced into contracts. That's a entrepreneurial innovation, you've got the business model theater, you've got the personnel. How does the industry adopt and change? You guys are clearly driving this. How does the industry adjust to you? >> Yeah. So I think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the US Space Force from an acquisition perspective, and in this particular case from a cybersecurity perspective. As I mentioned earlier, it's the most exciting time to be in space programs, really since the days of Apollo. Just to put it in terms that maybe have an impact with the audience. From 1957 until today, approximately 9,000 satellites have been launched from the various space varying countries around the planet. Less than 2000 of those 9,000 are still up on orbit and operational. And yet in the new space regime players like Space X have plans to launch, 12,000 satellites for some of their constellations alone. It really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities, whether they're commercial, civil, or defense are going to require appropriate cybersecurity protections. It's just a really exciting time to be working in stuff like this. And so folks like the folks in this audience who have a passion about space and a passion about cybersecurity are just the kind of people that we want to work with. Cause we need to make sure our systems are secure and resilient. We need folks that have technical and computing expertise, engineering skills to be able to design cyber secure systems that can detect and mitigate attacks. But we also, as you alluded to, we need people that have that business and business acumen, human networking background, so that we can launch the startups and work with the non traditional businesses. Help to bring them on board help, to secure both their data and our data and make sure our processes and systems are free as much as possible from attack. For preparation, for audience members who are young and maybe thinking about getting into this trade space, you got to be smart on digital networking. You got to understand basic internet protocols, concepts, programming languages, database design. Learn what you can for penetration or vulnerability testing and a risk assessment. I will tell you this, and I don't think he will, I know he will not mind me telling you this, but you got to be a lifelong learner and so two years ago, I'm at home evening and I get a phone call on my cell phone and it's my boss, the commander of Air Force Space command, General, J. Raymond, who is now currently the Chief of Space Operations. And he is on temporary duty, flying overseas. He lands where he's going and first thing he does when he lands is he calls me and he goes JT, while I was traveling, I noticed that there were eBooks available on the commercial airliner I was traveling on and there was an ebook on something called scrumming and agile DevSecOps. And I read it, have you read it? And I said, no, sir. But if you tell me what the title of the book is, I will read it. And so I got to go to my staff meeting, the very next week, the next time we had a staff meeting and tell everybody in the staff meeting, hey, if the four star and the three star can read the book about scrumming, then I'm pretty sure all of you around this table and all our lieutenants and our captains our GS13s, All of our government employees can get smart on the scrumming development process. And interestingly as another side, I had a telephone call with him last year during the holidays, where he was trying to take some leave. And I said, sir, what are you up to today? Are you making eggnog for the event tonight or whatever. And the Chief of Space Operations told me no, I'm trying to teach myself Python. I'm at lesson two, and it's not going so well, but I'm going to figure this out. And so that kind of thing, if the chief of staff or the Chief of Space Operations can prioritize scrumming and Python language and innovation in his daily schedule, then we're definitely looking for other people who can do that. And we'll just say, lower levels of rank throughout our entire space force enterprise. Look, we don't need people that can code a satellite from scratch, but we need to know, we need to have people that have a basic grasp of the programming basics and cybersecurity requirements. And that can turn those things into meaningful actions, obviously in the space domain, things like basic physics and orbital mechanics are also important spaces, not an intuitive domain. So under understanding how things survive on orbit is really critical to making the right design and operational decisions. And I know there's probably a lot, because of this conference. I know there's probably a whole lot of high speed cybersecurity experts out in the audience. And I need those people in the US Space Force. The country is counting on it, but I wouldn't discount having people that are just cyber aware or cyber savvy. I have contracting officers and logisticians and program managers, and they don't have to be high end cybersecurity experts, but they have to be aware enough about it to be able to implement cyber security protections into our space systems. So the skill set is really, really broad. Our adversaries are pouring billions of dollars into designing and fielding offensive and destructive space, cybersecurity weapons. They repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit. And the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that. As I mentioned before, peaceful global comments of space, we really need all hands on deck. If you're interested in helping in uniform, if you're interested in helping, not in uniform, but as a government employee, a commercial or civil employee to help us make cyber security more important or more able to be developed for our space systems. And we'd really love to work with you or have you on the team to build that safe and secure future for our space systems. >> Lieutenant General John Thompson, great insight. Thank you for sharing all that awesome stories too, and motivation for the young next generation. The United States Space Force approach to cybersecurity. Really amazing talk, thank you for your time. Final parting question is, as you look out and you have your magic wand, what's your view for the next few years in terms of things that we could accomplish? It's a super exciting time. What do you hope for? >> So first of all, John, thanks to you and thanks to Cal Poly for the invitation and thanks to everybody for their interest in cybersecurity, especially as it relates to space systems, that's here at the conference. There's a quote, and I'll read it here from Bernard Schriever, who was the founder, if you will, a legend in a DoD space, the founder of the Western development division, which was a predecessor organization to Space and Missile System Center, General Schriever, I think captures the essence of how we see the next couple of years. "The world has an ample supply of people "who can always come up with a dozen good reasons "why new ideas will not work and should not be tried, "but the people who produce progress are breed apart. "They have the imagination, "the courage and the persistence to find solutions." And so I think if you're hoping that the next few years of space innovation and cybersecurity innovation are going to be upon a pony ride at the County fair, then perhaps you should look for another line of work, because I think the next few years in space and cybersecurity innovation are going to be more like a rodeo and a very dynamic rodeo as it goes. It is an awesome privilege to be part of this ecosystem. It's really an honor for me to be able to play some small role in the space ecosystem and trying to improve it while I'm trying to improve the chances of the United States of America in a space war fighting environment. And so I thank all of you for participating today and for this little bit of time that you've allowed me to share with you. Thank you. >> Sir, thank you for your leadership and thank you for the time for this awesome event, Space and Cyber Cybersecurity Symposium 2020, I'm John Furrier on behalf of Cal Poly, thanks for watching. (mellow music)

>> Announcer: Live from San Diego, California, it's theCUBE, covering Cisco Live US 2019. Brought to you by Cisco and its ecosystem partners. >> Welcome back to San Diego, everybody. This is Dave Vellante and Stu Miniman. You're watching theCUBE, the leader in live tech coverage. Lisa Martin is also here. Stu, I actually did see Ron Burgundy in the street last night. He was out, he was shaking hands with all the CCIEs. This is day three of Cisco Live 2019, theCUBE's coverage. Joe Malenfant is here, the director of IOT marketing at Cisco. Joe, great to see you in from Colorado Springs. >> Thank you very much. >> First time at theCUBE, welcome. >> It is my first time in theCUBE, thankfully it's not actually just a box, because I have a little claustrophobia going on. >> (laughs) So, IOT, it's got all the momentum. Alisa Tony was up on stage this week, addressing 28,000 press people. What's driving all this momentum, other than the great marketing, what's really happening in the field? >> IOT has been a very nebulous thing for the last few years, and we're finally started to see some solidification and some convergence around what it means. And really for Cisco, we started on this path a few years ago, but Liz took over last year. We've established a new strategy, because customers, organizations and especially organizations that run operational technology, think of refineries in the oil and gas industry, in the electric utilities industry. They run a whole separate network called industrial control systems, and that OT side of the house has traditionally been very siloed. Well, as the economy moves forward, as we digitize, they're trying to connect back with their enterprise side of the house. Well, if you're going to connect your network with the IT side, why not use the incumbent leader in enterprise networking? We know who they are. We're all sitting here right now with Cisco. So they look back to the IT side to say, hey, please help us connect. That's really what's driving the market today. >> So how should we think about the difference between OT networks and IT networks? Are there any things we can learn from Tellco which also had some unique inner attributes to it? But share with us what you guys have learned there. >> So the OT network is very different, right? It's very time sensitive; latency is just something that they can't have. When you think of email going down, what's the worst that happens? You might get a nasty gram eventually. Well, when the power grid falls over, lives are at stake. So, those networks are very critical, they're very sensitive and they've always been kept separate. As they start to make that interconnection, we need to bring together networking technologies that are for that environment. As they make that connection though, there is a very number one concern for them is wait a second, if we're going to connect this stuff, we need to make sure it's secure. If you're a chemical processor for example, and you've got a secret recipe, you don't publish that. You don't patent it, because you don't want the word to get out or else somebody's going to rip you off. So, they don't want to have this side of the house get connected with that side of the house and expose the secret sauce. So security becomes very top of mind for them. Connected but do it securely. >> All right, so, Joe, I've actually been happy with how I've seen the solutions (mumbles) from Cisco, because when I first heard IOT, it was like, well we're the leader in networking. We're going to network everything, and I'm like, okay. But at the device edge, one of the challenges is, often I have limited or no connectivity. So sometimes, I'm going to need to do the processing there. There's lots of different protocol issues that I have there. So talk about some of those new solutions that Cisco's been doing at the edge that are more than just sending bits back and forth. >> That's a great question, Stu. So, of course, everything has to do with networking, right? But networking is merely the vehicle for connectivity, and so we realized very quickly if we're going to create new routers and switches for this environment, there's an opportunity to do a little bit more. So back in February, we did something at DevNet Create called the Hackathon. We have a new router. It's a ruggedized router called the IR1101. I think Liz showed it on stage the other day, and this has a specific module inside of it. So there's a module that can be swapped out. Well, at the DevNet Create Hackathon, one of the teams actually created a machine learning module. Why machine learning at the edge, right? If you have 700 sub stations, you don't want to deploy machine learning on each and every one of them. You want to get all that data back into a central place so you have more data to actually train your algorithms on. Why would you put ML at the edge? Because not everything needs to come back. There's stuff that you can do at the edge, number one, with that machine learning on traffic that doesn't have to go back. When you don't back all traffic, that means you don't have to pay costs over to your LTE carrier for more data. Other times, as well, though, you're looking at compliance as another reason. So, that's one use case, right? Let's look at the other one, which really comes down to, okay, if I'm connecting things, and you can actually do some computing at the edge, how are we going to do it? On all of our new switches and routers that have edge compute capability, they're using native docker containers, so now you can actually deploy your applications at the edge. Again, do the work at the edge as close to where it has to be as possible. Don't bring it back, you don't have to worry about any sort of violation of compliance with local laws, sovereignty clouds. You don't have to worry about costs of back hauling traffic. And then, if anything's time sensitive, it stays as close to the edge as possible. >> So one of the keys here to your strategy is clear, is to allow developers to build new applications at the edge. You're not OT experts; that's not your roots. And those developers, your ultimate clients, are. They're the domain experts, they know what's going on, they know these specialized areas, so talk about the importance of having programmable infrastructure at the edge, and specifically what your strategy is. Where does Cisco leave off? And you're not a pass vendor. You're going to bring that in through partnerships, but help us understand that strategy a little bit better. >> Our ecosystem is incredibly important to us. So we've got, DevNet is incredibly important to Cisco, because as you heard probably yesterday, Susie announced new certifications for IOT. Those certifications allow engineers, whether it's a control systems engineer, whether it's a network engineer, to actually get certified, be it specialist, be it professional, in writing their applications for the edge, for those specific environments. But more importantly, because, let's go back to the environment that we're working in, time sensitive, very critical, low latency networks. You don't want to go and push out something where you're not 100% certain, so IOT certifications that DevNet has created give those engineers a repository, a sandbox and all of the Cisco solutions to actually test with before they do the deployment and ensure, almost guarantee themselves success by pushing the production. >> And one of the key things theirs do is the ability to test things quickly and fail fast. >> Yeah, well one of the things that I was a little bit concerned about when I saw this wave of IOT is every customer's going to have different requirements, so it feels like we at least get some level of maturity and commonality if we can have certification. >> Joe: Exactly. >> What does somebody come out of? What skill set do they have in rank? Because you said from a manufacturing or healthcare, everybody's going to use IOT, but how we use it and where we use it is going to be very different. What's the base layer that we're learning about? >> So, ultimately, the engineer who's actually coding these things, kind of what you said. They're all going to be very vertical specific use cases. There's not a lot of horizontal stuff going on, so we're creating a baseline for the engineer to understand their environments better. They honestly know it better than we do, but we want to make sure that as they go to deploy these things that we give them the infrastructure to do it on, the application and framework within which to do it, and the tools to be able to do it. And so that's the docker, the modules, being able to do edge compute and then lastly having that certification within IOT to how do I code this thing? Can I guarantee that I'm going to be successful and push it out? >> Joe, what's the organizational dynamic like? You always hear the store's OT is not talking to IT. They're different animals. You've got some hardcore engineers that have hardened their infrastructure, and you got IT guys that are trying to build applications and support applications for the business. Those two constituencies don't talk. What can Cisco do? What's the strategy with regard to bringing those constituents together? Do you have to or is it sort of divide and conquer? >> I think the number one thing that we want to do is enable the collaboration between the IT and OT. It's not that people don't want to. They're just trying to figure out how to do it better. So if we can help them number one, connect their networks together, safely and securely, that's number one. Reliable and secure networking, what we're known for. But number two, from the OT side, back to what I said originally was around the security side. So, I don't know if you guys heard, we announced last week our intent to acquire a company called Sentryo. Now, why is this important? Because they do passive network detection, whether it's anomaly detection, but they do asset discovery as well. Now a big thing when you're connecting those OT networks into the IT world is what assets do I even have? Those assets are vastly different from anything IT actually knows so this acquisition will allow us to passively discover and tell them, here's your list of assets that you're going to be connecting. Here's what we need to secure, so they know in scope as they walk into this project, they've got a really good blueprint for what needs to be done and not surprises. And the reason that's important is about only 40% of all IOT projects make it from pilot to production. I mean that's kind of staggeringly low. I actually had an analyst tell me yesterday, I'm shocked you guys said 40%, because I only hear about 30%. >> Yeah, yeah, right. >> And when you're doing it in a lab, you know all the variables, but when you go out to a brown field environment, where you've got 20 year old systems that honestly was probably a system hidden underneath some guy's desk that nobody's actually known about. If it ain't broke, don't fix it. We're actually able to discover all those assets now. That's why we did the acquisitions, so it's really from an asset visibility and a security standpoint. >> And you're saying, Joe, that that discovery is specific to edge assets versus like a stealth watch. We heard a lot about stealth watch this week, which is they do discovery, but you say that's predominantly IT assets, servers, storage, networking, you know, switches, et cetera, routers. >> I mean, listen, so stealth watch is awesome, and I think eventually there's going to be a little bit of a merger between some of these things. But, the operational technology environment is very different. They're not native IP. They don't talk the same protocols. There's thousands of different protocols that exist in an operational technology environment, DMP3, Modbus, Profinet, Profibus. Just very few right there. (laughs) Those IT has never, ever talked them. They don't even know what they mean for the most part. Tell an IT guy, hey can you detect this DMP3 traffic? The answer's no. However, when we move into that environment, our networks need to be able to understand that traffic, and that's where Sentryo comes in with that operational technology expertise to help the IT and the OT really come together. Business all comes at the end of the day. >> So, Joe, give us a little spin around the show from an IOT standpoint. We've got the IOT takeover happening here in the DevNet zone. All the classroom seem packed jammed, as they've been all week for all the takeovers, but give us a little spin around. >> It's been amazing actually so far, this year. Having been at Cisco for a few years now, I walked into this and said, wow, we are definitely in the IOT world. We've got IOT plastered outside; we've got it inside. People are very interested in IOT. They're interested not just in what we're doing, but how they can take the knowledge and what they're going to learn here and really bring it back into a practical use case at their own organizations. So, from an IOT perspective, the world of solutions downstairs is jam packed. I mean, we've got a massive presence down there. We've connected the buses that are outside. If you look at the app, we've actually connected those buses to the app for real time data to say this is when the next bus is actually coming. I mean, what a pain in the butt is it to stand outside and go, where's the shuttle bus? We can tell you where the shuttle bus is. We can tell you when it's coming and how long you're going to have to wait. And yes, don't worry, you've got time to get another coffee. >> Just follow the line you'll find the bus. (laughs) >> You'll find the bus but how long is it going to take to get you there? >> (laughs) Okay, you were mentioning about some of the reasons for apps at the edge. I want to come back and explore that a little bit. You said compliance, I think you threw in cost. There's physics involved, as well. So the cloud guys would say, hey yeah, we know there's a lot of stuff going at the edge, but ultimately the heavy work is going to be done in the cloud and all the modeling. You've got others who are saying, hey, here's the blocks, going to put it at the edge instead of a top down approach. What's your scenario in terms of data at the edge? Why does data need to stay at the edge? You mentioned real time before, but let's double click on that a little bit. >> So I think there's really three key reasons that data and applications are going to be processed at the edge. Number one, compliance, right? So there's certain data that's going to come in that cannot be shipped back to a public cloud. That's part of the rules; you cannot do it. No public cloud for certain private data. Number two is cost, honestly, and this is a really big one. If you can reduce your overall cost, instead of back hauling all that traffic to HQ, to your data center, and you just keep it at the edge, you don't have to back haul it. LTE traffic, not the cheapest, and I can only imagine with 5G how much that's going to increase the cost. They're going to want to just back haul everything, right? Well, we can do that really quickly. We can take everything and put it back. Yes, but your bill every month is going to be monumentally more expensive. And then, lastly, as you mentioned was the time sensitive one. That's really going to be one of the bigger ones from a business standpoint. The engineers are now going to be able to write applications for processing data at the edge, so that they don't lose. In this environment, three seconds is the difference between life and death. I'm kind of exaggerating but kind of not. If you're missing an alert in a couple seconds where you can't shut down a gas-leak valve where there's potential for explosion, those seconds are the difference between boom, or we're all good guys, it was just an alert. >> Another classic example here is autonomous vehicles, as well. You can't run that from the cloud, right? You've got to do that locally. Last question, Joe, is Cisco differentiation. Obviously you come at it from a position of networking strength, you mentioned that in your opening comments but give us the bumper sticker on why Cisco. >> I think that the big reason why Cisco is unique in the IOT world is, number one, we're not trying to be everything to everybody. We're trying to create a safe and secure, reliable network. Number two, though, is our ecosystem. So we have a large partner ecosystem. We're expanding it into the OT world. We've got specific products for those OT partners where they can imbed our networking technology into their solutions and systems that they're putting together. (clears throat) Lastly is, honestly, what we're doing here with DevNet. Nobody in this world other than Cisco has DevNet with the network, with the ecosystem. When you put that trifecta together, it's unstoppable. And so being able to bring together IT and OT, only we can do that with those three things. >> So I think Susie said yesterday, Stu, 600,000 engineers that are trained on coding Cisco infrastructure. It's going to be interesting to see how the OT folks pick up on that, and what the adoption is there. Joe Malenfant, thanks so much for coming on theCUBE, it was great to have you. >> Thank you, gentlemen, I appreciate it. >> Really, a pleasure. Okay, Stu and I will be right back. Lisa Martin is also in the house. You're watching theCUBE. We're live from Cisco Live in San Diego. We'll be right back. (upbeat techno music)