(upbeat music) >> We are back, approaching the finish line here at Supercomputing 22, our last interview of the day, our last interview of the show. And I have to say Dave Nicholson, my co-host, My name is Paul Gillin. I've been attending trade shows for 40 years Dave, I've never been to one like this. The type of people who are here, the type of problems they're solving, what they talk about, the trade shows are typically, they're so speeds and feeds. They're so financial, they're so ROI, they all sound the same after a while. This is truly a different event. Do you get that sense? >> A hundred percent. Now, I've been attending trade shows for 10 years since I was 19, in other words, so I don't have necessarily your depth. No, but seriously, Paul, totally, completely, completely different than any other conference. First of all, there's the absolute allure of looking at the latest and greatest, coolest stuff. I mean, when you have NASA lecturing on things when you have Lawrence Livermore Labs that we're going to be talking to here in a second it's a completely different story. You have all of the academics you have students who are in competition and also interviewing with organizations. It's phenomenal. I've had chills a lot this week. >> And I guess our last two guests sort of represent that cross section. Armando Acosta, director of HPC Solutions, High Performance Solutions at Dell. And Matt Leininger, who is the HPC Strategist at Lawrence Livermore National Laboratory. Now, there is perhaps, I don't know you can correct me on this, but perhaps no institution in the world that uses more computing cycles than Lawrence Livermore National Laboratory and is always on the leading edge of what's going on in Supercomputing. And so we want to talk to both of you about that. Thank you. Thank you for joining us today. >> Sure, glad to be here. >> For having us. >> Let's start with you, Armando. Well, let's talk about the juxtaposition of the two of you. I would not have thought of LLNL as being a Dell reference account in the past. Tell us about the background of your relationship and what you're providing to the laboratory. >> Yeah, so we're really excited to be working with Lawrence Livermore, working with Matt. But actually this process started about two years ago. So we started looking at essentially what was coming down the pipeline. You know, what were the customer requirements. What did we need in order to make Matt successful. And so the beauty of this project is that we've been talking about this for two years, and now it's finally coming to fruition. And now we're actually delivering systems and delivering racks of systems. But what I really appreciate is Matt coming to us, us working together for two years and really trying to understand what are the requirements, what's the schedule, what do we need to hit in order to make them successful >> At Lawrence Livermore, what drives your computing requirements I guess? You're working on some very, very big problems but a lot of very complex problems. How do you decide what you need to procure to address them? >> Well, that's a difficult challenge. I mean, our mission is a national security mission dealing with making sure that we do our part to provide the high performance computing capabilities to the US Department of Energy's National Nuclear Security Administration. We do that through the Advanced Simulation computing program. Its goal is to provide that computing power to make sure that the US nuclear rep of the stockpile is safe, secure, and effective. So how we go about doing that? There's a lot of work involved. We have multiple platform lines that we accomplish that goal with. One of them is the advanced technology systems. Those are the ones you've heard about a lot, they're pushing towards exit scale, the GPU technologies incorporated into those. We also have a second line, a platform line, called the Commodity Technology Systems. That's where right now we're partnering with Dell on the latest generation of those. Those systems are a little more conservative, they're right now CPU only driven but they're also intended to be the everyday work horses. So those are the first systems our users get on. It's very easy for them to get their applications up and running. They're the first things they use usually on a day to day basis. They run a lot of small to medium size jobs that you need to do to figure out how to most effectively use what workloads you need to move to the even larger systems to accomplish our mission goals. >> The workhorses. >> Yeah. >> What have you seen here these last few days of the show, what excites you? What are the most interesting things you've seen? >> There's all kinds of things that are interesting. Probably most interesting ones I can't talk about in public, unfortunately, 'cause of NDA agreements, of course. But it's always exciting to be here at Supercomputing. It's always exciting to see the products that we've been working with industry and co-designing with them on for, you know, several years before the public actually sees them. That's always an exciting part of the conference as well specifically with CTS-2, it's exciting. As was mentioned before, I've been working with Dell for nearly two years on this, but the systems first started being delivered this past August. And so we're just taking the initial deliveries of those. We've deployed, you know, roughly about 1600 nodes now but that'll ramp up to over 6,000 nodes over the next three or four months. >> So how does this work intersect with Sandia and Los Alamos? Explain to us the relationship there. >> Right, so those three laboratories are the laboratories under the National Nuclear Security Administration. We partner together on CTS. So the architectures, as you were asking, how do we define these things, it's the labs coming together. Those three laboratories we define what we need for that architecture. We have a joint procurement that is run out of Livermore but then the systems are deployed at all three laboratories. And then they serve the programs that I mentioned for each laboratory as well. >> I've worked in this space for a very long time you know I've worked with agencies where the closest I got to anything they were actually doing was the sort of guest suite outside the secure area. And sometimes there are challenges when you're communicating, it's like you have a partner like Dell who has all of these things to offer, all of these ideas. You have requirements, but maybe you can't share 100% of what you need to do. How do you navigate that? Who makes the decision about what can be revealed in these conversations? You talk about NDA in terms of what's been shared with you, you may be limited in terms of what you can share with vendors. Does that cause inefficiency? >> To some degree. I mean, we do a good job within the NSA of understanding what our applications need and then mapping that to technical requirements that we can talk about with vendors. We also have kind of in between that we've done this for many years. A recent example is of course with the exit scale computing program and some things it's doing creating proxy apps or mini apps that are smaller versions of some of the things that we are important to us. Some application areas are important to us, hydrodynamics, material science, things like that. And so we can collaborate with vendors on those proxy apps to co-design systems and tweak the architectures. In fact, we've done a little bit that with CTS-2, not as much in CTS as maybe in the ATS platforms but that kind of general idea of how we collaborate through these proxy applications is something we've used across platforms. >> Now is Dell one of your co-design partners? >> In CTS-2 absolutely, yep. >> And how, what aspects of CTS-2 are you working on with Dell? >> Well, the architecture itself was the first, you know thing we worked with them on, we had a procurement come out, you know they bid an architecture on that. We had worked with them, you know but previously on our requirements, understanding what our requirements are. But that architecture today is based on the fourth generation Intel Xeon that you've heard a lot about at the conference. We are one of the first customers to get those systems in. All the systems are interconnected together with the Cornell Network's Omni-Path Network that we've used before and are very excited about as well. And we build up from there. The systems get integrated in by the operations teams at the laboratory. They get integrated into our production computing environment. Dell is really responsible, you know for designing these systems and delivering to the laboratories. The laboratories then work with Dell. We have a software stack that we provide on top of that called TOSS, for Tri-Lab Operating System. It's based on Redhead Enterprise Linux. But the goal there is that it allows us, a common user environment, a common simulation environment across not only CTS-2, but maybe older systems we have and even the larger systems that we'll be deploying as well. So from a user perspective they see a common user interface, a common environment across all the different platforms that they use at Livermore and the other laboratories. >> And Armando, what does Dell get out of the co-design arrangement with the lab? >> Well, we get to make sure that they're successful. But the other big thing that we want to do, is typically when you think about Dell and HPC, a lot of people don't make that connection together. And so what we're trying to do is make sure that, you know they know that, hey, whether you're a work group customer at the smallest end or a super computer customer at the highest end, Dell wants to make sure that we have the right setup portfolio to match any needs across this. But what we were really excited about this, this is kind of our, you know big CTS-2 first thing we've done together. And so, you know, hopefully this has been successful. We've made Matt happy and we look forward to the future what we can do with bigger and bigger things. >> So will the labs be okay with Dell coming up with a marketing campaign that said something like, "We can't confirm that alien technology is being reverse engineered." >> Yeah, that would fly. >> I mean that would be right, right? And I have to ask you the question directly and the way you can answer it is by smiling like you're thinking, what a stupid question. Are you reverse engineering alien technology at the labs? >> Yeah, you'd have to suck the PR office. >> Okay, okay. (all laughing) >> Good answer. >> No, but it is fascinating because to a degree it's like you could say, yeah, we're working together but if you really want to dig into it, it's like, "Well I kind of can't tell you exactly how some of this stuff is." Do you consider anything that you do from a technology perspective, not what you're doing with it, but the actual stack, do you try to design proprietary things into the stack or do you say, "No, no, no, we're going to go with standards and then what we do with it is proprietary and secret."? >> Yeah, it's more the latter. >> Is the latter? Yeah, yeah, yeah. So you're not going to try to reverse engineer the industry? >> No, no. We want the solutions that we develop to enhance the industry to be able to apply to a broader market so that we can, you know, gain from the volume of that market, the lower cost that they would enable, right? If we go off and develop more and more customized solutions that can be extraordinarily expensive. And so we we're really looking to leverage the wider market, but do what we can to influence that, to develop key technologies that we and others need that can enable us in the high forms computing space. >> We were talking with Satish Iyer from Dell earlier about validated designs, Dell's reference designs for for pharma and for manufacturing, in HPC are you seeing that HPC, Armando, and is coming together traditionally and more of an academic research discipline beginning to come together with commercial applications? And are these two markets beginning to blend? >> Yeah, I mean so here's what's happening, is you have this convergence of HPC, AI and data analytics. And so when you have that combination of those three workloads they're applicable across many vertical markets, right? Whether it's financial services, whether it's life science, government and research. But what's interesting, and Matt won't brag about, but a lot of stuff that happens in the DoE labs trickles down to the enterprise space, trickles down to the commercial space because these guys know how to do it at scale, they know how to do it efficiently and they know how to hit the mark. And so a lot of customers say, "Hey we want what CTS-2 does," right? And so it's very interesting. The way I love it is their process the way they do the RFP process. Matt talked about the benchmarks and helping us understand, hey here's kind of the mark you have to hit. And then at the same time, you know if we make them successful then obviously it's better for all of us, right? You know, I want to secure nuclear stock pile so I hope everybody else does as well. >> The software stack you mentioned, I think Tia? >> TOSS. >> TOSS. >> Yeah. >> How did that come about? Why did you feel the need to develop your own software stack? >> It originated back, you know, even 20 years ago when we first started building Linux clusters when that was a crazy idea. Livermore and other laboratories were really the first to start doing that and then push them to larger and larger scales. And it was key to have Linux running on that at the time. And so we had the. >> So 20 years ago you knew you wanted to run on Linux? >> Was 20 years ago, yeah, yeah. And we started doing that but we needed a way to have a version of Linux that we could partner with someone on that would do, you know, the support, you know, just like you get from an EoS vendor, right? Security support and other things. But then layer on top of that, all the HPC stuff you need either to run the system, to set up the system, to support our user base. And that evolved into to TOSS which is the Tri-Lab Operating System. Now it's based on the latest version of Redhead Enterprise Linux, as I mentioned before, with all the other HPC magic, so to speak and all that HPC magic is open source things. It's not stuff, it may be things that we develop but it's nothing closed source. So all that's there we run it across all these different environments as I mentioned before. And it really originated back in the early days of, you know, Beowulf clusters, Linux clusters, as just needing something that we can use to run on multiple systems and start creating that common environment at Livermore and then eventually the other laboratories. >> How is a company like Dell, able to benefit from the open source work that's coming out of the labs? >> Well, when you look at the open source, I mean open source is good for everybody, right? Because if you make a open source tool available then people start essentially using that tool. And so if we can make that open source tool more robust and get more people using it, it gets more enterprise ready. And so with that, you know, we're all about open source we're all about standards and really about raising all boats 'cause that's what open source is all about. >> And with that, we are out of time. This is our 28th interview of SC22 and you're taking us out on a high note. Armando Acosta, director of HPC Solutions at Dell. Matt Leininger, HPC Strategist, Lawrence Livermore National Laboratories. Great discussion. Hopefully it was a good show for you. Fascinating show for us and thanks for being with us today. >> Thank you very much. >> Thank you for having us >> Dave it's been a pleasure. >> Absolutely. >> Hope we'll be back next year. >> Can't believe, went by fast. Absolutely at SC23. >> We hope you'll be back next year. This is Paul Gillin. That's a wrap, with Dave Nicholson for theCUBE. See here in next time. (soft upbear music)

(upbeat music) >> Okay, welcome back everyone in live coverage here at theCUBE, Boston, Massachusetts, for AWS re:inforce 22 security conference for Amazon Web Services. Obviously reinvent the end of the years' the big celebration, "re:Mars" is the new show that we've covered as well. The res are here with theCUBE. I'm John Furrier, host with a great guest, Ameesh Divatia, co-founder, and CEO of a company called "Baffle." Ameesh, thanks for joining us on theCUBE today, congratulations. >> Thank you. It's good to be here. >> And we got the custom encrypted socks. >> Yup, limited edition >> 64 bitter 128. >> Base 64 encoding. >> Okay.(chuckles) >> Secret message in there. >> Okay.(chuckles) Secret message.(chuckles) We'll have to put a little meme on the internet, figure it out. Well, thanks for comin' on. You guys are goin' hot right now. You guys a hot startup, but you're in an area that's going to explode, we believe. >> Yeah. >> The SuperCloud is here, we've been covering that on theCUBE that people are building on top of the Amazon Hyperscalers. And without the capex, they're building platforms. The application tsunami has come and still coming, it's not stopping. Modern applications are faster, they're better, and they're driving a lot of change under the covers. >> Absolutely. Yeah. >> And you're seeing structural change happening in real time, in ops, the network. You guys got something going on in the encryption area. >> Yes >> Data. Talk about what you guys do. >> Yeah. So we believe very strongly that the next frontier in security is data. We've had multiple waves in security. The next one is data, because data is really where the threats will persist. If the data shows up in the wrong place, you get into a lot of trouble with compliance. So we believe in protecting the data all the way down at the field, or record level. That's what we do. >> And you guys doing all kinds of encryption, or other things? >> Yes. So we do data transformation, which encompasses three different things. It can be tokenization, which is format preserving. We do real encryption with counter mode, or we can do masked views. So tokenization, encryption, and masking, all with the same platform. >> So pretty wide ranging capabilities with respect to having that kind of safety. >> Yes. Because it all depends on how the data is used down the road. Data is created all the time. Data flows through pipelines all the time. You want to make sure that you protect the data, but don't lose the utility of the data. That's where we provide all that flexibility. >> So Kurt was on stage today on one of the keynotes. He's the VP of the platform at AWS. >> Yes. >> He was talking about encrypts, everything. He said it needs, we need to rethink encryption. Okay, okay, good job. We like that. But then he said, "We have encryption at rest." >> Yes. >> That's kind of been there, done that. >> Yes. >> And, in-flight? >> Yeah. That's been there. >> But what about in-use? >> So that's exactly what we plug. What happens right now is that data at rest is protected because of discs that are already self-encrypting, or you have transparent data encryption that comes native with the database. You have data in-flight that is protected because of SSL. But when the data is actually being processed, it's in the memory of the database or datastore, it is exposed. So the threat is, if the credentials of the database are compromised, as happened back then with Starwood, or if the cloud infrastructure is compromised with some sort of an insider threat like a Capital One, that data is exposed. That's precisely what we solve by making sure that the data is protected as soon as it's created. We use standard encryption algorithms, AES, and we either do format preserving, or true encryption with counter mode. And that data, it doesn't really matter where it ends up, >> Yeah. >> because it's always protected. >> Well, that's awesome. And I think this brings up the point that we want been covering on SiliconAngle in theCUBE, is that there's been structural change that's happened, >> Yes. >> called cloud computing, >> Yes. >> and then hybrid. Okay. Scale, role of data, higher level abstraction of services, developers are in charge, value creations, startups, and big companies. That success is causing now, a new structural change happening now. >> Yes. >> This is one of them. What areas do you see that are happening right now that are structurally changing, that's right in front of us? One is, more cloud native. So the success has become now the problem to solve - >> Yes. >> to get to the next level. >> Yeah. >> What are those, some of those? >> What we see is that instead of security being an afterthought, something that you use as a watchdog, you create ways of monitoring where data is being exposed, or data is being exfiltrated, you want to build security into the data pipeline itself. As soon as data is created, you identify what is sensitive data, and you encrypt it, or tokenize it as it flows into the pipeline using things like Kafka plugins, or what we are very clearly differentiating ourselves with is, proxy architectures so that it's completely transparent. You think you're writing to the datastore, but you're actually writing to the proxy, which in turn encrypts the data before its stored. >> Do you think that's an efficient way to do it, or is the only way to do it? >> It is a much more efficient way of doing it because of the fact that you don't need any app-dev resources. There are many other ways of doing it. In fact, the cloud vendors provide development kits where you can just go do it yourself. So that is actually something that we completely avoid. And what makes it really, really interesting is that once the data is encrypted in the data store, or database, we can do what is known as "Privacy Enhanced Computation." >> Mm. >> So we can actually process that data without decrypting it. >> Yeah. And so proxies then, with cloud computing, can be very fast, not a bottleneck that could be. >> In fact, the cloud makes it so. It's very hard to - >> You believe that? >> do these things in static infrastructure. In the cloud, there's infinite amount of processing available, and there's containerization. >> And you have good network. >> You have very good network, you have load balancers, you have ways of creating redundancy. >> Mm. So the cloud is actually enabling solutions like this. >> And the old way, proxies were seen as an architectural fail, in the old antiquated static web. >> And this is where startups don't have the baggage, right? We didn't have that baggage. (John laughs) We looked at the problem and said, of course we're going to use a proxy because this is the best way to do this in an efficient way. >> Well, you bring up something that's happening right now that I hear a lot of CSOs and CIOs and executives say, CXOs say all the time, "Our", I won't say the word, "Our stuff has gotten complicated." >> Yes. >> So now I have tool sprawl, >> Yeah. >> I have skill gaps, and on the rise, all these new managed services coming at me from the vendors who have never experienced my problem. And their reaction is, they don't get my problem, and they don't have the right solutions, it's more complexity. They solve the complexity by adding more complexity. >> Yes. I think we, again, the proxy approach is a very simple. >> That you're solving that with that approach. >> Exactly. It's very simple. And again, we don't get in the way. That's really the the biggest differentiator. The forcing function really here is compliance, right? Because compliance is forcing these CSOs to actually adopt these solutions. >> All right, so love the compliance angle, love the proxy as an ease of use, take the heavy lifting away, no operational problems, and deviations. Now let's talk about workloads. >> Yeah. >> 'Cause this is where the use is. So you got, or workloads being run large scale, lot a data moving around, computin' as well. What's the challenge there? >> I think it's the volume of the data. Traditional solutions that we're relying on legacy tokenizations, I think would replicate the entire storage because it would create a token wall, for example. You cannot do that at this scale. You have to do something that's a lot more efficient, which is where you have to do it with a cryptography approach. So the workloads are diverse, lots of large files in the workloads as well as structured workloads. What we have is a solution that actually goes across the board. We can do unstructured data with HTTP proxies, we can do structured data with SQL proxies. And that's how we are able to provide a complete solution for the pipeline. >> So, I mean, show about the on-premise versus the cloud workload dynamic right now. Hybrid is a steady state right now. >> Yeah. >> Multi-cloud is a consequence of having multiple vendors, not true multi-cloud but like, okay, they have Azure there, AWS here, I get that. But hybrid really is the steady state. >> Yes. >> Cloud operations. How are the workloads and the analytics the data being managed on-prem, and in the cloud, what's their relationship? What's the trend? What are you seeing happening there? >> I think the biggest trend we see is pipelining, right? The new ETL is streaming. You have these Kafka and Kinesis capabilities that are coming into the picture where data is being ingested all the time. It is not a one time migration. It's a stream. >> Yeah. >> So plugging into that stream is very important from an ingestion perspective. >> So it's not just a watchdog. >> No. >> It's the pipelining. >> It's built in. It's built-in, it's real time, that's where the streaming gets another diverse access to data. >> Exactly. >> Data lakes. You got data lakes, you have pipeline, you got streaming, you mentioned that. So talk about the old school OLTP, the old BI world. I think Power BI's like a $30 billion product. >> Yeah. >> And you got Tableau built on OLTP building cubes. Aren't we just building cubes in a new way, or, >> Well. >> is there any relevance to the old school? >> I think there, there is some relevance and in fact that's again, another place where the proxy architecture really helps, because it doesn't matter when your application was built. You can use Tableau, which nobody has any control over, and still process encrypted data. And so can with Power BI, any Sequel application can be used. And that's actually exactly what we like to. >> So we were, I was talking to your team, I knew you were coming on, and they gave me a sound bite that I'm going to read to the audience and I want to get your reaction to. >> Sure. >> 'Cause I love this. I fell out of my chair when I first read this. "Data is the new oil." In 2010 that was mentioned here on theCUBE, of course. "Data is the new oil, but we have to ensure that it does not become the next asbestos." Okay. That is really clever. So we all know about asbestos. I add to the Dave Vellante, "Lead paint too." Remember lead paint? (Ameesh laughs) You got to scrape it out and repaint the house. Asbestos obviously causes a lot of cancer. You know, joking aside, the point is, it's problematic. >> It's the asset. >> Explain why that sentence is relevant. >> Sure. It's the assets and liabilities argument, right? You have an asset which is data, but thanks to compliance regulations and Gartner says 75% of the world will be subject to privacy regulations by 2023. It's a liability. So if you don't store your data well, if you don't process your data responsibly, you are going to be liable. So while it might be the oil and you're going to get lots of value out of it, be careful about the, the flip side. >> And the point is, there could be the "Grim Reaper" waiting for you if you don't do it right, the consequences that are quantified would be being out of business. >> Yes. But here's something that we just discovered actually from our survey that we did. While 93% of respondents said that they have had lots of compliance related effects on their budgets. 75% actually thought that it makes them better. They can use the security postures as a competitive differentiator. That's very heartening to us. We don't like to sell the fear aspect of this. >> Yeah. We like to sell the fact that you look better compared to your neighbor, if you have better data hygiene, back to the. >> There's the fear of missing out, or as they say, "Keeping up with the Joneses", making sure that your yard looks better than the next one. I get the vanity of that, but you're solving real problems. And this is interesting. And I want to get your thoughts on this. I found, I read that you guys protect more than a 100 billion records across highly regulated industries. Financial services, healthcare, industrial IOT, retail, and government. Is that true? >> Absolutely. Because what we are doing is enabling SaaS vendors to actually allow their customers to control their data. So we've had the SaaS vendor who has been working with us for over three years now. They store confidential data from 30 different banks in the country. >> That's a lot of records. >> That's where the record, and. >> How many customers do you have? >> Well, I think. >> The next round of funding's (Ameesh laughs) probably they're linin' up to put money into you guys. >> Well, again, this is a very important problem, and there are, people's businesses are dependent on this. We're just happy to provide the best tool out there that can do this. >> Okay, so what's your business model behind? I love the success, by the way, I wanted to quote that stat to one verify it. What's the business model service, software? >> The business model is software. We don't want anybody to send us their confidential data. We embed our software into our customers environments. In case of SaaS, we are not even visible, we are completely embedded. We are doing other relationships like that right now. >> And they pay you how? >> They pay us based on the volume of the data that they're protecting. >> Got it. >> That in that case which is a large customers, large enterprise customers. >> Pay as you go. >> It is pay as you go, everything is annual licenses. Although, multi-year licenses are very common because once you adopt the solution, it is very sticky. And then for smaller customers, we do base our pricing also just on databases. >> Got it. >> The number of databases. >> And the technology just reviewed low-code, no-code implementation kind of thing, right? >> It is by definition, no code when it comes to proxy. >> Yeah. >> When it comes to API integration, it could be low code. Yeah, it's all cloud-friendly, cloud-native. >> No disruption to operations. >> Exactly. >> That's the culprit. >> Well, yeah. >> Well somethin' like non-disruptive operations.(laughs) >> No, actually I'll give an example of a migration, right? We can do live migrations. So while the databases are still alive, as you write your. >> Live secure migrations. >> Exactly. You're securing - >> That's the one that manifests. >> your data as it migrates. >> Awright, so how much funding have you guys raised so far? >> We raised 36 and a half, series A, and B now. We raised that late last year. >> Congratulations. >> Thank you. >> Who's the venture funders? >> True Ventures is our largest investor, followed by Celesta Capital, National Grid Partners is an investor, and so is Engineering Capital and Clear Vision Ventures. >> And the seed and it was from Engineering? >> Seed was from Engineering. >> Engineering Capital. >> And then True came in very early on. >> Okay. >> Greenspring is also an investor in us, so is Industrial Ventures. >> Well, privacy has a big concern, big application for you guys. Privacy, secure migrations. >> Very much so. So what we are believe very strongly in the security's personal, security is yours and my data. Privacy is what the data collector is responsible for. (John laughs) So the enterprise better be making sure that they've complied with privacy regulations because they don't tell you how to protect the data. They just fine you. >> Well, you're not, you're technically long, six year old start company. Six, seven years old. >> Yeah. >> Roughly. So yeah, startups can go on long like this, still startup, privately held, you're growing, got big records under management there, congratulations. What's next? >> I think scaling the business. We are seeing lots of applications for this particular solution. It's going beyond just regulated industries. Like I said, it's a differentiating factor now. >> Yeah >> So retail, and a lot of other IOT related industrial customers - >> Yeah. >> are also coming. >> Ameesh, talk about the show here. We're at re:inforce, actually we're live here on the ground, the show floor buzzing. What's your takeaway? What's the vibe this year? What if you had to share what your opinion the top story here at the show, what would be the two top things, or three things? >> I think it's two things. First of all, it feels like we are back. (both laugh) It's amazing to see people on the show floor. >> Yeah. >> People coming in and asking questions and getting to see the product. The second thing that I think is very gratifying is, people come in and say, "Oh, I've heard of you guys." So thanks to digital media, and digital marketing. >> They weren't baffled. They want baffled. >> Exactly. >> They use baffled. >> Looks like, our outreach has helped, >> Yeah. >> and has kept the continuity, which is a big deal. >> Yeah, and now you're a CUBE alumni, welcome to the fold. >> Thank you. >> Appreciate you coming on. And we're looking forward to profiling you some day in our startup showcase, and certainly, we'll see you in the Palo Alto studios. Love to have you come in for a deeper dive. >> Sounds great. Looking forward to it. >> Congratulations on all your success, and thanks for coming on theCUBE, here at re:inforce. >> Thank you, John. >> Okay, we're here in, on the ground live coverage, Boston, Massachusetts for AWS re:inforce 22. I'm John Furrier, your host of theCUBE with Dave Vellante, who's in an analyst session, right? He'll be right back with us on the next interview, coming up shortly. Thanks for watching. (gentle music)

>>Hi everyone. Welcome to the cubes coverage of eight of his public sector summit live in Washington D. C, where it's a face to face real event. I'm johN for a year host but virtual events. Hybrid events were hybrid event as well. We've got a great remote interview. Got a guest here in person, Jon Stankovic, president of cloud solutions. Smartronix and Britain was the VP of eight of his managed services, also known as A M. S with amazon web services, jOHN and jOHN and three johns here. Welcome to the cube remote >>in person. >>Hybrid. >>Thanks. Thank you. Great to be on the cube longtime viewer and I really appreciate what you >>do for fun to be here remotely but I feel like it right there. >>Yeah, I love the hybrid if it's only gonna get better next time will be in the metaverse soon. But uh, jOHn on the line there, I want to ask you with AWS managed services, take us through what you guys are doing with Smart Trust because this is an interesting service you guys are working together. How's that relates at the table for us. >>Yeah, well, you know, we're really excited about this announcement, We've been working with Smartronix since we launched A. M S 4.5 years ago. So we've been able to build up working with them, you know, a huge library of automation capabilities and this really just formalised as that in an offer for our joint customers where we can bring the expertise from AWS and Smartronix and offer a full solution that's highly integrated to help help our customers jointly accelerate their cloud adoption as well as their operating model transformation as they start to move to a more devops motion and they need help. We're there together to provide our expertise and make that simple for them. >>Well I appreciate the call. You john b john s over here. Js john Stankevich. Um tell me about Smart trust because you heard what's going on with devoPS to point a whole revolutions going on in devops, you're starting to see a highly accelerated modern application development environment which means that the software developers are setting the pace there, the pace car of the innovation, right? And so other teams like security or I. T. Become blockers. Blockers a drag and anchor. So the shift left on security for instance is causing a lot of problems on the security team. So all this is going on like right now so still the speed is the game. What's your take? >>Sure so absolutely. I think that's where this partnership really really excels. You know, we want customers to focus on their mission, you know, national security, health care outcomes. Um we want them to kind of take the rest off their plate. So when you say some of the quote unquote blockers around security uh Smartronix has invested heavily in a federally authorized platform that sits on top of what a WS has done from a Fed ramp and so right off the bat speed agility. We don't want our customers spending time replicating things that we've done at scale and leveraging what AWS has and so by kind of utilizing this, this joint offer all of a sudden a big part of that compliance is taken care of. Uh, and then things like devoPS, things like SRE models that you hear a lot about, we fold all that into this uh, combined service offering. >>I know a little about what you guys are doing. You mentioned SRE is very cool, but let's take a minute to explain what you guys are doing because you guys are on the cutting edge of solving a lot of problems from infrastructure fools around the deVOPS stack. What are you guys doing in the cloud services? >>Sure. So I think jOHN hit a little bit on it. But you know, we look at AMS as best in breed at scale managing core parts of the U. S. Infrastructure. What Smartronix does is many times customers have some unique requirements and we take that core kind of powered by aims and we try and fill in those kind of complementary skill sets and complementary requirements. And so something like the devops, which is basically making sure that those people developing that software, they have also the ability to manage it and on an ongoing basis. Kind of run it. We develop all the frameworks and that's part of this offering to enable that. >>What's the solution jOHN B because I think you guys don't, this is people have challenges. I want to understand those challenges. And then when they go to the external managed service, what's involved, you walk us through that? Because I think that's important. >>Yeah, sure. You know, it turns out jOHN nailed this one. That moving to the cloud can be, can be a big transformation for many, many enterprises and government teams. Right. They worked for many years and have an ecosystem in their traditional data center. But when they move to the cloud, there's a lot of moving pieces and so what we like to focus on is helping them with the undifferentiated aspects of safely and automating cloud operations. So working with, with Smartronix allows us to take what we're doing across the infrastructure services, around security, around automation, around patching instance management, container management, all of those uh, undifferentiated, heavy lifting passed by now with Smartronix and expertise across the application layer across customers, unique environments across federal and moderate the various government standards and compliance is, and we think we're able to get, take a customer um, from kind of really early stage cloud experience and rapidly deploy configure and get them into a very stable scalable posture operationally on the cloud so that they can start to invest in their people, their skills and their differentiated application on the cloud that really drive the differentiation in their business and not have to worry about best practice configurations and operational run books and, and and automation is and and and the latest dep sec ops capabilities that will pick up for them while they're training and getting, they're getting their emotions in place, >>jOHn is on the Smartronix side. Talk about the difference between scale okay. Which is a big issue with cloud these customers want to have with AMS but then you also have some scale, maybe some scale to but highly compliant environments, regulated industries, for instance, this is the hot areas because scale is unwieldy, but if you don't want get rain it in, it can be chaotic. Right? So also regulations and compliance is a huge issue. >>Yeah. What what we found is um, at times customers look at it and they just get frustrated because it can be kind of intimidating and we as a combined team really have spent a lot of time we have accelerators to walk customers through that process and a really flexible model. If they feel that they have a lot of domain expertise in it, then we'll just kind of be almost a supporter other customers look at it and say, you know, we'd like you to take the entire patch of that compliance and so highly regulated environments. Both commercial D. O. D. National Security, um federal civilian agencies, state and local, they're all looking to this and saying we really want someone that's been through things like the U. S. Audited managed service provider, things like they're managed security service provider, things like fed ramp or D. O. D. Ill four and five. And I think to be honest Smartronix has just invested heavily in that with the goal of reducing all that complexity and it's it's really been taken off and we really appreciate the partnership specifically with jOHn and uh the A. W. S. A. M. S. Team. >>All right so you guys were going together, what's the ultimate benefit to the customer? >>I can I'll give my thing right off the bat all this innovation coming out of A. W. S. Um It's fantastic but only if you have the ability to take advantage of it. And so thousands of new services being rolled out. We really want customers to be able to take advantage of that and let at times us do what we do best and let them focus on their mission. And I think that's what really AWS is all about and we just feel very fortunate to be an enabler of that >>john be talking about talking about the staffing issues too because one of the problems that we have been reporting and this has come up at every reinvest on the max. Peterson about this as well. He's promised last year was gonna train 29 million people. See how that comes out of reinvent when the report card comes back. I was kinda busting his chops a little bit there but he had a smile on his face I think is gonna hit the numbers a lot of times, Maybe people don't have an SRE they don't have a devout person or they have some staff that they're in transition or transforming this is a huge factor. What's your take on this, >>you know, that that is so important, you know, as john mentioned, it's all about helping the customers focused and and their their cloud talent is scarce and it's a scarce resource and you you want to make sure that your cloud talent is working on the cool stuff or they're going to leave and and as you train and skill, these folks, they want to focus on what really impacts the business, what's really differentiating doing, you know, doing the cloud and the necessities on operations and operational tasks and sec ops and things like that, sometimes, that's not the sexiest part of the work that the customer really wants to focus their team on. So again, I think together we're able to help drive high levels of automation and really do that day in and day out work that is not necessarily the differentiator of their business and that's going to attract and keep the best and brightest minds in these in these customers um which allows us to help them with the undifferentiated aspects of of the heavy lifting. >>Not only is availability of people, it's keeping the people, I love that great call out there, Okay, where does this go? Where's the relationship. So you guys are partnering, you have the M. S. Is going on? Strong managed services not gonna go away mormon people were using managed services. It's part of the ecosystem within the ecosystem. What's next in the relationship? >>Well, I think, you know, I'll speak first, john, I'm sure you've got some thoughts to, but you know, we've got so many things on our plate around predictive operations and the predictive capabilities that we're excited about tackling together. Obviously there's all sorts of unique applications that require even deeper capabilities and working with Smartronix to help us, you know, provide even greater insight into the application layer. So I kind of see us expanding um both horizontally as well as well as vertically and horizontally. We've got customers looking at the edge with the outpost solutions and we can snap into those capabilities as well. So there's a tremendous amount of kind of, I'd say vertical and horizontal opportunity that we can continue to expand it together, >>john your reaction, That's >>pretty right on Absolutely. I think john Berger really hit it and I think really machine learning, you know, that's a big area of focus, if you look at all this data is being collected, predictive modeling and so we have this kind of transition from a model where people were basically watching screens reacting and what the AWS MSP offer and what you know, AmS offers is really predicting, so you you're not doing that, you're not reacting, you're proactively ahead of things. And that's the honest truth is AWS is such a well run service. It just doesn't break, you know, it doesn't break like what you see in the traditional kind of legacy infrastructure. And so at times we're just continuing to climb that stack. As, as john mentioned, >>it's really interesting as you guys are, as you're talking, I'm thinking myself just go back a couple of years ago, eight years ago or so. DevoPS is a bad word. Dev's dominate up. So I was through them now, operational leverage is a huge part of this ai operations, um, the entire I. T service management being disrupted heavily by cloud operations that also facilitate rapid development models. Right? So, again, this is like under reported, but it's a really nuanced point hardened operations for security and not holding back the developers is the cloud scale. What's your guys reaction to that? >>Yeah, I completely agree. I think, you know, the automation piece of things and I think customers are still going through transitions. You know, traditionally managed services means a big staff and it's like I said, sitting there watching screens and you flip that model where you have developers actually deploying code and infrastructure to support it. It's, you know, it's very transitional and very transformative and I think that's where an offering, like what we've really partnered on really, really helps because at times it can be overwhelming for customers and we just want to simplify that. And as I've said, let them focus on their mission. >>Amen one last question before we break, because I was talking to another partner, a big part of AWS. Um, and we're talking about SAS versus solutions and sometimes if you're too Sassy, you're not really building a custom solution, but you can have the best of both worlds. A little professional services, maybe some headroom on the stack, if you will your building solutions. So the next question is, as you guys put this cutting edge innovative innovative solution together, how are your customers consuming it? Like what's the consumption? I'm assuming there must be happy because a lot of heavy lifting being taken away, they don't have to deal with house the contract process. >>Well, you know, I think, you know, we have the opportunity, we support customers and kind of all modes of their application stack. So, you know, a full stacks solution. You know, even a legacy architecture moving to the cloud requires a high degree of automation to support it. And then as those applications become modernized over time, they become much more cloud native at some point, they might even become a full stack Starzz offer. So many of our customers actually run their SAAS platform leveraging our capability as well. So, you know, I think it gives the customer a lot of optionality uh, and future kind of growth as they modernize their application stack. >>Yeah, john your reaction. Absolutely. >>I think one of the greatest benefits is it's freeing up funds to do mission work. And so instead of spending time procuring hardware and managing it and leasing data center space, they literally have more funding. And so we've seen customers literally transform their business because this piece of it's done more efficiently and they have really excess and really additional funding to do their mission. >>We love the business model innovation, faster um, higher quality, easy and inexpensive. That's the flywheel gentlemen, Thank you for coming on and get the three. John john thank you. Vice President Cloud Solutions. That Smartronix, thank you for coming on. John Barrington BP of amazon websites managed. There is a also known as AWS and A M. S. A W. S got upside down. W. M. Looks the same. Thank you guys for coming. I appreciate it. Thank you. We appreciate great great Cube covers here. eight of us summit we're live on the ground and were remote. It's a hybrid event. I'm John for your host. Thanks for watching. Mhm

(upbeat music) >> Welcome everybody to VeeamON 2021 you're watching theCUBE. My name is Dave Villante. You know in 2020 cyber adversaries they seize the opportunity to really up their game and target workers from home and digital supply chains. It's become increasingly clear to observers that we're entering a new era of cyber threats where infiltrating companies via so-called Island Hopping and stealthily living off the land meaning they're using your own tools and infrastructure to steal your data. So they're not signaling with new tools that they're in there. It's becoming the norm for sophisticated hacks. Moreover, these well-funded and really sophisticated criminals and nation States are aggressively retaliating against incident responses. In other words, when you go to fix the problem they're not leaving the premises they're rather they're tightening the vice on victims by holding your data ransom and threatening to release previously ex filtrated and brand damaging information to the public. What a climate in which we live today. And with me to talk about these concerning trends and what you can do about it as Gil Vega, the CISO of Veeam Gil great to see you. Thanks for coming on. >> Great to see you, Dave. Thanks for having me. >> Yeah. So, you know, you're hearing my intro. It's probably understating the threat. You are a Veeam's first CISO. So how do you see the landscape right now? >> That's right. Yeah. And I've been with the company for just over a year now, but my background is in financial services and spent a lot of time managing cybersecurity programs at the classified level in Washington DC. So I've gleaned a lot of scar tissue from lots of sophisticated attacks and responses. But today I think what we're seeing is really a one-upmanship by a sophisticated potentially nation state sponsored adversaries, this idea of imprisoning your data and charging you to release it is it's quite frightening. And as we've seen in the news recently it can have devastating impacts not only for the economy, but for businesses. Look at the gas lines in the Northeast right now because of the quality of a pipeline, a ransomware attack. I just, the government just released an executive order this morning, that hopes to address some of the some of the nation's unpreparedness for these sophisticated attacks. And I think it's time. And I think everyone's excited about the opportunity to really apply a whole of government approach, to helping critical infrastructure to helping and partnering with private sector and imposing some risks, frankly, on some of the folks that are engaged in attacking our country. >> A number of years ago, I often tell this story. I had the pleasure of interviewing Robert Gates the former Defense Secretary. And it was a while ago we were talking about cyber and he sits on a number of boards. And we were talking about how it's a board level issue. And, and we're talking about cyber crime and the like and nation States. And I said, well, wait, cyber warfare, even. And I said, "But don't we have the best cyber tech. I mean, can't we go on the offense?" And he goes, "Yeah, we do. And we can, but we have more to lose." And to your point about critical infrastructure, it's not just like, okay, we have the most powerful weapons. It's really we have the most valuable infrastructure and a lot to lose. So it's really a tricky game. And this notion of having to be stealthy in your incident response is relatively new. Isn't it? >> It is. It is. And you know, there are, you mentioned that and I was surprised you mentioned because a lot of people really don't talk about it as you're going into your response your adversaries are watching or watching your every move. You have to assume in these days of perpetual state of compromise in your environments, which means that your adversaries have access to your environment to the point that they're watching your incident responders communicate with one another and they're countering your moves. So it's sort of a perverse spin on the old mutually assured destruction paradigm that you mentioned the United States has the world's largest economy. And quite frankly the world's most vulnerable, critical infrastructure. And I would concur with Director Gates or Secretary Gates rather it is assessment that we've got to be awfully careful and measured in our approach to imposing risks. I think the government has worked for many years on defining red lines. And I think this latest attack on the colonial pipeline affecting the economy and people's lives and potentially putting people's lives at risk is towing also the close to that red line. And I'm interested to see where this goes. I'm interested to see if this triggers even a, you know a new phase of cyber warfare, retaliation, you know proactive defense by the National Security Community of the United States government. Be interesting to see how this plays out. >> Yeah, you're absolutely right though. You've got this sort of asymmetric dynamic now which is unique for the United States as soon as strongest defense in the world. And I wanted to get it to ransomware a bit. And specifically this notion of ransomware as a service it's really concerning where criminals can actually outsource the hack as a service and the bad guys will set up, you know, on the dark web they'll have, you know, help desks and phone lines. They'll do the negotiations. I mean, this is a really concerning trend. And obviously Veeam plays a role here. I'm wondering as a, as a SecOps pro what should we be doing about this? >> Yeah, you mentioned ransomware as a service, whereas RWS it's an incredibly pernicious problem perpetrated by sophisticated folks who may or may not have nation state support or alliances. I think at a minimum certain governments are looking the other way as it relates to these criminal activities. But with ransomware as a service, you're essentially having very sophisticated folks create very complex ransomware code and distributed to people who are willing to pay for it. And oftentimes take a part of the ransom as their payment. The, issue with obviously ransomware is you know the age old question, are you going to pay a ransom or are you not going to pay a ransom? The FBI says, don't do it. It only encourages additional attacks. The Treasury Department put out some guidance earlier earlier in the year, advising companies that they could be subject to civil or criminal penalties. If they pay a ransom and the ransom goes to a sanction density. So there's danger on all sides. >> Wow okay. But so, and then the other thing is this infiltrating via digital supply chains I call it Island Hopping and the like, we saw that with the solar winds hack and the scary part is, you know different malware is coming in and self forming and creating different signatures. Not only is it very difficult to detect, but remediating, you know, one, you know combined self formed malware it doesn't necessarily take care of the others. And so, you know, you've got this sort of organic virus, like thing, you know, create mutating and that's something that's certainly relatively new to me in terms of its prevalence your thoughts on that and how to do it. >> Yeah, exactly right. You know, the advent of the polymorphic code that changes the implementation of advanced artificial intelligence and some of this malware is making our job increasingly difficult which is why I believe firmly. You've got to focus on the fundamentals and I think the best answers for protecting against sophisticated polymorphic code is,are found in the NIST cybersecurity framework. And I encourage everyone to really take a close look at implementing that cybersecurity framework across their environments, much like we've done here, here at Veeam implementing technologies around Zero Trust again assuming a perpetual state of compromise and not trusting any transaction in your environment is the key to combating this kind of attack. >> Well, and you know, as you mentioned, Zero Trust Zero Trust used to be a buzzword. Now it's like become a mandate. And you know, it's funny. I mean, in a way I feel like the crypto guys I know there's a lot of fraud in crypto, but but anybody who's ever traded crypto it's like getting into Fort Knox. I mean, you got to know your customer and you've got to do a little transaction. I mean, it's really quite sophisticated in terms of the how they are applying cybersecurity and you know, most even your bank isn't that intense. And so those kinds of practices, even though they're a bit of a pain in the neck, I mean it's worth the extra effort. I wonder if you could talk about some of the best practices that you're seeing how you're advising your clients in your ecosystem and the role that Veeam can play in helping here. >> Yeah, absolutely. As I mentioned so many recommendations and I think the thing to remember here so we don't overwhelm our small and medium sized businesses that have limited resources in this area is to remind them that it's a journey, right? It's not a destination that they can continually improve and focus on the fundamentals. As I mentioned, things like multi-factor authentication you know, a higher level topic might be micro-segmentation breaking up your environment into manageable components that you can monitor a real time. Real time monitoring is one of the key components to implementing Zero Trust architecture and knowing exactly what good looks like in your environment in a situation where you've got real-time monitoring you can detect the anomalies, the things that shouldn't be happening in your environment and to spin up your response teams, to focus and better understand what that is. I've always been a proponent of identity and access management controls and a key focus. We've heard it in this industry for 25 years is enforcing the concept of least privilege, making sure that your privileged users have access to the things they need and only the things that they need. And then of course, data immutability making sure that your data is stored in backups that verifiably has not been changed. And I think this is where Veeam comes into the equation where our products provide a lot of these very easily configured ransomware protections around data and your ability to the ability to instantly back up things like Office 365 emails, you know support for AWS and Azure. Your data can be quickly restored in the event that an attacker is able to in prison that with encryption and ransom demands. >> Well, and so you've certainly seen in the CISOs that I've talked to that they've had to obviously shift their priorities, thanks to the force march to digital, thanks to COVID, but Identity access management, end point security cloud security kind of overnight, you know, Zero Trust. We talked about that and you could see that in some of these, you know, high flying security stocks, Okta Zscaler, CrowdStrike, they exploded. And so what's in these many of these changes seem to be permanent sort of you're I guess, deeper down in the stack if you will, but you, you compliment these toolings with obviously the data protection approach the ransomware, the cloud data protection, air gaps, immutability. Maybe you could talk about how you fit in with the broader, you know, spate of tools. I mean, your, my eyes bleed when you look at all the security companies that are out there. >> Yeah for sure. You know, I'm just going to take it right back to the NIST cybersecurity framework and the five domains that you really need to focus on. Identify, protect, detect, respond, and recover, you know and until recently security practitioners and companies have really focused on on the protect, identify and protect, right and defend rather where they're focused on building, you know, moats and castles and making sure that they've got this, you know hard exterior to defend against attacks. I think there's been a shift over the past couple of years where companies have recognized that the focus needs to be on and respond and recover activities, right? Assuming that people are going to breach or near breach, your entities is a safe way to think about this and building up capabilities to detect those breaches and respond effectively to those breaches are what's key in implementing a successful cybersecurity program where Veeam fits into this since with our suite of products that that can help you through the recovery process, right? That last domain of the NIST cybersecurity framework it'll allow you to instantaneously. As I mentioned before, restore data in the event of a catastrophic breach. And I think it provides companies with the assurances that while they're protecting and building those Zero Trust components into their environments to protect against these pernicious and well-resourced adversaries there's the opportunity for them to recover very quickly using the VM suite of tools? >> Well, I see, I think there's an interesting dynamic here. You're pointing out Gil. There's not no longer is it that, you know, build a moat the Queen's leaving her castle. I always say, you know there is no hardened perimeter anymore. And so you've seen, you know, the shift obviously from hardware based firewalls and you I mentioned those other companies that are doing great but to me, it's all about these layers and response is a big in recovery is a huge part of that. So I'm seeing increasingly companies like Veeam is a critical part of that, that security cyber data protection, you know, ecosystem. I mean, to me it's just as important as the frontline pieces of even identity. And so you see those markets exploding. I think it's, there's a latent value that's building in companies like Veeam that are a key part of those that data protection layer you think about you know, defense strategies. It's not just you, the frontline it's maybe it's airstrikes, maybe it's, you know, C etcetera. And I see that this market is actually a huge opportunity for for organizations like yours. >> I think you're right. And I think the proof is in, you know in the pudding, in terms of how this company has grown and what we've delivered in version 11 of our suite, including, you know features like continuous data protection, we talked about that reliable ransomware protection support for AWS S3 Glacier and Azure archive the expanded incident recovery, and then support for disaster recovery and backup as a service. You know, what I found most interesting in my year here at Veeam is just how much our administrators the administrators in our company and our customers companies that are managing backups absolutely love our products that ease of use the instant backup capabilities and the support they receive from Veeam. It's almost cultish in terms of how our customers are using these products to defend themselves in today's pretty intense cyber threat environment. >> Well, and you talked about the NIST framework, and again big part of that is recovery, because we talked about earlier about, do you pay the ransom or not? Well, to the extent that I can actually recover from having all my data encrypted then I've got obviously a lot more leverage and in many ways, I mean, let's face it. We all know that it's not a matter of if it's, when you get infiltrated. And so to the extent that I can actually have systems that allow me to recover, I'm now in a much much stronger position in many respects, you know and CISOs again, will tell you this that's where we're shifting our investments >> Right. And you've got to do all of them. It's not just there's no silver bullet, but but that seems to me to be just a a misunderstood and undervalued part of the equation. And I think there's tremendous upside there for companies like yours. >> I think you're right. I think what I'll just add to that is the power of immutability, right? Just verifiably ensuring that your data has not changed because oftentimes you'll have attackers in these low and slow live off the land types of attacks change your data and affect its integrity with the Veeam suite of tools. You're able to provide for immutable or unchanged verifiable data and your backup strategy which is really the first step to recovery after a significant event. >> And that's key because a lot of times the hackers would go right after the backup Corpus you know, they'll sometimes start there is that all the data, you know, but if you can make that immutable and again, it, you know there's best practices there too, because, you know if you're not paying the cloud service for that immutability, if you stop paying then you lose that. So you have to be very careful about, you know how you know, who has access to that and you know what the policies are there, but again, you know you can put in, you know so a lot of this, as you know, is people in process. It's not just tech, so I'll give you the last word. I know you got to jump, but really appreciate.. >> Yeah, sure. >> You know, the only, the only thing that we didn't mention is user awareness and education. I think that is sort of the umbrella key focus principle for any successful cybersecurity program making sure your people understand, you know how to deal with phishing emails. You know, ransomware is a huge threat of our time at 90% of ransomware malware is delivered by phishing. So prepare your workforce to deal with phishing emails. And I think you'll save yourself quite a few headaches. >> It's great advice. I'm glad you mentioned that because because bad user behavior or maybe uninformed user behaviors is the more fair way to say it. It will trump good security every time. Gil, thanks so much for coming to the CUBE and and keep fighting the fight. Best of luck going forward. >> Great. Thank you, Dave. >> All right. And thank you for watching everybody. This is Dave Villante for the CUBEs continuous coverage VeeamON 2021, the virtual edition. We will be right back. (upbeat music)

(upbeat music) >> Welcome to this CUBE Conversation, I'm Lisa Martin. I've got two guests from Fortinet with me next talking about an very interesting topic that's something that always piques my interest, cybersecurity, and some of the things going on with respect to that. Sandra Wheatley joins us the SVP of marketing, threat intelligence and influencer communications at Fortinet. Sandra, it's great to see you again. >> Thank you, Lisa. I'm delighted to be here today. >> Lisa: Good and Rob Rashotte is here as well, vice-president, global training and technical field enablement at Fortinet. Rob welcome to the program. >> Hi, great to meet you Lisa. Nice to be here. >> Likewise. So since I last saw Fortinet we've had such a challenging year as we all know, that's an understatement, but one of the things that happened so quickly was the distribution of the workforce. And there were already preexisting gaps in IT Visibility and teams being siloed, security teams being siloed as well exacerbated distinct cybersecurity skills gap. So Sandra I want to start with you. Talk to us about what's going on with the cybersecurity skills gap and how it's impacting organizations today. >> Thank you, Lisa. While the cybersecurity skills gap continues to be one of the biggest challenges facing security organizations today, as you know, the cybersecurity space is very dynamic. It's constantly changing and we saw this even through COVID with more people working from home or being educated from home. Cyber adversaries are using remote workers as a way into the enterprise network. And so security organizations today are facing a lot of complexity. They deal with billions of alerts that come in every day and a lot of these have to be managed manually and they just don't have the professionals to keep up with that. So it continues to be a big issue facing organizations. We have seen some progress about a year ago. It was estimated that we would need 4 million professionals come into the industry to close the gap. We are now at probably a little bit over 3 million. So there is progress being made but we still have a long way to go. >> Yeah, good progress there. But what I mean, one of the things that we saw so quickly was with the distribution center was suddenly, there were tons of trusted devices that were off the network perimeter where all these keep going, "Use your own device at home until we can get you something provisioned on the network." So huge challenge that was almost like a light switch for people in any industry. Rob, talk to me from your perspective the ongoing cybersecurity skills gap. What are some of the things that you were seeing through your lens? >> Yeah, well, I mean it has certainly changed our focus over the last year with the pandemic and the change in workforce and so on. And I think as a cybersecurity vendor, a lot of the times when we talk about training and the skills gap we often tend to think pretty quickly about engineers and technical training and like this has really opened up our eyes too. We need to really broaden our scope when we're talking about training and closing the skills gap, because it's a lot more than just engineers. So we've had to really focus more on really anyone sitting in front of a computer screen and ensure that programs are available for people that are working from home that need to understand, the fact that security is just as big an issue if you're working from home or working from the office. So it's really broadened our scope in terms of who we're delivering training to and within a number of our programs, actually, that has happened. When we're dealing with we have a lot of academic partners that we deliver training with them. And one thing that's happened there is we we've traditionally dealt with engineering schools within our academic partners but now we're starting to see a lot of business schools coming and talking to us about delivering training within MBA programs and so on. So that business leaders can start understand, the need to be addressing cybersecurity in the boardroom for example, not just within the it department. So it's I guess the one thing I would say is it's really broadened our scope in terms of who the audience is for cybersecurity and the skills gap is a, you know it impacts a lot of different areas in the organization. >> Yeah, you brought up a great point there that elevation of security to the board level is critical. As we saw like big spikes and things like Ransomware last year. Ransomware getting much more sophisticated kind of playing on people's concerns for buzzwords like COVID-19 for example, and I talked to a lot of organizations where security is at the board level but the talent gap is another challenge. Sandra talk to us about what Fortinet is doing from a partnership perspective to help shrink that gap. >> Well, it's interesting because if you were to do a survey of people about where the responsibility lies to train more professionals for the industry, you'll see a split about 40% of people feel like academia should be providing the training and the curriculum to bring more professionals into the industry. And then others feel like it's a mix between corporate private public partnerships. And that's something that Fortinet believes in. We are tackling this issue on multiple fronts. We recently launched our TAA initiative or our Training Advancement Agenda, and a lot of the pro programs that Rob manages are part of that agenda like our free NSE training, our security academies, but we're also working with a lot of global partners, corporate partners like Salesforce, and IBM. We're also working with the World Economic Forum on this initiative because we really believe it's a joint effort to really make a difference. And so, for example, with Salesforce we provide some of our curriculum and training for free on their training platform, the same with IBM. And we'll continue to scale these partnerships because with these partners, we can reach more people and accelerate the impact that we can have overall. >> Absolutely that ability to expand it especially as we saw such a change in the cyber threat landscape last year as you said, Sandra you've made great progress needing, you know, a deficit of 4 million folks down to 3 million, but also looking at the opportunity to try to find more folks leveraging partners and to rubs point elevating the conversation or expanding that scope. This isn't just a problem for IT and security folks. This is a challenge across the organization that the board needs to be focused on because we've seen in this rapidly changing last year organizations and enough peril in trying to pivot their businesses. And then you add on some of the cyber threats. Rob can you talk a little bit more about the TAA initiative? I know that about your Network Security Expert program NSE program, you guys also do FortiVet program. Tell us a little bit about some of those programs and maybe some of the things that you've done to broaden the scope during the last year. >> Yeah, it certainly can. I mean, there's a number of programs that make up the agenda and you know we've widened the scope in terms of the audiences that we're looking at. But also as Sandra mentioned, trying to expand our reach as ordinary, obviously we have a reach into our partners and our ecosystem, but the ecosystem of the IBM's and the world economic forums and so on go far beyond our reach. But one of the things that we were able to do as a company almost exactly a year ago, we made the conscious decision that the training curriculum that we've built, we wanted to make it available to as many people as we possibly could. So we we've made approximately 400 hours worth of cybersecurity training available to anyone that wants to sign up and take the training in self-paced format, where they want to take it, when they want to take it. So that was a big commitment on our part and that training continues to be free today and we'll keep it free until we start to see the skills gap closed but that that has resulted I guess it was about a month or two ago when we were tracking numbers that we've exceeded over a million registrations for that training, which really was validation to us that the demand for this training is massive. So that's helped us expand our reach but that training as well we're making it available for free, but we have all sorts of different types of partners who are taking that training and making it three free through their learning portals as well. So it's really expanded the reach in that way. You know, another area that we've really focused on is partnering with nonprofits who are representing underrepresented groups. So you mentioned the veterans program that's been a program we've had for quite a while now, but we've looked at that program and thought, well, you know, we can definitely replicate our efforts there and look at other groups as well and start to see how we can partner with different NGOs to really address the diversity and inclusion, within the cybersecurity industry. 'Cause, you know, I think one thing that's interesting here is because of the skill shortage, a lot of hiring managers have had to start to look at recruiting through non traditional streams. And that that can be, you know, looking at if we have policies that say, we must hire people with four year degrees. Well, maybe we want to take a look at that and see well is that really necessary for all the jobs that we're looking at? Maybe we could look at shorter programs even high school students but then also looking at underrepresented groups it is a great way for us to take a look at this skills gap in cybersecurity and align it with our diversity and inclusion initiatives, internally within our organizations and see how we can bring that to bear on problem and really start to have the same time, create a much more diverse workforce within cybersecurity while we're trying to close that skills gap. >> I love that what a great opportunity to expand upon that. I wanted to ask you just really quickly, Rob she said 400 hours of free cyber training available over a million registrations so far. You're right, that definitely shows the demand. I'm curious when we think of backgrounds we think are these, you know need to be IT folks. Is that curriculum broad enough so that somebody with a marketing degree or somebody that doesn't have a degree could kind of get in on level one and start learning their way up the security stack? >> Yeah, it is a very broad scope. When we look at the catalog, it is multiple levels. And in fact our network security expert program it's an eight level program. And the first couple of levels of that program are applicable to anyone that needs an awareness of cybersecurity and the issues. So, yeah, it's perfect. And `in fact the level one of that program is something that we've integrated into a new service offering which is our Cybersecurity Awareness Program that companies can implement internally to provide that base level of cybersecurity awareness to all of their employees. And then as you go up to level two, three, four and five, and so on, it gets more and more technical right up to the NSE level or we're talking about, you know, architects engineers are developing very large critical cyber security infrastructures. >> Lisa, you bring up a very important point that I'd like to make a comment on. There's this misconception that you need a degree in Computer Science or some other technical degree to be in cyber security. And that's absolutely not the case. In fact, half the people in cybersecurity don't have a degree in any Computer Science program, et cetera, but you know there's a lot of skillsets and backgrounds that really map well to cybersecurity. And it's a very broad industry. There was new roles coming all of the time. So I would encourage people to not let that be a barrier to getting into this industry. And in fact our Veteran's program has been extremely successful because people coming out of the defense forces have a lot of the skills that match very well to cyber security like attention to detail, situational awareness, the ability to work under pressure. So it's definitely a misconception that the industry needs to correct. >> I couldn't agree more, especially as the daughter of a Vietnam Combat Veteran and I love what you guys are doing with veterans but you're right. There's so many other skills that people have that are so transportable and transferable that, and it's such an exciting industry. I mean, we all have a million devices scattered around. I think with those new Apple tags that if I put one on my dog's collar, my dog's going to be a connected device. There's so many opportunities to learn but there's also more exposure. The more people that have different backgrounds I think just that with that thought diversity alone, organizations in any industry can benefit. Sandra talk to us about how partners are taking some of these programs and rolling them into their own to help kind of open that door wider as you say, to make sure that barrier isn't there and also get more folks aware of what they can learn. >> Yeah, the encouraging thing is I just see a lot more creativity around this issue. If you think about it, the lack of diversity in IT has been a challenge for everyone that the issue in cybersecurity is just a manifestation of that. And one of the reasons is that it's particularly cybersecurity. A lot of people don't understand how to get into the industry, or they have a lack of awareness about the different types of roles. And we see this in particular with women and young females as well as underserved minority groups. In fact, the veterans program is one way to bring more of that diversity into the industry. And if you think about it today, women make up about 24%. I think it's single digits for underrepresented groups. So we have a huge opportunity there. And I think somehow working with our partners we're doing a lot of different things. Not only are we providing our curriculum and our training and the technical support, but we're also done a lot of work around mapping roles and the steps you need to take to, to achieve those roles. So we've created that for different roles, and we've shared that with some of our training partners and they provide that information on their training platforms. We also regularly have done a lot of different podcasts and interviews with women and minorities have gone through the industry and been very successful talking about how they did that and how they got there. We're working with lots of nonprofits like Women in Cybersecurity speaking to people out there providing them the support. So it's a multi-phase approach. And I do think that private industry need to be doing things like creating entry level kinds of roles to bring more people in the industry and recruit differently. But the good news is there's a huge amount of awareness around this, and you definitely see companies doing a lot more, as well as our partners. >> Well if I could just touch on something there, well Sandra is talking about the different career roles and so on. The industry can get pretty complicated pretty quickly when we're talking about different roles. And there's a lot of buzzwords. And you know when people are looking at this and say, well, how do I even get into this industry? It sounds very technical complicated. And, you know, there are a number of different career patching tools that you can find out there around cyber security but when there's too many of those that even gets confusing. So the career paths that we've developed, we've done that in conjunction with NICE and there's an initiative called the NICE Framework which stands for National Initiative for Cyber Security Education. And so the pathways that we've developed map to that. So, you know, that's one thing I'd like to encourage other organizations to make sure that we're all following that framework so that as we're providing these career paths to people we're using the same terminology. We're using the same titles and career paths and so on. So it just makes it a little bit more understandable for people to pick a path that they want and then start their journey. >> I also think exposing students earlier in their education about cyber security is really important. In fact, we're just released a book called "Cyber Safe" and it's targeting elementary school children and their parents and making them more aware of cybersecurity, the risks, how they should behave online. It talks about cyber bullying and it also helps has guidance in there for parents. And this is a book that we're making freely available to underserved schools and it can easily be accessed online. We've had great reviews, but it's all part of our TAA efforts to educate and make people more aware about the opportunities on the industry overall. >> I love that, Sandra our SVP of marketing. Is there a URL that you can give our audience where they can find that free resource? >> Yes, you can find that I believe on our NSE training page. You can just go to fortinet.com NSE and or TAA and you will find information about how to get the book. >> Excellent so fortinet.com search TAA or NSE you'll find that information. I'm going to check that out myself 'cause maybe you know, for adult children of parents who also need some cybersecurity help I think I might check that out for myself. >> You can (indistinct) copy Lisa. >> Thank you, excellent. It's been great talking to you guys. This is such an interesting topic. I love the efforts that Fortinet is doing to close those gaps and also what you're doing to bridge that with the diversity and inclusion efforts brought out. That's a great effort, Sandra, Rob thank you for joining me today. >> Thank you, Lisa. >> Thank you, Lisa >> For Sandra Wheatley and Rob Rashotte. I'm Lisa Martin. You're watching this CUBE conversation with Fortinet. (gentle music)

(radio calls) >> Announcer: From around the globe, its theCUBE covering Space & Cybersecurity Symposium 2020, hosted by Cal poly. Hello, welcome back to theCUBE virtual coverage with Cal Poly for the Space and Cybersecurity Symposium, a day four and the wrap up session, keynote session with the Lieutenant Governor of California, Eleni Kounalakis. She's here to deliver her keynote speech on the topic of California's role in supporting America's Cybersecurity future. Eleni, take it away. >> Thank you, John, for the introduction. I am Lieutenant Governor Eleni Kounalakis. It is an honor to be part of Cal Poly Space and Cybersecurity Symposium. As I speak kind of Pierre with the governor's office of business and economic development is available on the chat, too ready to answer any questions you might have. California and indeed the world are facing significant challenges right now. Every day we are faced with the ongoing COVID-19 pandemic and the economic downturn that is ensued. We have flattened the curve in California and are moving in the right direction but it is clear that we're not out of the woods yet. It is also impossible right now to escape the reality of climate change from the fire sparked by exceptionally rare, dry lightening events to extreme heat waves threatening public health and putting a strain on our electricity grid. We see that climate change is here now. And of course we've been recently confronted with a series of brutal examples of institutionalized racism that have created an awakening among people of all walks of life and compelled us into the streets to march and protest. In the context of all this, we cannot forget that we continue to be faced with other less visible but still very serious challenges. Cybersecurity threats are one of these. We have seen cities, companies and individuals paralyzed by attacks costing time and money and creating an atmosphere of uncertainty and insecurity. Our state agencies, local governments, police departments, utilities, news outlets and private companies from all industries are target. The threats around cybersecurity are serious but not unlike all the challenges we face in California. We have the tools and fortitude to address them. That is why this symposium is so important. Thank you, Cal Poly and all the participants for being here and for the important contributions you bring to this conference. I'd like to also say a few words about California's role in America's future in space. California has been at the forefront of the aerospace industry for more than a century through all the major innovations in aerospace from wooden aircraft, to World War II Bombers, to rockets and Mars rovers. California has played a pivotal role. Today, California is the number one state in total defense spending, defense contract spending and total number of personnel. It is estimated the Aerospace and Defense Industry, provides $168 billion in economic impact to our state. And America's best trained and most experienced aerospace and technology workforce lives here in California. The fact that the aerospace and defense sector, has had a strong history in California is no accident. California has always had strong innovation ecosystem and robust infrastructure that puts many sectors in a position to thrive. Of course, a big part of that infrastructure is a skilled workforce. And at the foundation of a skilled workforce is education. California has the strongest system of public higher education in the world. We're home to 10 university of California campuses, 23 California State university campuses and 116 California Community Colleges. All told nearly 3 million students are enrolled in public higher education. We also have world renowned private universities including the California Institute of Technology and Stanford University numbers one and three in the country for aerospace engineering. California also has four national laboratories and several NASA facilities. California possesses a strong spirit of innovation, risk taking and entrepreneurship. Half of all venture capital funding in the United States, goes to companies here in California. Lastly, but certainly no less critical to our success, California is a diverse state. 27% of all Californians are foreign born, 27% more than one in four of our population of 40 million people are immigrants from another country, Europe central and South America, India, Asia, everywhere. Our rich cultural diversity is our strength and helps drive our economy. As I look to the future of industries like cybersecurity and the growing commercial space industry, I know our state will need to work with those industries to make sure we continue to train our workforce for the demands of an evolving industry. The office of the lieutenant governor has a unique perspective on higher education and workforce development. I'm on the UC Board of Regents, the CSU Board of Trustees. And as of about two weeks ago, the Community Colleges Board of Governors. The office of the lieutenant governor is now the only office that is a member of every governing board, overseeing our public higher education system. Earlier in the symposium, we heard a rich discussion with Undersecretary Stewart Knox from the California Labor and Workforce Development Agency about what the state is doing to meet the needs of space and cybersecurity industries. As he mentioned, there are over 37,000 job vacancies in cybersecurity in our state. We need to address that gap. To do so, I see an important role for public private partnerships. We need input from industry and curriculum development. Some companies like Lockheed Martin, have very productive partnerships with universities and community colleges that train students with skills they need to enter aerospace and cyber industries. That type of collaboration will be key. We also need help from the industry to make sure students know that fields like cybersecurity even exist. People's early career interests are so often shaped by the jobs that members of their family have or what they see in popular culture. With such a young and evolving field like cybersecurity, many students are unaware of the job opportunities. I know for my visits to university campuses that students are hungry for STEM career paths where they see opportunities for good paying jobs. When I spoke with students at UC Merced, many of them were first generation college students who went through community college system before enrolling in a UC and they gravitated to STEM majors. With so many job opportunities available to STEM students, cybersecurity ought to be one that they are aware of and consider. Since this symposium is being hosted by Cal Poly, I wanted to highlight the tremendous work they're doing as leaders in the space and cybersecurity industry. Cal Poly California Cybersecurity Institute, does incredible work bringing together academia, industry and government training the next generation of cyber experts and researching emerging cybersecurity issues. As we heard from the President of Cal Poly, Jeff Armstrong the university is in the perfect location to contribute to a thriving space industry. It's close to Vandenberg Air Force Base and UC Santa Barbara and could be home to the future permanent headquarters of US Space Command. The state is also committed to supporting this space industry in the Central Coast. In July, the State of California, Cal poly US-based force and the others signed a memorandum of understanding to develop a commercial space port at Vandenberg Air Force Base and to develop a master plan to grow the commercial space industry in the region. Governor Newsom has made a commitment to lift up all regions of the state. And this strategy will position the Central Coast to be a global leader in the future of the space industry. I'd like to leave you with a few final thoughts, with everything we're facing. Fires, climate change, pandemic. It is easy to feel overwhelmed but I remain optimistic because I know that the people of the State of California are resilient, persistent, and determined to address our challenges and show a path toward a better future for ourselves and our families. The growth of the space industry and the economic development potential of projects like the Spaceport at Vandenberg Air Force Base, our great example of what we can look forward to. The potential for the commercial space industry to become a $3 trillion industry by mid century, as many experts predict is another. There are so many opportunities, new companies are going to emerge doing things we never could have dreamed of today. As Lieutenant General John Thompson said in the first session, the next few years of space and cyber innovation are not going to be a pony ride at the state fair, they're going to be a rodeo. We should all saddle up. Thank you. >> Okay, thank you very much, Eleni. I really appreciate it. Thank you for your participation and all your support to you and your staff. You guys doing a lot of work, a lot going on in California but cybersecurity and space as it comes together, California's playing a pivotal role in leading the world and the community. Thank you very much for your time. >> Okay, this session is going to continue with Bill Britton. Who's the vice president of technology and CIO at Cal Poly but more importantly, he's the director of the cyber institute located at Cal Poly. It's a global organization looking at the intersection of space and cybersecurity. Bill, let's wrap this up. Eleni had a great talk, talking about the future of cybersecurity in America and its future. The role California is playing, Cal Poly is right in the Central Coast. You're in the epicenter of it. We've had a great lineup here. Thanks for coming on. Let's put a capstone on this event. >> Thank you, John. But most importantly, thanks for being a great partner helping us get this to move forward and really changing the dynamic of this conversation. What an amazing time we're at, we had quite an unusual group but it's really kind of the focus and we've moved a lot of space around ourselves. And we've gone from Lieutenant General Thompson and the discussion of the opposition and space force and what things are going on in the future, the importance of cyber in space. And then we went on and moved on to the operations. And we had a private company who builds, we had the DOD, Department Of Defense and their context and NASA and theirs. And then we talked about public private partnerships from President Armstrong, Mr. Bhangu Mahad from the DOD and Mr. Steve Jacques from the National Security Space Association. It's been an amazing conference for one thing, I've heard repeatedly over and over and over, the reference to digital, the reference to cloud, the reference to the need for cybersecurity to be involved and really how important that is to start earlier than just at the employment level. To really go down into the system, the K through 12 and start there. And what an amazing time to be able to start there because we're returning to space in a larger capacity and it's now all around us. And the lieutenant governor really highlighted for us that California is intimately involved and we have to find a way to get our students involved at that same level. >> I want to ask you about this inflection point that was a big theme of this conference and symposium. It was throughout the interviews and throughout the conversations, both on the chat and also kind of on Twitter as well in the social web. Is that this new generation, it wasn't just space and government DOD, all the normal stuff you see, you saw JPL, the Hewlett Foundation, the Defense Innovation Unit, Amazon Web Services, NASA. Then you saw entrepreneurs come in, who were doing some stuff. And so you had this confluence of community. Of course, Cal Poly had participated in space. You guys does some great job, but it's not just the physical face-to-face show up, gets to hear some academic papers. This was a virtual event. We had over 300 organizations attend, different organizations around the world. Being a virtual event you had more range to get more people. This isn't digital. This symposium isn't about Central California anymore. It's global. >> No, it really has gone. >> What really happened to that? >> It's really kind of interesting because at first all of this was word of mouth for this symposium to take place. And it just started growing and growing and the more that we talk to organizations for support, the more we found how interconnected they were on an international scale. So much so that we've decided to take our cyber competition next year and take it globally as well. So if in fact as Major General Shaw said, this is about a multinational support force. Maybe it's time our students started interacting on that level to start with and not have to grow into it as they get older, but do it now and around space and around cybersecurity and around that digital environment and really kind of reduce the digital dividing space. >> Yeah, General Thompson mentioned this, 80 countries with programs. This is like the Olympics for space and we want to have these competitions. So I got great vision and I love that vision, but I know you have the number... Not number, the scores and from the competition this year that happened earlier in the week. Could you share the results of that challenge? >> Yeah, absolutely. We had 83 teams participate this year in the California Cyber Innovation Challenge. And again, it was based around a spacecraft scenario where a spacecraft, a commercial spacecraft was hacked and returned to earth. And the students had to do the forensics on the payload. And then they had to do downstream network analysis, using things like Wireshark and autopsy and other systems. It was a really tough competition. The students had to work hard and we had middle school and high school students participate. We had an intermediate league, new schools who had never done it before or even some who didn't even have STEM programs but were just signing up to really get involved in the experience. And we had our ultimate division which was those who had competed in several times before. And the winner of that competition was North Hollywood. They've been the winning team for four years in a row. Now it's a phenomenal program, they have their hats off to them for competing and winning again. Now what's really cool is not only did they have to show their technical prowess in the game but they also have to then brief and out-brief what they've learned to a panel of judges. And these are not pushovers. These are experts in the field of cybersecurity in space. We even had a couple of goons participating from DefCon and the teams present their findings. So not only are we talking technical, we're talking about presentation skills. The ability to speak and understand. And let me tell you, after reading all of their texts to each other over the weekend adds a whole new language they're using to interact with each other. It's amazing. And they are so more advanced and ready to understand space problems and virtual problems than we are. We have to challenge them even more. >> Well, it sounds like North Hollywood got the franchise. It's likethe Patriots, the Lakers, they've got a dynasty developing down there in North Hollywood. >> Well, what happens when there's a dynasty you have to look for other talent. So next year we're going global and we're going to have multiple states involved in the challenge and we're going to go international. So if North Hollywood pulls it off again next year, it's going to be because they've met the best in the world than defeated >> Okay, the gauntlet has been thrown down, got to take down North Hollywood from winning again next year. We'll be following that. Bill, great to get those results on the cyber challenge we'll keep track and we'll put a plug for it on our site. So we got to get some press on that. My question to you is now as we're going digital, other theme was that they want to hire digital natives into the space force. Okay, the DOD is looking at new skills. This was a big theme throughout the conference not just the commercial partnerships with government which I believe they had kind of put more research and personally, that's my personal opinion. They should be putting in way more research into academic and these environments to get more creative. But the skill sets was a big theme. What's your thoughts on how you saw some of the highlight moments there around skill sets? >> John, it's really interesting 'cause what we've noticed is in the past, everybody thinks skill sets for the engineering students. And it's way beyond that. It's all the students, it's all of them understanding what we call cyber cognizance. Understanding how cybersecurity works whatever career field they choose to be in. Space, there is no facet of supporting space that doesn't need that cyber cognizance. If you're in the back room doing the operations, you're doing the billing, you're doing the contracting. Those are still avenues by which cybersecurity attacks can be successful and disrupt your space mission. The fact that it's international, the connectivities, all of those things means that everyone in that system digitally has to be aware of what's going on around them. That's a whole new thought process. It's a whole new way of addressing a problem and dealing with space. And again it's virtual to everyone. >> That's awesome. Bill, great to have you on. Thank you for including theCUBE virtual, our CUBE event software platform that we're rolling out. We've been using it for the event and thank you for your partnership in this co-creation opening up your community, your symposium to the world, and we're so glad to be part of it. I want to thank you and Dustin and the team and the President of Cal Poly for including us. Thank you very much. >> Thank you, John. It's been an amazing partnership. We look forward to it in the future. >> Okay, that's it. That concludes the Space and Cybersecurity Symposium 2020. I'm John Furrier with theCUBE, your host with Cal Poly, who put on an amazing virtual presentation, brought all the guests together. And again, shout out to Bill Britton and Dustin DeBrum who did a great job as well as the President of Cal poly who endorsed and let them do it all. Great event. See you soon. (flash light sound)

>>from around the globe. It's the Cube covering space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Oven. Welcome back to the Space and Cyber Security Symposium. 2020 I'm John for your host with the Cuban silicon angle, along with Cal Poly, representing a great session here on industry success in developing space and cybersecurity. Resource is Got a great lineup. Brigadier General Steve Hotel, whose are also known as Bucky, is Call Sign director of Space Portfolio Defense Innovation Unit. Preston Miller, chief information security officer at JPL, NASA and Major General retired Clint Crozier, director of aerospace and satellite solutions at Amazon Web services, also known as a W s. Gentlemen, thank you for for joining me today. So the purpose of this session is to spend the next hour talking about the future of workforce talent. Um, skills needed and we're gonna dig into it. And Spaces is an exciting intersection of so many awesome disciplines. It's not just get a degree, go into a track ladder up and get promoted. Do those things. It's much different now. Love to get your perspectives, each of you will have an opening statement and we will start with the Brigadier General Steve Hotel. Right? >>Thank you very much. The Defense Innovation Unit was created in 2015 by then Secretary of Defense Ash Carter. To accomplish three things. One is to accelerate the adoption of commercial technology into the Department of Defense so that we can transform and keep our most relevant capabilities relevant. And also to build what we call now called the national Security Innovation Base, which is inclusive all the traditional defense companies, plus the commercial companies that may not necessarily work with focus exclusively on defense but could contribute to our national security and interesting ways. Um, this is such an exciting time Azul here from our other speakers about space on and I can't, uh I'm really excited to be here today to be able to share a little bit of our insight on the subject. >>Thank you very much. Precedent. Miller, Chief information security officer, Jet Propulsion Lab, NASA, Your opening statement. >>Hey, thank you for having me. I would like to start off by providing just a little bit of context of what brings us. Brings us together to talk about this exciting topic for space workforce. Had we've seen In recent years there's been there's been a trend towards expanding our space exploration and the space systems that offer the great things that we see in today's world like GPS. Um, but a lot of that has come with some Asian infrastructure and technology, and what we're seeing as we go towards our next generation expects of inspiration is that we now want to ensure that were secured on all levels. And there's an acknowledgement that our space systems are just a susceptible to cyber attacks as our terrestrial assistance. We've seen a recent space, uh, policy Directive five come out from our administration, that that details exactly how we should be looking at the cyber principle for our space systems, and we want to prevent. We want to prevent a few things as a result of that of these principles. Spoofing and jamming of our space systems are not authorized commands being sent to those space systems, lots of positive control of our space vehicles on lots of mission data. We also acknowledge that there's a couple of frameworks we wanna adopt across the board of our space systems levers and things like our nice miss cybersecurity frameworks. eso what has been a challenge in the past adopted somebody Cyber principles in space systems, where there simply has been a skill gap in a knowledge gap. We hire our space engineers to do a few things. Very well designed space systems, the ploy space systems and engineer space systems, often cybersecurity is seen as a after thought and certainly hasn't been a line item and in any budget for our spaces in racing. Uh, in the past in recent years, the dynamic started to change. We're now now integrating cyber principles at the onset of development of these life cycle of space. Systems were also taking a hard look of how we train the next generation of engineers to be both adequate. Space engineers, space system engineers and a cyber engineers, as a result to Mrs success on DWI, also are taking a hard look at What do we mean when we talk about holistic risk management for our space assistance, Traditionally risk management and missing insurance for space systems? I've really revolved around quality control, but now, in recent years we've started to adopt principles that takes cyber risk into account, So this is a really exciting topic for me. It's something that I'm fortunate to work with and live with every day. I'm really excited to get into this discussion with my other panel members. Thank you. >>You Preston. Great insight there. Looking forward. Thio chatting further. Um, Clint Closure with a W. S now heading up. A director of aerospace and satellite Solutions, formerly Major General, Your opening statement. >>Thanks, John. I really appreciate that introduction and really appreciate the opportunity to be here in the Space and Cybersecurity Symposium. And thanks to Cal Poly for putting it together, you know, I can't help, but as I think to Cal Poly there on the central California coast, San Luis Obispo, California I can't help but to think back in this park quickly. I spent two years of my life as a launch squadron commander at Vandenberg Air Force Base, about an hour south of Cal Poly launching rockets, putting satellites in orbit for the national intelligence community and so some really fond memories of the Central California coast. I couldn't agree more with the theme of our symposium this week. The space and cyber security we've all come to know over the last decade. How critical spaces to the world, whether it's for national security intelligence, whether it's whether communications, maritime, agriculture, development or a whole host of other things, economic and financial transactions. But I would make the case that I think most of your listeners would agree we won't have space without cybersecurity. In other words, if we can't guaranteed cybersecurity, all those benefits that we get from space may not be there. Preston in a moment ago that all the threats that have come across in the terrestrial world, whether it be hacking or malware or ransomware or are simple network attacks, we're seeing all those migrate to space to. And so it's a really important issue that we have to pay attention to. I also want to applaud Cow Pauling. They've got some really important initiatives. The conference here, in our particular panel, is about developing the next generation of space and cyber workers, and and Cal Poly has two important programs. One is the digital transformation hub, and the other is space data solutions, both of which, I'm happy to say, are in partnership with a W. S. But these were important programs where Cal Poly looks to try to develop the next generation of space and cyber leaders. And I would encourage you if you're interested in that toe. Look up the program because that could be very valuable is well, I'm relatively new to the AWS team and I'm really happy Thio team, as John you said recently retired from the U. S. Air Force and standing up the U. S. Space force. But the reason that I mentioned that as the director of the aerospace and satellite team is again it's in perfect harmony with the theme today. You know, we've recognized that space is critically important and that cyber security is critically important and that's been a W s vision as well. In fact, a W s understands how important the space domain is and coupled with the fact that AWS is well known that at a W s security is job zero and stolen a couple of those to fax A. W. S was looking to put together a team the aerospace and satellite team that focus solely and exclusively every single day on technical innovation in space and more security for the space domain through the cloud and our offerings there. So we're really excited to reimagine agree, envision what space networks and architectures could look like when they're born on the cloud. So that's important. You know, talk about workforce here in just a moment, but but I'll give you just a quick sneak. We at AWS have also recognized the gap in the projected workforce, as Preston mentioned, Um, depending on the projection that you look at, you know, most projections tell us that the demand for highly trained cyber cyber security cloud practitioners in the future outweighs what we think is going to be the supply. And so a ws has leaned into that in a number of ways that we're gonna talk about the next segment. I know. But with our workforce transformation, where we've tried to train free of charge not just a W s workers but more importantly, our customers workers. It s a W s we obsessed over the customer. And so we've provided free training toe over 7000 people this year alone toe bring their cloud security and cyber security skills up to where they will be able to fully leverage into the new workforce. So we're really happy about that too? I'm glad Preston raised SPD five space policy Directive five. I think it's gonna have a fundamental impact on the space and cyber industry. Uh, now full disclosure with that said, You know, I'm kind of a big fan of space policy directives, ESPN, Or was the space policy directive that directed to stand up of the U. S. Space Force and I spent the last 18 months of my life as the lead planner and architect for standing up the U. S. Space force. But with that said, I think when we look back a decade from now, we're going to see that s p d five will have as much of an impact in a positive way as I think SPD for on the stand up of the space Force have already done so. So I'll leave it there, but really look forward to the dialogue and discussion. >>Thank you, gentlemen. Clint, I just wanna say thank you for all your hard work and the team and the people who were involved in standing up Space force. Um, it is totally new. It's a game changer. It's modern, is needed. And there's benefits on potential challenges and opportunities that are gonna be there, so thank you very much for doing that. I personally am excited. I know a lot of people are excited for what the space force is today and what it could become. Thank you very much. >>Yeah, Thanks. >>Okay, So >>with >>that, let me give just jump in because, you know, as you're talking about space force and cybersecurity and you spend your time at Vanderburgh launching stuff into space, that's very technical. Is operation okay? I mean, it's complex in and of itself, but if you think about like, what's going on beyond in space is a lot of commercial aspect. So I'm thinking, you know, launching stuff into space on one side of my brain and the other side of brain, I'm thinking like air travel. You know, all the logistics and the rules of the road and air traffic control and all the communications and all the technology and policy and, you >>know, landing. >>So, Major General Clint, what's your take on this? Because this is not easy. It's not just one thing that speaks to the diversity of workforce needs. What's your reaction to that? >>Yeah. I mean, your observation is right on. We're seeing a real boom in the space and aerospace industry. For all the good reasons we talked about, we're recognizing all the value space from again economic prosperity to exploration to being ableto, you know, improve agriculture and in weather and all those sorts of things that we understand from space. So what I'm really excited about is we're seeing this this blossom of space companies that we sort of referred to his new space. You know, it used to be that really only large governments like the United States and a handful of others could operate in the space domain today and largely infused because of the technological innovation that have come with Cyber and Cyrus Space and even the cloud we're seeing more and more companies, capabilities, countries, all that have the ability, you know. Even a well funded university today can put a cube sat in orbit, and Cal Poly is working on some of those too, by the way, and so it's really expanded the number of people that benefits the activity in space and again, that's why it's so critically important because we become more and more reliant and we will become more and more reliant on those capabilities that we have to protect him. It's fundamental that we do. So, >>Bucky, I want you to weigh in on this because actually, you you've flown. Uh, I got a call sign which I love interviewing people. Anyone who's a call sign is cool in my book. So, Bucky, I want you to react to that because that's outside of the technology, you know, flying in space. There's >>no >>rule. I mean, is there like a rules? I mean, what's the rules of the road? I mean, state of the right. I mean, what I mean, what what's going? What's gonna have toe happen? Okay, just logistically. >>Well, this is very important because, uh and I've I've had access thio information space derived information for most of my flying career. But the amount of information that we need operate effectively in the 21st century is much greater than Thanet has been in the past. Let me describe the environment s so you can appreciate a little bit more what our challenges are. Where, from a space perspective, we're going to see a new exponential increase in the number of systems that could be satellites. Uh, users and applications, right? And so eso we're going we're growing rapidly into an environment where it's no longer practical to just simply evolved or operate on a perimeter security model. We and with this and as I was brought up previously, we're gonna try to bring in MAWR commercial capabilities. There is a tremendous benefit with increasing the diversity of sources of information. We use it right now. The military relies very heavily on commercial SAT com. We have our military capabilities, but the commercial capabilities give us capacity that we need and we can. We can vary that over time. The same will be true for remote sensing for other broadband communications capabilities on doing other interesting effects. Also, in the modern era, we doom or operations with our friends and allies, our regional partners all around the world, in order to really improve our interoperability and have rapid exchange of information, commercial information, sources and capabilities provides the best means of doing that. So that so that the imperative is very important and what all this describes if you want to put one word on it. ISS, we're involving into ah hybrid space architectures where it's gonna be imperative that we protect the integrity of information and the cyber security of the network for the things most important to us from a national security standpoint. But we have to have the rules that that allows us to freely exchange information rapidly and in a way that that we can guarantee that the right users are getting the right information at the right. >>We're gonna come back to that on the skill set and opportunities for people driving. That's just looking. There's so much opportunity. Preston, I want you to react to this. I interviewed General Keith Alexander last year. He formerly ran Cyber Command. Um, now he's building Cyber Security Technologies, and his whole thesis is you have to share. So the question is, how do you share and lock stuff down at the same time when you have ah, multi sided marketplace in space? You know, suppliers, users, systems. This is a huge security challenge. What's your reaction to this? Because we're intersecting all these things space and cybersecurity. It's just not easy. What's your reaction? >>Absolutely, Absolutely. And what I would say in response to that first would be that security really needs to be baked into the onset of how we develop and implement and deploy our space systems. Um, there's there's always going to be the need to collect and share data across multiple entities, particularly when we're changing scientific data with our mission partners. Eso with that necessitates that we have a security view from the onset, right? We have a system spaces, and they're designed to share information across the world. How do we make sure that those, uh, those other those communication channels so secure, free from interception free from disruption? So they're really done? That necessitates of our space leaders in our cyber leaders to be joining the hip about how to secure our space systems, and the communications there in Clinton brought up a really good point of. And then I'm gonna elaborate on a little bit, just toe invite a little bit more context and talk about some the complexities and challenges we face with this advent of new space and and all of our great commercial partners coming into therefore way, that's going to present a very significant supply chain risk management problems that we have to get our hands around as well. But we have these manufacturers developing these highly specialized components for the space instruments, Um, that as it stands right now, it's very little oversight And how those things air produced, manufactured, put into the space systems communication channels that they use ports protocols that they use to communicate. And that's gonna be a significant challenge for us to get get our hands around. So again, cybersecurity being brought in. And the very onset of these development thes thes decisions in these life cycles was certainly put us in a best better position to secure that data in our in our space missions. >>Yeah, E just pick up on that. You don't mind? Preston made such a really good point there. But you have to bake security in up front, and you know there's a challenge and there's an opportunity, you know, with a lot of our systems today. It was built in a pre cyber security environment, especially our government systems that were built, you know, in many cases 10 years ago, 15 years ago are still on orbit today, and we're thankful that they are. But as we look at this new environment and we understand the threats, if we bake cybersecurity in upfront weaken balance that open application versus the risk a long as we do it up front. And you know, that's one of the reasons that our company developed what we call govcloud, which is a secure cloud, that we use thio to manage data that our customers who want to do work with the federal government or other governments or the national security apparatus. They can operate in that space with the built in and baked in cybersecurity protocols. We have a secret region that both can handle secret and top secret information for the same reasons. But when you bake security into the upfront applications, that really allows you to balance that risk between making it available and accessible in sort of an open architecture way. But being sure that it's protected through things like ITAR certifications and fed ramp, uh, another ice T certifications that we have in place. So that's just a really important point. >>Let's stay high level for a man. You mentioned a little bit of those those govcloud, which made me think about you know, the tactical edge in the military analogy, but also with space similar theater. It's just another theater and you want to stand stuff up. Whether it's communications and have facilities, you gotta do it rapidly, and you gotta do it in a very agile, secure, I high availability secure way. So it's not the old waterfall planning. You gotta be fast is different. Cloud does things different? How do you talk to the young people out there, whether it's apparent with with kids in elementary and middle school to high school, college grad level or someone in the workforce? Because there are no previous jobs, that kind of map to the needs out there because you're talking about new skills, you could be an archaeologist and be the best cyber security guru on the planet. You don't have to have that. There's no degree for what, what we're talking about here. This >>is >>the big confusion around education. I mean, you gotta you like math and you could code you can Anything who wants to comment on that? Because I think this >>is the core issue. I'll say there are more and more programs growing around that educational need, and I could talk about a few things we're doing to, but I just wanna make an observation about what you just said about the need. And how do you get kids involved and interested? Interestingly, I think it's already happening, right. The good news. We're already developing that affinity. My four year old granddaughter can walk over, pick up my iPad, turn it on. Somehow she knows my account information, gets into my account, pulls up in application, starts playing a game. All before I really even realized she had my iPad. I mean, when when kids grow up on the cloud and in technology, it creates that natural proficiency. I think what we have to do is take that natural interest and give them the skill set the tools and capabilities that go with it so that we're managing, you know, the the interest with the technical skills. >>And also, like a fast I mean, just the the hackers are getting educated. Justus fast. Steve. I mean e mean Bucky. What do you do here? You CIt's the classic. Just keep chasing skills. I mean, there are new skills. What are some of those skills? >>Why would I amplify eloquent? Just said, First of all, the, uh, you know, cyber is one of those technology areas where commercial side not not the government is really kind of leading away and does a significant amount of research and development. Ah, billions of dollars are spent every year Thio to evolve new capabilities. And a lot of those companies are, you know, operated and and in some cases, led by folks in their early twenties. So the S O. This is definitely an era and a generation that is really poised in position. Well, uh, Thio take on this challenge. There's some unique aspects to space. Once we deploy a system, uh, it will be able to give me hard to service it, and we're developing capabilities now so that we could go up and and do system upgrades. But that's not a normal thing in space that just because the the technical means isn't there yet. So having software to find capabilities, I's gonna be really paramount being able to dio unique things. The cloud is huge. The cloud is centric to this or architectural, and it's kind of funny because d o d we joke because we just discovered the cloud, you know, a couple years ago. But the club has been around for a while and, uh, and it's going to give us scalability on and the growth potential for doing amazing things with a big Data Analytics. But as Preston said, it's all for not if if we can't trust the data that we receive. And so one of the concepts for future architectures is to evolve into a zero trust model where we trust nothing. We verify and authenticate everyone. And, uh, and that's that's probably a good, uh, point of departure as we look forward into our cybersecurity for space systems into the future. >>Block everyone. Preston. Your reaction to all this gaps, skills, What's needed. I mean it Z everyone's trying to squint through this >>absolutely. And I wanna want to shift gears a little bit and talk about the space agencies and organizations that are responsible for deploying these spaces into submission. So what is gonna take in this new era on, and what do we need from the workforce to be responsive to the challenges that we're seeing? First thing that comes to mind is creating a culture of security throughout aerospace right and ensuring that Azzawi mentioned before security isn't an afterthought. It's sort of baked into our models that we deploy and our rhetoric as well, right? And because again we hire our spaces in years to do it very highly. Specialized thing for a highly specialized, uh, it's topic. Our effort, if we start to incorporate rhetorically the importance of cybersecurity two missing success and missing assurance that's going to lend itself toe having more, more prepared on more capable system engineers that will be able to respond to the threats accordingly. Traditionally, what we see in organizational models it's that there's a cyber security team that's responsible for the for the whole kit kaboodle across the entire infrastructure, from enterprise systems to specialize, specialize, space systems and then a small pocket of spaces, years that that that are really there to perform their tasks on space systems. We really need to bridge that gap. We need to think about cybersecurity holistically, the skills that are necessary for your enterprise. I t security teams need to be the same skills that we need to look for for our system engineers on the flight side. So organizationally we need we need to address that issue and approach it, um todo responsive to the challenges we see our our space systems, >>new space, new culture, new skills. One of the things I want to bring up is looking for success formulas. You know, one of the things we've been seeing in the past 10 years of doing the Cube, which is, you know, we've been called the ESPN of Tech is that there's been kind of like a game ification. I want to. I don't wanna say sports because sports is different, but you're seeing robotics clubs pop up in some schools. It's like a varsity sport you're seeing, you know, twitch and you've got gamers out there, so you're seeing fun built into it. I think Cal Poly's got some challenges going on there, and then scholarships air behind it. So it's almost as if, you know, rather than going to a private sports training to get that scholarship, that never happens. There's so many more scholarship opportunities for are not scholarship, but just job opportunities and even scholarships we've covered as part of this conference. Uh, it's a whole new world of culture. It's much different than when I grew up, which was you know, you got math, science and English. You did >>it >>and you went into your track. Anyone want to comment on this new culture? Because I do believe that there is some new patterns emerging and some best practices anyone share any? >>Yeah, I do, because as you talked about robotics clubs and that sort of things, but those were great and I'm glad those air happening. And that's generating the interest, right? The whole gaming culture generating interest Robotic generates a lot of interest. Space right has captured the American in the world attention as well, with some recent NASA activities and all for the right reasons. But it's again, it's about taking that interested in providing the right skills along the way. So I'll tell you a couple of things. We're doing it a w s that we found success with. The first one is a program called A W s Academy. And this is where we have developed a cloud, uh, program a cloud certification. This is ah, cloud curriculum, if you will, and it's free and it's ready to teach. Our experts have developed this and we're ready to report it to a two year and four year colleges that they can use is part of the curriculum free of charge. And so we're seeing some real value there. And in fact, the governor's in Utah and Arizona recently adopted this program for their two year schools statewide again, where it's already to teach curriculum built by some of the best experts in the industry s so that we can try to get that skills to the people that are interested. We have another program called A W s educate, and this is for students to. But the idea behind this is we have 12 cracks and you can get up to 50 hours of free training that lead to A W s certification, that sort of thing. And then what's really interesting about that is all of our partners around the world that have tied into this program we manage what we call it ws educate Job board. And so if you have completed this educate program now, you can go to that job board and be linked directly with companies that want people with those skills we just helped you get. And it's a perfect match in a perfect marriage there. That one other piece real quickly that we're proud of is the aws Uh restart program. And that's where people who are unemployed, underemployed or transitioning can can go online. Self paced. We have over 500 courses they can take to try to develop those initial skills and get into the industry. And that's been very popular, too, So that those air a couple of things we're really trying to lean into >>anyone else want to react. Thio that question patterns success, best practices, new culture. >>I'd like Thio. The the wonderful thing about what you just touched on is problem solving, right, And there's some very, very good methodologies that are being taught in the universities and through programs like Hacking for Defense, which is sponsored by the National Security Innovation Network, a component of the I you where I work but the But whether you're using a lien methodologies or design school principals or any other method, the thing that's wonderful right now and not just, uh, where I work at the U. The Space force is doing this is well, but we're putting the problem out there for innovators to tackle, And so, rather than be prescriptive of the solutions that we want to procure, we want we want the best minds at all levels to be able to work on the problem. Uh, look at how they can leverage other commercial solutions infrastructure partnerships, uh, Thio to come up with a solution that we can that we can rapidly employ and scale. And if it's a dual use solution or whether it's, uh, civil military or or commercial, uh, in any of the other government solutions. Uh, that's really the best win for for the nation, because that commercial capability again allows us to scale globally and share those best practices with all of our friends and allies. People who share our values >>win win to this commercial. There's a business model potential financial benefits as well. Societal impact Preston. I want to come to you, JPL, NASA. I mean, you work in one of the most awesome places and you know, to me, you know, if you said to me, Hey, John, come working JP like I'm not smart enough to go there like I mean, like, it's a pretty It's intimidating, it might seem >>share folks out there, >>they can get there. I mean, it's you can get there if you have the right skills. I mean I'm just making that up. But, I mean, it is known to be super smart And is it attainable? So share your thoughts on this new culture because you could get the skills to get there. What's your take on all this >>s a bucket. Just missing something that really resonated with me, right? It's do it your love office. So if you put on the front engineer, the first thing you're gonna try to do is pick it apart. Be innovative, be creative and ways to solve that issue. And it has been really encouraging to me to see the ground welcome support an engagement that we've seen across our system. Engineers in space. I love space partners. A tackling the problem of cyber. Now that they know the West at risk on some of these cyber security threats that that they're facing with our space systems, they definitely want to be involved. They want to take the lead. They want to figure things out. They wanna be innovative and creative in that problem solving eso jpl We're doing a few things. Thio Raise the awareness Onda create a culture of security. Andi also create cyber advocates, cybersecurity advocates across our space engineers. We host events like hacked the lad, for example, and forgive me. Take a pause to think about the worst case scenarios that could that could result from that. But it certainly invites a culture of creative problem solving. Um, this is something that that kids really enjoy that are system engineers really enjoyed being a part off. Um, it's something that's new refreshing to them. Eso we were doing things like hosting a monthly cybersecurity advocacy group. When we talk about some of the cyber landscape of our space systems and invite our engineers into the conversation, we do outweighs programs specifically designed to to capture, um, our young folks, uh, young engineers to deceive. They would be interested and show them what this type of security has to offer by ways of data Analytic, since the engineering and those have been really, really successful identifying and bringing in new talent to address the skill gaps. >>Steve, I want to ask you about the d. O. D. You mentioned some of the commercial things. How are you guys engaging the commercial to solve the space issue? Because, um, the normalization in the economy with GPS just seeing spaces impacts everybody's lives. We we know that, um, it's been talked about. And and there's many, many examples. How are you guys the D o. D. From a security standpoint and or just from an advancement innovation standpoint, engaging with commercials, commercial entities and commercial folks? >>Well, I'll throw. I'll throw a, uh, I'll throw ah, compliment to Clint because he did such an outstanding job. The space forces already oriented, uh, towards ah, commercial where it's appropriate and extending the arms. Leveraging the half works on the Space Enterprise Consortium and other tools that allow for the entrepreneurs in the space force Thio work with their counterparts in a commercial community. And you see this with the, uh, you know, leveraging space X away to, uh, small companies who are doing extraordinary things to help build space situational awareness and, uh, s So it's it's the people who make this all happen. And what we do at at the D. O. D level, uh, work at the Office of Secretary defense level is we wanna make sure that they have the right tools to be able to do that in a way that allows these commercial companies to work with in this case of a space force or with cyber command and ways that doesn't redefine that. The nature of the company we want we want We want commercial companies to have, ah, great experience working with d o d. And we want d o d toe have the similar experience working, working with a commercial community, and and we actually work interagency projects to So you're going to see, uh, General Raymond, uh, hey, just recently signed an agreement with the NASA Esa, you're gonna see interagency collaborations on space that will include commercial capabilities as well. So when we speak as one government were not. You know, we're one voice, and that's gonna be tremendous, because if you're a commercial company on you can you can develop a capability that solves problems across the entire space enterprise on the government side. How great is that, Right. That's a scaling. Your solution, gentlemen. Let >>me pick you back on that, if you don't mind. I'm really excited about that. I mentioned new space, and Bucky talked about that too. You know, I've been flying satellites for 30 years, and there was a time where you know the U. S. Government national security. We wouldn't let anybody else look at him. Touch him. Plug into, um, anything else, right. And that probably worked at the time. >>But >>the world has changed. And more >>importantly, >>um, there is commercial technology and capability available today, and there's no way the U. S government or national security that national Intel community can afford economically >>to >>fund all that investment solely anymore. We don't have the manpower to do it anymore. So we have this perfect marriage of a burgeoning industry that has capabilities and it has re sources. And it has trained manpower. And we are seeing whether it's US Space Force, whether it's the intelligence community, whether it's NASA, we're seeing that opened up to commercial providers more than I've ever seen in my career. And I can tell you the customers I work with every day in a W s. We're building an entire ecosystem now that they understand how they can plug in and participate in that, and we're just seeing growth. But more importantly, we're seeing advanced capability at cheaper cost because of that hybrid model. So that really is exciting. >>Preston. You know you mentioned earlier supply chain. I don't think I think you didn't use the word supply chain. Maybe you did. But you know about the components. Um, you start opening things up and and your what you said baking it in to the beginning, which is well known. Uh, premise. It's complicated. So take me through again, Like how this all gonna work securely because And what's needed for skill sets because, you know, you're gonna open. You got open source software, which again, that's open. We live in a free society in the United States of America, so we can't lock everything down. You got components that are gonna be built anywhere all around the world from vendors that aren't just a certified >>or maybe >>certified. Um, it's pretty crazy. So just weigh in on this key point because I think Clint has it right. And but that's gonna be solved. What's your view on this? >>Absolutely. And I think it really, really start a top, right? And if you look back, you know, across, um in this country, particularly, you take the financial industry, for example, when when that was a burgeoning industry, what had to happen to ensure that across the board. Um, you know, your your finances were protected these way. Implemented regulations from the top, right? Yeah. And same thing with our health care industry. We implemented regulations, and I believe that's the same approach we're gonna need to take with our space systems in our space >>industry >>without being too directive or prescriptive. Instance she ating a core set of principles across the board for our manufacturers of space instruments for deployment and development of space systems on for how space data and scientific data is passed back and forth. Eso really? We're gonna need to take this. Ah, holistic approach. Thio, how we address this issue with cyber security is not gonna be easy. It's gonna be very challenging, but we need to set the guard rails for exactly what goes into our space systems, how they operate and how they communicate. >>Alright, so let's tie this back to the theme, um, Steve and Clint, because this is all about workforce gaps, opportunities. Um, Steve, you mentioned software defined. You can't do break fix in space. You can't just send a technician up in the space to fix a component. You gotta be software defined. We're talking about holistic approach, about commercial talk about business model technology with software and policy. We need people to think through, like you know. What the hell are you gonna do here, right? Do you just noticed road at the side of the road to drive on? There's no rules of engagement. So what I'm seeing is certainly software Check. If you wanna have a job for the next millennial software policy who solves two problems, what does freedom looked like in space Congestion Contention and then, obviously, business model. Can you guys comment on these three areas? Do you agree? And what specific person might be studying in grad school or undergraduate or in high school saying, Hey, I'm not a techie, but they can contribute your thoughts. I'll >>start off with, uh, speak on on behalf of the government today. I would just say that as policy goes, we need to definitely make sure that we're looking towards the future. Ah, lot of our policy was established in the past under different conditions, and, uh, and if there's anything that you cannot say today is that space is the same as it was even 10 years ago. So the so It's really important that our policy evolves and recognizes that that technology is going to enable not just a new ways of doing things, but also force us to maybe change or or get rid of obsolete policies that will inhibit our ability to innovate and grow and maintain peace with with a rapid, evolving threat. The for the for the audience today, Uh, you know, you want some job assurance, cybersecurity and space it's gonna be It's gonna be an unbelievable, uh, next, uh, few decades and I couldn't think of a more exciting for people to get into because, you know, spaces Ah, harsh environment. We're gonna have a hard time just dud being able differentiate, you know, anomalies that occur just because of the environment versus something that's being hacked. And so JPL has been doing this for years on they have Cem Cem great approaches, but but this is this is gonna be important if you put humans on the moon and you're going to sustain them there. Those life support systems are gonna be using, you know, state of the art computer technology, and which means, is also vulnerable. And so eso the consequences of us not being prepared? Uh, not just from our national security standpoint, but from our space exploration and our commercial, uh, economic growth in space over the long term all gonna be hinged on this cyber security environment. >>Clint, your thoughts on this too ill to get. >>Yeah. So I certainly agree with Bucky. But you said something a moment ago that Bucky was talking about as well. But that's the idea that you know in space, you can't just reach out and touch the satellite and do maintenance on the satellite the way you can't a car or a tank or a plane or a ship or something like that. And that is true. However, right, comma, I want to point out. You know, the satellite servicing industry is starting to develop where they're looking at robotic techniques in Cape abilities to go up in services satellite on orbit. And that's very promising off course. You got to think through the security policy that goes with that, of course. But the other thing that's really exciting is with artificial intelligence and machine learning and edge computing and database analytics and all those things that right on the cloud. You may not even need to send a robotic vehicle to a satellite, right? If you can upload and download software defined, fill in the blank right, maybe even fundamentally changing the mission package or the persona, if you will, of the satellite or the spacecraft. And that's really exciting to, ah, lot >>of >>security policy that you've gotta work through. But again, the cloud just opens up so many opportunities to continue to push the boundaries. You know, on the AWS team, the aerospace and satellite team, which is, you know, the new team that I'm leading. Now our motto is to the stars through the cloud. And there are just so many exciting opportunities right for for all those capabilities that I just mentioned to the stars through the cloud >>President, your thoughts on this? >>Yes, eso won >>a >>little bit of time talking about some of the business model implications and some of the challenges that exists there. Um, in my experience, we're still working through a bit of a language barrier of how we define risk management for our space systems. Traditionally traditionally risk management models is it is very clear what poses a risk to a flight mission. Our space mission, our space system. Um, and we're still finding ways to communicate cyber risk in the same terms that are system engineers are space engineers have traditionally understood. Um, this is a bit of a qualitative versus quantitative, a language barrier. But however adopting a risk management model that includes cybersecurity, a za way to express wish risk to miss the success, I think I think it would be a very good thing is something that that we have been focused on the J. P o as we Aziz, we look at the 34 years beyond. How do >>we >>risk that gap and not only skills but communication of cyber risk and the way that our space engineers and our project engineers and a space system managers understand >>Clinton, like Thio talk about space Force because this is the most popular new thing. It's only a couple of nine months in roughly not even a year, uh, already changing involving based on some of the reporting we've done even here at this symposium and on the Internet. Um, you know, when I was growing up, you know, I wasn't there when JFK said, you know, we're gonna get to the moon. I was born in the sixties, so, you know, when I was graduating my degree, you know, Draper Labs, Lincoln Lab, JPL, their pipeline and people wasn't like a surge of job openings. Um, so this kind of this new space new space race, you know, Kennedy also said that Torch has been passed to a new generation of Americans. So in a way that's happening right now with space force. A new generation is here is a digital generation. It's multi disciplinary generation. Could you take a minute and share, uh, for for our audience? And here at this symposium, um, the mission of Space Force and where you see it going because this truly is different. And I think anyone who's young e I mean, you know, if this was happening when I was in college would be like dropping everything. I'm in there, I think, cause there's so many areas thio jump into, um, it's >>intellectually challenging. >>It's intoxicating in some level. So can you share your thoughts? >>Yeah. Happy to do that. Of course. I I need to remind everybody that as a week ago I'm formally retired. So I'm not an official spokesman for US forces. But with that, you know, it said I did spend the last 18 months planning for it, designing and standing it up. And I'll tell you what's really exciting is you know, the commander of, uh, US Base Force General J. Raymond, who's the right leader at the right time. No question in my >>mind. But >>he said, I want to stand up the Space Force as the first fully digital service in the United States. Right? So he is trying >>to bake >>cloud baked cybersecurity, baked digital transformational processes and everything we did. And that was a guidance he gave us every day, every day. When we rolled in. He said, Remember, guys, I don't wanna be the same. I don't wanna be stale. I want new thinking, new capabilities and I want it all to be digital on. That's one of the reasons When we brought the first wave of people into the space force, we brought in space operations, right. People like me that flew satellites and launch rockets, we brought in cyber space experts, and we brought in intelligence experts. Those were the first three waves of people because of that, you know, perfect synergy between space and cyber and intel all wrapped in >>it. >>And so that was really, really smart. The other thing I'll say just about, you know, Kennedy's work. We're going to get to the moon. So here we are. Now we're going back to the Moon Project Artemus that NASA is working next man first woman on the moon by 2024 is the plan and >>then >>with designs to put a permanent presence on the moon and then lean off to march. So there was a lot to get excited about. I will tell you, as we were taking applications and looking at rounding out filling out the village in the U. S. Space Force, we were overwhelmed with the number of people that wanted, and that was a really, really good things. So they're off to a good start, and they're just gonna accomplishment major things. I know for sure. >>Preston, your thoughts on this new generation people out there were like I could get into this. This is a path. What's your what's your opinion on this? And what's your >>E could, uh, you so bold as to say >>that >>I feel like I'm a part of that new generation eso I grew up very much into space. Uh, looking at, um, listen to my, uh, folks I looked up to like Carl Sagan. Like like Neil Tyson. DeGrasse on did really feeling affinity for what What this country has done is for is a space program are focused on space exploration on bond. Through that, I got into our security, as it means from the military. And I just because I feel so fortunate that I could merge both of those worlds because of because of the generational, um, tailoring that we do thio promote space exploration and also the advent of cybersecurity expertise that is needed in this country. I feel like that. We are We are seeing a conversions of this too. I see a lot of young people really getting into space exploration. I see a lot of young people as well. Um uh, gravitating toward cybersecurity as a as a course of study. And to see those two worlds colliding and converse is something that's very near and dear to me. And again, I I feel like I'm a byproduct of that conversion, which is which, Really, Bothwell for space security in the future, >>we'll your great leader and inspiration. Certainly. Senior person as well. Congratulations, Steve. You know, young people motivational. I mean, get going. Get off the sidelines. Jump in Water is fine, Right? Come on in. What's your view on motivating the young workforce out there and anyone thinking about applying their skills on bringing something to the table? >>Well, look at the options today. You have civil space President represents you have military space. Uh, you have commercial space on and even, you know, in academia, the research, the potential as a as an aspiring cyber professional. All of you should be thinking about when we when we When? When we first invented the orbit, which eventually became the Internet, Uh, on Lee, we were, uh if all we had the insight to think Well, geez, you know whether the security implications 2030 years from now of this thing scaling on growing and I think was really good about today's era. Especially as Clint said, because we were building this space infrastructure with a cyber professionals at ground zero on dso the So the opportunity there is to look out into the future and say we're not just trying to secure independent her systems today and assure the free for all of of information for commerce. You know, the GPS signal, Uh, is Justus much in need of protection as anything else tied to our economy, But the would have fantastic mission. And you could do that. Uh, here on the ground. You could do it, uh, at a great companies like Amazon Web services. But you can also one of these states. Perhaps we go and be part of that contingency that goes and does the, uh, the se's oh job that that president has on the moon or on Mars and, uh, space will space will get boring within a generation or two because they'll just be seen as one continuum of everything we have here on Earth. And, uh, and that would be after our time. But in the meantime, is a very exciting place to be. And I know if I was in in my twenties, I wanna be, uh, jumping in with both feet into it. >>Yeah, great stuff. I mean, I think space is gonna be around for a long long time. It's super exciting and cybersecurity making it secure. And there's so many areas defeating on. Gentlemen, thank you very much for your awesome insight. Great panel. Um, great inspiration. Every one of you guys. Thank you very much for for sharing for the space and cybersecurity symposium. Appreciate it. Thank you very much. >>Thanks, John. Thank you. Thank you. Okay, >>I'm >>John for your host for the Space and Cybersecurity Symposium. Thanks for watching.

>>From around the globe. It's the queue cover >>Space and cyber security >>Symposium 2020 hosted by Cal poly. >>Hello and welcome to the space and cybersecurity symposium 2020 hosted by Cal poly and the cube I'm chilling for a, your host. We have a great session here. Space, cyber security, the department of defense perspective. We have bond Google hall, director of C four ISR directorate office of the undersecretary of defense for acquisition and sustainment for the DOD and Chris Henson, technical director space and weapons, cybersecurity solutions for the national security agency. Gentlemen, thank you for taking the time for this awesome session. Thank you, John. Thank you. So we're gonna talk about the perspective of the DOD relative to space cybersecurity, a lot, going on congestion, contention, freedom, evolution innovation. So Paul, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective, Don, thanks for the intro. Really appreciate it. First, let me give my thanks to Cal poly for a convening, the space and cybersecurity symposium this year, you know, and despite the pandemic, the organization and the content delivery spreading impressive, I really foot stomping. >>What can possibly be done with a number of these virtual platforms? This has been awesome. Thanks for the opportunity. I also want to recognize my colleague, Chris Nissen from NSA was actually assigned to our staff that LSD, but he brings both policy and technical perspective in this whole area. So I think you'll, you'll find his commentary, uh, and positions on things very refreshing or for today's seminar. Now space cyber security is a pretty interesting terminology for us all. Uh, cyber security means protecting against cyber threats and it's really more than just computers here on earth, right? Uh, space is the newest war fighting domain, and cybersecurity's perhaps even more of a challenge in this domain that and others. Uh, I'm sure it'll turn journal Thompson and major journals Shaw discuss the criticality of this new dorm space force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. >>Let me start by talking about what space means to DOD and what we're doing directly from my vantage point as part of the acquisition and sustainment arm of the Pentagon. Uh, what I want to share with you today is how the current space strategy ties into the national defense strategy and supports the department's operational objectives. As the director of CFRI SAR. I have come to understand how the integration of CFRI Sarcic. Billy is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the sec, the undersecretary for acquisition and sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts domain are to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project low Valley and custom contested environments and across all domains through an operationally integrated and resiliency for ISR infrastructure. >>We are also called debating our alliances, deepening interoperability, which is very important in a future fight and collab, collaboratively planning with those partner with us in the fight most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest war fighting domain. And while it is indeed unique, it shares many common traits with the others land, air and sea all are important to the defense of the U S in conflict. No doubt about this. They will be contested and they must be defended. One domain will not win future conflicts in a joint operation in a future fight in the future conflict. They must all succeed. I see three areas being key to a DOD strategic success in space, one, developing our whole of government approach in close partnership with the private sector and our allies to prioritizing our investments in resiliency, innovation, and adaptive operations, and third responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance your strengths, partnerships and alliances. >>Let me emphasize that space is increasingly congested and tested and demanded as essential delete Valley operational effectiveness and the security of our nation. Now the commercialization of space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, where the department and the nation. It's funny, there's a new race, a race for space. If you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force, coordinated across all domains. We call it the joint, all domain command and control. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of Jesse too is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them operationally. >>six to maintain seamless integration, adaptation, and employment of our capability. To sense signal connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance bowel space, awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings, the systems and capabilities will provide our war fighters overwhelming superiority on the battlefield environment, challenged by near peer adversaries, as well as non state actors in space. The character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more, uh, we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensor diversity, and many more. Uh, as I said before, the commercial world is pioneering high rate production of small satellites in our efforts to deploy hundreds, if not thousands of nodes space X, Darlene constellation is one example. >>Another one is Amazon's Kiper, uh, Kuyper just received FCC approval to deploy like over 3000 of these different notes. While a number of these companies continue to grow. Some have struggled. They some pointed as one web, uh, nevertheless, the appetite remains strong and DOD is taking advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small, small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding a small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is they enable a standard of practice that can be applied across all of the domains. >>This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris we'll, we'll talk more about that being the Houston expert, uh, in this area. Uh, one challenge that we can definitely start working on today is workforce development. Cybersecurity's unique as it straddles STEM and security and policy, the trade craft is different. And unfortunately I've seen estimates recently, so suggesting a workforce gap in the next several years, much like the STEM fields, uh, during the next session, I am a part of a panel with precedent, Armstrong, Cal poly, and Steve Jake's the founder of the national security space association to address workforce development. But for this panel, I'll look forward to having further dialogue surrounding space, opera security with Chris and John. Thank you, John >>Bob, thank you for that whole thing, Steven. Yes. Workforce gaps. We need the new skill space is here. Thank you very much. Chris Henson, technical director of space and weapons, cybersecurity solutions for the national security agency. Your statement, >>Thank you for having me. Uh, I'm one of several technical leaders in space at the national security agency. And I'm currently on a joint duty assignment at the office of under secretary of defense for acquisition and sustainment. I work under mr. GUMA hot in the C four ISR area, but almost 63 years ago on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet union in space. History was made in each of you can continue to write future space history in your careers. And just like in 1957, the U S isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese space agency, the European space agency, and, uh, the Canadian space agency, just to name a few. And when we tackle cybersecurity per space, we have to address, address the idea that the communications command and control, uh, and those mission datas will transverse networks owned and operated by a variety of partners, not only.go.mil.com.edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk excepted by one is shared by all and sharing cyber best practices, lessons learned, uh, data vulnerabilities, threat data, mitigation, mitigation procedures, all our valuable takeaways, uh, in expanding this space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions. Thank you. >>Thank you, Chris. Thank you, Bob. Okay. I mean open innovation, the internet, you see plenty of examples. The theme here is partners, commercial government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bonnie, we'll start with you is what do you see as the DOD his role in addressing cybersecurity in space? Uh, it's real, uh, it's a new frontier. Um, it's not going away. It's only going to get more innovative, more open, more contested. It seems like a lot to do there. So what's your role in addressing cyber security in space? >>I think our role is to be the leader in developing and only is it the strategy, but the, uh, the implementation plan is to ensure a full of cybersecurity. If you look at the national cyber cyber strategy, I think publishing 2018 calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, uh, digital safety policy advocacy, and research you here today, and those listening are fulfilling their strategy. When you, when you develop, enable use cyber hygiene products, as examples of capabilities, you're pushing the goal to fruition. When you know, what's on your network patron network backup, you're in encrypt your network, you're hardening and preventing cyber attacks. And we in government academia in the case of Cal poly civil networks and in commercial companies, we all benefit from doing that cyber security. Uh, and I think Chris will, we'll, we'll definitely back me up on this more than passwords encryption or pharma. It's truly a mindset and a culture of enabling missions to succeed in assured in a resilient fashion. >>Chris, you're taking reaction to, to the cybersecurity challenge involved here, >>That's it, it's starting really at the highest level of governments. We have, uh, you know, the, the recent security policy directive five that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as mr said, is the leadership role and that leadership, uh, blends out very well into partnership. So partnership with industry partnership with academia partnership, with, uh, other people that are exploring space. And those partnerships lend itself very naturally to sharing cybersecurity issues, topics as we come up with best practices as we come up with mitigation strategies. And as we come up with vulnerabilities and share that information, the, uh, we're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas, uh, that the DOD has to be, uh, involved in many spectrums of deploying to space. >>And that deployment involves as Mr. Guzman said, encryption authentication, knowing what's on the network, knowing the, the fabric of that network. And if nothing else, this, uh, this, uh, internet of things and work from home environment that we've, uh, partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different, uh, locations, well space will be that natural node that, uh, natural, uh, next network and mesh involvement that we'll have to protect and explore on not just from a terrestrial involvement, but all segments of it. Th the comm segment, the space vehicle and the ground portion, >>No bond. We talked about this in our other segment, um, around with the president of Cal poly, but the operating models of the space force and the DOD and getting space. It's a software defined world, right? So cybersecurity is a real big issue. Cause you have an operating model that's requiring software to power, these low hanging satellites. That's just an extension to the network. It's distributed computing, know what this is. If you understand what technology we do in space, it's no different, it's just a different environment. So it's software defined that just lends itself well to hacking. I mean, if I'm a hacker I'm going, Hey, why not just take out a satellite and crash it down or make the GPS do something different? I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server. You gotta really protect, >>Right? Because in one hand it space will carry not only, uh, uh, you know, for local national security information. Uh, but the, uh, I feel like at the economic wellbeing, the financial state of allowed a lot of countries and institutions, you know, more and more John lb, they'll be using space assets to, uh, uh, to make, uh, make, make all that happen. Right. So, and if you look at the, you talk, you mentioned the attack vectors in space, you know, it's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, you know, that the, the, the tasking that you need to do that the command, the controlling of the vehicle, the data that comes down in the ground, even when you launch the, the birds, the satellites, you know, they only need to be protected because they're all somewhat vulnerable to, uh, to hacking, uh, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, uh, uh, you know, the, the potential of, of, of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >>Gentlemen, I like you guys said to move on to this leadership role, you mentioned that you want to be a leader. I get it. The DOD is department of defense. That's a new frontier to defend war time zone. You mentioned war time opportunity potentially, but how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, um, there's security challenge. What does being a leader mean? And how does the DOD department of defense assist driving the public and private? Do you lead from a project standpoint, you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end to end architecture. It's not just cloud it's on premise. It's in devices, it's offloaded with new AI technology and Nicks and devices. It's IOT, it's all, this is all new, this is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >>Yeah, I think, uh, the one hand, you know, DOD used to lead, uh, in terms of, uh, uh, being the only source of funding for a lot of, uh, highly developmental efforts. Uh, we're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways >>Ally's commercial companies are actually legally leading the R and D uh, of a lot of different technologies. So we want to take, we certainly want to take advantage of that. So from a leadership standpoint, I think we, we, Lucia can come in, you know, by partnering a lot more with, with the commercial companies, uh, in 2022, the DOD released the defense, uh, uh, space strategy as an example that highlights the threats, the challenges and opportunities the United States has faced by, by sending a example of how we, how we, uh, how we counter, uh, the threats that are out there, not just the DOD, but, but the disability and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire state space, uh, lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations. Like I mentioned before, shaping that strategic environment and cooperating with allies, partners, and industry and other U S governmental agencies, departments, and agencies to advance the cost of space to take full advantage of what space can provide us, uh, in DOD, uh, and the nation. Chris has a domain. Now, what's your take on all that? >>That's because again, it's going to take more people, >>More diverse, potentially more security >>Halls. What's your view on it? >>Well, let's, let's look at how innovation and new technologies can help us in these areas. So, uh, and, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the, uh, the architecture, uh, where we look at a zero trust architecture, one of the NIST standards that's come about where it talks about the authentication, uh, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication Prudential, or, uh, other aspects of, uh, the, the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is, is one approach where we can show some leadership and guidance. >>Another area is in, uh, a topic that you touched on as well was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And, uh, you know, this vast array of code that's going into system nowadays, and then that frees up our human, uh, explicit talent and developers that can then look at other areas and not focus on minor bawling to Beverly fix a vulnerability. Uh, they, they can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those, those unknown, hidden lines of code that, uh, get put into a software alarm Prairie, and then pull down over and over again from system to system. So I think between, uh, an architecture leadership role and employee innovation are two areas that we can show, uh, some benefits and process improvement to this whole system. >>That's a great point, Chris, and you think about just the architectural computer architecture, you know, S you know, network attached storage is an advantage software defined there. You could have flash all flash arrays for storage. You could have multiple cores on a device and this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed all the processors all built in. Um, so there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just, just efficiencies. Um, but this brings up the whole supply chain conversation. I want to get your thoughts on this, because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts. >>Yeah. It's a serious threat and not just for, uh, the U S uh, space. So supply chain, if you will, is the supply chain. And I says, you know, writ large, I think, uh, I think it's a, it's a, it's a threat that's, that's real, we're we're seeing today. I just saw an example recently, uh, involving, uh, our, I think our launch services were, there was a, uh, a foreign, uh, threat that was those trying to get into a true through with predatory investments. Uh, so, uh, it is something that we need to, uh, be aware of it it's happening, uh, and is continuing to happen. Uh, it's an easy way to gain access, to, uh, do our IP. Uh, and, uh, so it's something that we, uh, are serious about in terms of, uh, awareness and, and countering >>Chris, your thoughts. I mean, we've see, I mean, I'm an open source guy. I was seen it when I grew up in the industry in the eighties, open source became a revolution, but with that, it enabled new tactics for, um, state sponsored attacks on it that became a domain in of itself. Um, that's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring supply chain nightmare. How do you track it all? Who's got what software and what device, where the chip come from, who made it, this is the potential is everywhere. How do you see the, these tactics, whether it's a VC firm from another country or this, that, and the other thing startup. >>Yeah. So when we see, when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip, then that microchip could be used in a cell phone or a satellite or an automobile. So all of our industries that have these companies that are being purchased, or a large born investment influx into those, you know, that could be suspect. And we, we have to be very careful with those, uh, and, and do the tracking of those, especially when those, uh, some of those parts of mechanisms are coming from off shore. And then going again, going back to, uh, the space policy directive five, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the, the quantitative of ability of knowing where those software libraries came from, where the parts came from and the tracking and delivery of that from an end to end system. >>And typically when we have a really large vendor, they can, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that. Try tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that, uh, before we employ them, we have to do some robust testing. And I don't want to say that the last line of defense, but that certainly is a mechanism for finding out, do the systems perform as they stated, uh, on a test bench or a flat set, whatever the case may be before we actually deploy it. And then we're relying on the output or the data that comes from that, that system that may have some corrupt or suspect parts in it. >>Great point, this federal grant, >>The problem with space systems is kind of, you know, is once you, once you launch the bird or the sunlight, uh, your access to it is, is diminished significantly, right? Unless you, you go up there and take it down. Uh, so, you know, kind of to Chris's point, we need to be able to test all the different parts of insurer that is performing as, as described there ass, I spent as specified, uh, with, with good knowledge that it's, uh, it's, uh, it's trustworthy. Uh, and, uh, so we that all on the ground before we, we take it up to launch it. >>It's funny. You want agility, you want speed and you want security, and you want reliability and risk management all aggressive, and it's a technical problem. It says it's a business model problem. I'd love to get real quick. Before we jump into some of the more workforce and gap issues on the personnel side, have you guys should just take a minute to explain quickly what's the federal view. If you had to kind of summarize the federal view of the DOD and the roll with it wants to take, so all the people out there on the commercial side or students out there who are, you know, wanting to jump in, what is the current modern federal view of space cybersecurity. >>Chris, why don't you take that on I'll follow up. Okay. Uh, I don't know that I can give you the federal view, but I can certainly give you the department of defense. That cybersecurity is extremely important. And as our vendors and our suppliers, uh, take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we, where we look at the vendors and how they implement an employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security that when we want to write a contract or a vendor, uh, for, for a purchase, that's going to go into a space system. We'd like to know from a third party audit capability, can that vendor, uh, protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up before it even gets put into a larger system. >>So that shows a level of the CMMC process that we've thought about and, uh, started to employ, uh, beginning in 2021 and will be further built on in, in the out years. How, how important the DOD takes that. And other parts of the government are looking at this, in fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, uh, not just in the department of defense that they're going to adopt an approach like this. Uh, so it shows the, the pluses and the benefits of a cybersecurity model that, uh, all can build on boggy reaction. Yeah, I'll just, uh, I'll just add to that, John, you, you, you, you asked earlier about, you know, how do we, uh, track, uh, commercial entities or, or people in the space and cyber security domains? Uh, I can tell you that, uh, at least my view of it, you know, space and cyber security are new, it's exciting, it's challenging a lot technical challenges there. So I think in >>Terms of attracting the right people, personnel to work those areas, uh, I think it's, it's not only intellectually challenging, uh, but it's important for, for the dependency that NASA States, uh, and it's important for, for, for economic security, uh, writ large for, for us as well. So I think, uh, in terms of a workforce and trying to get people interested in, in those domains, uh, I hope that they see the same thing we do in terms of, of the challenges and the opportunities it presents itself in the future. >>Awesome. I love your talk on intro track there falling. You mentioned, uh, the three key areas of DOD sec success, developing a government whole government approach to partnership with the private sector. I think that's critical and the allies prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology. So you can be fast, all think are all things. I all, all those things are relevant. So given that, I want to get your thoughts on the defense space strategy in 2020, the DOD released dispense defense space, strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are the, what are those things that you're watching in the defense space area? Right. >>Well, I think, I think I saw, as I said before, of course, as well, you know, uh, or, or seeing that a space will be highly contested, uh, because it's a critical element in our, in our war fighting construct, uh, Dwayne, a future conflict, I think we need to, to win space as well. So when you, when you look at our near peer adversaries, there's a lot of efforts, uh, in trying to, to, to take that advantage away from the United States. So, so the threat is real, uh, and I think it's going to continue to evolve and grow. Uh, and the more we use space, both commercial and government, I think you're going to see a lot more when these threads some AFAs itself, uh, in, in forms of cyber, cyber attacks, or even kinetic attacks in some cases as needed. Uh, so yeah, so with the, the, the threat is need growing, uh, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, uh, like we do now in, in, in all the other domains, a way to defend it. And that's what we're working on with India, with the, how do we pilot with tech, our assets in space, and how do we make sure that the data information that traverses through space assets are trust 40, um, and, uh, and, and, and free of any, uh, uh, interference >>Chris, exciting time. I'm your, if you're in technology, um, this is crossing many lines here, tech society will war time, defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels, because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >>Yeah. And I, and I think that expansion is, is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we, we think of our, our cell phones and our handheld devices and tablets, and so on that have just continued to, uh, get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems. When we think of smallsats and cube sets and the technology that's, uh, can be repurposed into, uh, a small vehicle and the cost has come down so dramatically that, you know, we, we can afford to get a rapid experiments, rapid, um, exploitations and, and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, dev sec ops, and this notion of spins and cycles and refreshing and re uh, addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's, uh, relevant and new, and the, uh, the cybersecurity and the vulnerabilities of that have to be addressed because of, and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new, new experiments and demonstrations in space and get lessons learned from them over and over again. >>Well, that brings us to the next big topic I want to spend the remainder of our time on that is workforce this next generation. If I wasn't so old, I would quit my job and I would join medially. It's so much, it's a fun, it's exciting. And it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind, adding space to it. So this is, uh, the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, a young person to person re-skilling, this is a big deal. Bong, you have thoughts on this. It's not just STEM, it's everything. >>Yeah. It's everything, you know, uh, the opportunities would have in space it's significant and tremendous. And I think, uh, if I were young, again, as you pointed out, John, uh, you know, I'm, I'm, I'm lucky that I'm in this domain in this world and I started years ago. Uh, but it continues to be exciting, uh, lots of, lots of opportunities, you know, and when you, when you look at, uh, some of the commercial space, uh, systems that are being, being put up, uh, if you look at, I mentioned Starlink before, and, and, uh, Amazon's Kuyper constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally and that sort of thing. Uh, and they're not the only ones that are out there producing capability. Uh, we're seeing a lot more commercial imagery products being developed by bike, by companies, both within the U S and, and, uh, foreign foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities, there's technical challenges, uh, galore in terms of, you know, not only the overcoming the physics of space, but being able to operate, uh, flexibly, uh, in, uh, get the most you can out of the capabilities we have, uh, uh, operating up as high as being cool. I mean, everyone looks at launch. >>She gets millions of views on live streams, the on demand, reruns get millions and millions of views. Um, it's, there's a lot of things there. Um, so Chris, what specifically could you share are things that people would work on? Um, jobs skills, what are some, what's the aperture, what's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there, >>We'll talk to the aperture, but I want to give a shout out to our space force. And I mean, their, their job is to train and equip, uh, future space and, uh, that, that space talent. And I think that's going to be a huge plus up, uh, to have, uh, uh, a space force that's dedicated to training equipping, uh, the, an acquisition and a deployment model that, uh, will benefit not just the other services, but all of our national defense and our, uh, you know, our, our strategic way of, uh, how, how this company, country, employees space, uh, altogether. So having, having a space for us, I think, as a, is a huge, uh, a huge issue. And then to get to that aperture aspect of, of what you're, what you're asking and, you know, that addresses a larger workforce. Uh, we need so many different talents in, in this area. >>Uh, we can, we can have, we can employ a variety of people, uh, from technical writers to people who write, uh, write in developed software to those who, uh, are bending metal and actually, uh, working in a hardware environment. And, uh, those that do planning and launch operations and all of those spectrums and issues of jobs, or are directly related to a workforce that can contribute to, to space. And then once that data gets to the ground and employed out to a user, whether it's a data or we're looking at, uh, from a sensor recent, uh, recent events on, uh, shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open, uh, for a variety of backgrounds. And, and those that, uh, really just want to take an opportunity, take a, take a technical degree or a degree that, uh, can apply itself to a tough problem, uh, because they certainly exist in space. And we can, we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, a white hat approach to testing and vulnerability exploration, or somebody who knows how to actually, um, make, uh, operations, uh, safer, better, uh, through space situation awareness. So there's a, there's a huge swath of opportunity for us >>Bon talk about the, um, the cyber security enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, um, which is in and of itself, a huge range of jobs, codings supply chain. We just talked about a bunch of them. There's still more connected use cases that go beyond that, that, that are enabled by it. If you think about it, and this is what the students at Cal poly and every other college and university community college, you name it, or watching videos on YouTube, anyone with a brain can jump in. If they, if they see the future, it's an all net new space force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cybersecurity systems. Your thoughts. >>Absolutely. I, you know, I was, uh, had planned on attending the, uh, uh, the cyber challenge that's Cal poly had planned in June, of course, a pandemic, uh, uh, took care of that plan. But, but I was intrigued by, by the approach that the Cal poly was taking with, with, uh, middle school and high school kids of, of, of, of exposing him to a problem set here. You have a, a satellite that came down from space, uh, and, uh, part of the challenge was to do Porensic analysis on the debris, uh, the remaining pieces of the sound like to figure out what happened. Uh, it had a, uh, a cybersecurity connotation. It was hacked. It was attacked by, by cyber threat nation, took it down. And the beauty of having these kids kind of play with, with the remaining parts of the satellite figure out what happened. >>So I was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I, I look forward to future events like that to, to get our young people intrigued and interested in, uh, in this new field of space. Now, you know, Chris was talking earlier about opportunities, the opportunity that you talk about, you know, while I would like to have people come to the government, right. To help us out. It's not, it's not just focused on government, right? There's not lots of opportunities in commercial space. I, if you will, uh, for, for a lot of talent to, uh, uh, to have, uh, to participate in. So the challenge is a man's government and the commercial sector, John, >>I mean, you get the hardcore, you know, I want to work for the DOD. I want to work for NSA. I want to work for the government. You clearly got people who want to have that kind of mission, but for the folks out there, Chris and bong that are like, I'll do I qualify it? It's like the black box of the DOD. It's like a secret thing. You got any clearance, you've got to get all these certifications. And you've got to take all kinds of tests and background checks. And, um, is it like that? And will that continue? Cause some people might say, Hey, can I even get involved? What do I do? So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved that they might not know about >>PR for NSA, there's a variety of workforce, uh, initiatives that, uh, uh, for anybody from a high school work study can take advantage of to, uh, those that would like have to have internships. And those that are in a traditional academic environment, there's, uh, several NSA schools across the country that have a academic and cyber acts, uh, sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive, uh, nature that that can be worked in and in an academia environment. So, so those are two or three examples of how somebody can break into, uh, the, uh, an intelligence organization and the, and the other agencies have those, uh, opportunities as well across the intelligence community and the, the partnership between and collaborative collaboration between private industry and the agencies and the department of defense just continue to grow over and over again. And even myself being able to take care advantage of a joint duty assignment between my home organization and the Pentagon just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of, of that partnering that's going on today. >>So there's some innovation, bong, non traditional pathways to find talent. What are out there? What are new, what are these new nontraditional ways >>I was going to add to what Chris was, was mentioning John? Yeah. Even within view and under the purview of our chief information officer, back in 2013, the deputy surfed dirty defense signed the, uh, what we call the DOD cyberspace workforce strategy, uh, into effect. And that included a program called the cyber information technology exchange program. It's an exchange program in which a, uh, you know, private sector employee and worked for the DOD in cyber security positions, uh, span across multiple mission critical areas. So this is one opportunity to learn, uh, you know, in inside the DOD what's happening as a private sector person, if you will, uh, going back to what we talked about, you know, kinda, uh, opportunities, uh, within the government for, for somebody who might be interested, uh, you know, you don't have to be super smart, Bork and space. Uh, there's a lot of like, like Chris pointed out, there's a lot of different areas that we need to have people down within people to do, uh, to conduct the mission space. So you don't have to be mathematician mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for, for any types of, of talent, any type of academic disciplines that, that, that, that they're out there. >>And I think, you know, Chris is shout out to the space force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's gonna create, uh, some activation, uh, for a younger generation, certainly, and kind of new opportunities, new problems to solve new threats to take on and, and move it on. So really super conversation space in cybersecurity, the department of defense perspective, Von and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you bong. And then Chris summarize for the folks watching, whether it's a student at Cal poly or other university or someone in industry and government, what is the department of defense perspective for space cybersecurity? >>Chris, won't go and take that on. I started, thank you. Uh, cyber security applies to much more than just the launch and download of mission data or human led exploration and the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants, cybersecurity safeguards in any economic espionage or data exfiltration or denied access to that data I E ransomware or some other, uh, attack that can cripple any business or government endeavor. Uh, no matter how small or large, if it's left in our economic backbone, uh, clearly depends on space and GPS is more than just a direction finding our banking needs that a T and timing from P and T or whether it says systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not, uh, even fighting forest fires picked up by a remote sensor. >>All those space-based assets, uh, require protection from spoofing date, uh, data denial or total asset loss. An example would be if a satellite sensitive optics were intentionally pointed at the sun and damaged, or if a command, uh, to avoid collision with another space vehicle was delayed or disrupted or a ground termination command. As we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, uh, those losses are real and can be catastrophic. So the threat to space is pervasive real and genuine, and your active work across all those platforms is a necessary and appreciated. And your work in this area is critical, uh, going forward going forward. Uh, thank you for this opportunity to speak with you and, uh, talking on this important topic. >>Thank you, Chris Henson, goodbye. >>Closing remarks. Yeah. Likewise, John, uh, again, uh, as, as Chris said, thank you for, for the opportunity to discuss this very important, uh, around space, cyber security, as well as addressing, uh, at the end there, we were talking about workforce development and the need to have, uh, people, uh, in the mix for four features. We discussed with you. We need to start that recruiting early, uh, as we're doing to address, uh, the STEM gap today, we need to apply the same thing for cybersecurity. We, we absolutely need smart, innovative people to protect both Iraq. Anomic wellbeings a nation as well as our national defense. So this is the right conversation to have at this time, John and I, again, thank you and our Cal poly hose for, or, uh, having a symposium and, and having this opportunity to have this dialogue. Thank you, >>Gentlemen. Thank you for your time and great insights. We couldn't be there in person. We're here virtual for the space and cybersecurity symposium, 2020, the Cal poly I'm Jennifer with Silicon angle and the cube, your host. Thank you for watching.

>>from around the globe. It's the Cube covering >>space and cybersecurity. Symposium 2020 hosted by Cal Poly >>Over On Welcome to this Special virtual conference. The Space and Cybersecurity Symposium 2020 put on by Cal Poly with support from the Cube. I'm John for your host and master of ceremonies. Got a great topic today in this session. Really? The intersection of space and cybersecurity. This topic and this conversation is the cybersecurity workforce development through public and private partnerships. And we've got a great lineup. We have Jeff Armstrong's the president of California Polytechnic State University, also known as Cal Poly Jeffrey. Thanks for jumping on and Bang. Go ahead. The second director of C four s R Division. And he's joining us from the office of the Under Secretary of Defense for the acquisition Sustainment Department of Defense, D O D. And, of course, Steve Jake's executive director, founder, National Security Space Association and managing partner at Bello's. Gentlemen, thank you for joining me for this session. We got an hour conversation. Thanks for coming on. >>Thank you. >>So we got a virtual event here. We've got an hour, have a great conversation and love for you guys do? In opening statement on how you see the development through public and private partnerships around cybersecurity in space, Jeff will start with you. >>Well, thanks very much, John. It's great to be on with all of you. Uh, on behalf Cal Poly Welcome, everyone. Educating the workforce of tomorrow is our mission to Cal Poly. Whether that means traditional undergraduates, master students are increasingly mid career professionals looking toe up, skill or re skill. Our signature pedagogy is learn by doing, which means that our graduates arrive at employers ready Day one with practical skills and experience. We have long thought of ourselves is lucky to be on California's beautiful central Coast. But in recent years, as we have developed closer relationships with Vandenberg Air Force Base, hopefully the future permanent headquarters of the United States Space Command with Vandenberg and other regional partners, we have discovered that our location is even more advantages than we thought. We're just 50 miles away from Vandenberg, a little closer than u C. Santa Barbara, and the base represents the southern border of what we have come to think of as the central coast region. Cal Poly and Vandenberg Air force base have partner to support regional economic development to encourage the development of a commercial spaceport toe advocate for the space Command headquarters coming to Vandenberg and other ventures. These partnerships have been possible because because both parties stand to benefit Vandenberg by securing new streams of revenue, workforce and local supply chain and Cal Poly by helping to grow local jobs for graduates, internship opportunities for students, and research and entrepreneurship opportunities for faculty and staff. Crucially, what's good for Vandenberg Air Force Base and for Cal Poly is also good for the Central Coast and the US, creating new head of household jobs, infrastructure and opportunity. Our goal is that these new jobs bring more diversity and sustainability for the region. This regional economic development has taken on a life of its own, spawning a new nonprofit called Reach, which coordinates development efforts from Vandenberg Air Force Base in the South to camp to Camp Roberts in the North. Another factor that is facilitated our relationship with Vandenberg Air Force Base is that we have some of the same friends. For example, Northrop Grumman has has long been an important defense contractor, an important partner to Cal poly funding scholarships and facilities that have allowed us to stay current with technology in it to attract highly qualified students for whom Cal Poly's costs would otherwise be prohibitive. For almost 20 years north of grimness funded scholarships for Cal Poly students this year, their funding 64 scholarships, some directly in our College of Engineering and most through our Cal Poly Scholars program, Cal Poly Scholars, a support both incoming freshman is transfer students. These air especially important because it allows us to provide additional support and opportunities to a group of students who are mostly first generation, low income and underrepresented and who otherwise might not choose to attend Cal Poly. They also allow us to recruit from partner high schools with large populations of underrepresented minority students, including the Fortune High School in Elk Grove, which we developed a deep and lasting connection. We know that the best work is done by balanced teams that include multiple and diverse perspectives. These scholarships help us achieve that goal, and I'm sure you know Northrop Grumman was recently awarded a very large contract to modernized the U. S. I. C B M Armory with some of the work being done at Vandenberg Air Force Base, thus supporting the local economy and protecting protecting our efforts in space requires partnerships in the digital realm. How Polly is partnered with many private companies, such as AWS. Our partnerships with Amazon Web services has enabled us to train our students with next generation cloud engineering skills, in part through our jointly created digital transformation hub. Another partnership example is among Cal Poly's California Cybersecurity Institute, College of Engineering and the California National Guard. This partnership is focused on preparing a cyber ready workforce by providing faculty and students with a hands on research and learning environment, side by side with military, law enforcement professionals and cyber experts. We also have a long standing partnership with PG and E, most recently focused on workforce development and redevelopment. Many of our graduates do indeed go on to careers in aerospace and defense industry as a rough approximation. More than 4500 Cal Poly graduates list aerospace and defense as their employment sector on linked in, and it's not just our engineers and computer sciences. When I was speaking to our fellow Panelists not too long ago, >>are >>speaking to bang, we learned that Rachel sins, one of our liberal arts arts majors, is working in his office. So shout out to you, Rachel. And then finally, of course, some of our graduates sword extraordinary heights such as Commander Victor Glover, who will be heading to the International space station later this year as I close. All of which is to say that we're deeply committed the workforce, development and redevelopment that we understand the value of public private partnerships and that were eager to find new ways in which to benefit everyone from this further cooperation. So we're committed to the region, the state in the nation and our past efforts in space, cybersecurity and links to our partners at as I indicated, aerospace industry and governmental partners provides a unique position for us to move forward in the interface of space and cybersecurity. Thank you so much, John. >>President, I'm sure thank you very much for the comments and congratulations to Cal Poly for being on the forefront of innovation and really taking a unique progressive. You and wanna tip your hat to you guys over there. Thank you very much for those comments. Appreciate it. Bahng. Department of Defense. Exciting you gotta defend the nation spaces Global. Your opening statement. >>Yes, sir. Thanks, John. Appreciate that day. Thank you, everybody. I'm honored to be this panel along with President Armstrong, Cal Poly in my long longtime friend and colleague Steve Jakes of the National Security Space Association, to discuss a very important topic of cybersecurity workforce development, as President Armstrong alluded to, I'll tell you both of these organizations, Cal Poly and the N S. A have done and continue to do an exceptional job at finding talent, recruiting them in training current and future leaders and technical professionals that we vitally need for our nation's growing space programs. A swell Asare collective National security Earlier today, during Session three high, along with my colleague Chris Hansen discussed space, cyber Security and how the space domain is changing the landscape of future conflicts. I discussed the rapid emergence of commercial space with the proliferations of hundreds, if not thousands, of satellites providing a variety of services, including communications allowing for global Internet connectivity. S one example within the O. D. We continue to look at how we can leverage this opportunity. I'll tell you one of the enabling technologies eyes the use of small satellites, which are inherently cheaper and perhaps more flexible than the traditional bigger systems that we have historically used unemployed for the U. D. Certainly not lost on Me is the fact that Cal Poly Pioneer Cube SATs 2020 some years ago, and they set the standard for the use of these systems today. So they saw the valiant benefit gained way ahead of everybody else, it seems, and Cal Poly's focus on training and education is commendable. I especially impressed by the efforts of another of Steve's I colleague, current CEO Mr Bill Britain, with his high energy push to attract the next generation of innovators. Uh, earlier this year, I had planned on participating in this year's Cyber Innovation Challenge. In June works Cal Poly host California Mill and high school students and challenge them with situations to test their cyber knowledge. I tell you, I wish I had that kind of opportunity when I was a kid. Unfortunately, the pandemic change the plan. Why I truly look forward. Thio feature events such as these Thio participating. Now I want to recognize my good friend Steve Jakes, whom I've known for perhaps too long of a time here over two decades or so, who was in acknowledge space expert and personally, I truly applaud him for having the foresight of years back to form the National Security Space Association to help the entire space enterprise navigate through not only technology but Polly policy issues and challenges and paved the way for operational izing space. Space is our newest horrifying domain. That's not a secret anymore. Uh, and while it is a unique area, it shares a lot of common traits with the other domains such as land, air and sea, obviously all of strategically important to the defense of the United States. In conflict they will need to be. They will all be contested and therefore they all need to be defended. One domain alone will not win future conflicts in a joint operation. We must succeed. All to defending space is critical as critical is defending our other operational domains. Funny space is no longer the sanctuary available only to the government. Increasingly, as I discussed in the previous session, commercial space is taking the lead a lot of different areas, including R and D, A so called new space, so cyber security threat is even more demanding and even more challenging. Three US considers and federal access to and freedom to operate in space vital to advancing security, economic prosperity, prosperity and scientific knowledge of the country. That's making cyberspace an inseparable component. America's financial, social government and political life. We stood up US Space force ah, year ago or so as the newest military service is like the other services. Its mission is to organize, train and equip space forces in order to protect us and allied interest in space and to provide space capabilities to the joint force. Imagine combining that US space force with the U. S. Cyber Command to unify the direction of space and cyberspace operation strengthened U D capabilities and integrate and bolster d o d cyber experience. Now, of course, to enable all of this requires had trained and professional cadre of cyber security experts, combining a good mix of policy as well as high technical skill set much like we're seeing in stem, we need to attract more people to this growing field. Now the D. O. D. Is recognized the importance of the cybersecurity workforce, and we have implemented policies to encourage his growth Back in 2013 the deputy secretary of defense signed the D. O d cyberspace workforce strategy to create a comprehensive, well equipped cyber security team to respond to national security concerns. Now this strategy also created a program that encourages collaboration between the D. O. D and private sector employees. We call this the Cyber Information Technology Exchange program or site up. It's an exchange programs, which is very interesting, in which a private sector employees can naturally work for the D. O. D. In a cyber security position that spans across multiple mission critical areas are important to the d. O. D. A key responsibility of cybersecurity community is military leaders on the related threats and cyber security actions we need to have to defeat these threats. We talk about rapid that position, agile business processes and practices to speed up innovation. Likewise, cybersecurity must keep up with this challenge to cyber security. Needs to be right there with the challenges and changes, and this requires exceptional personnel. We need to attract talent investing the people now to grow a robust cybersecurity, workforce, streets, future. I look forward to the panel discussion, John. Thank you. >>Thank you so much bomb for those comments and you know, new challenges and new opportunities and new possibilities and free freedom Operating space. Critical. Thank you for those comments. Looking forward. Toa chatting further. Steve Jakes, executive director of N. S. S. A Europe opening statement. >>Thank you, John. And echoing bangs thanks to Cal Poly for pulling these this important event together and frankly, for allowing the National Security Space Association be a part of it. Likewise, we on behalf the association delighted and honored Thio be on this panel with President Armstrong along with my friend and colleague Bonneau Glue Mahad Something for you all to know about Bomb. He spent the 1st 20 years of his career in the Air Force doing space programs. He then went into industry for several years and then came back into government to serve. Very few people do that. So bang on behalf of the space community, we thank you for your long life long devotion to service to our nation. We really appreciate that and I also echo a bang shot out to that guy Bill Britain, who has been a long time co conspirator of ours for a long time and you're doing great work there in the cyber program at Cal Poly Bill, keep it up. But professor arms trying to keep a close eye on him. Uh, I would like to offer a little extra context to the great comments made by by President Armstrong and bahng. Uh, in our view, the timing of this conference really could not be any better. Um, we all recently reflected again on that tragic 9 11 surprise attack on our homeland. And it's an appropriate time, we think, to take pause while the percentage of you in the audience here weren't even born or babies then For the most of us, it still feels like yesterday. And moreover, a tragedy like 9 11 has taught us a lot to include to be more vigilant, always keep our collective eyes and ears open to include those quote eyes and ears from space, making sure nothing like this ever happens again. So this conference is a key aspect. Protecting our nation requires we work in a cybersecurity environment at all times. But, you know, the fascinating thing about space systems is we can't see him. No, sir, We see Space launches man there's nothing more invigorating than that. But after launch, they become invisible. So what are they really doing up there? What are they doing to enable our quality of life in the United States and in the world? Well, to illustrate, I'd like to paraphrase elements of an article in Forbes magazine by Bonds and my good friend Chuck Beans. Chuck. It's a space guy, actually had Bonds job a fuse in the Pentagon. He is now chairman and chief strategy officer at York Space Systems, and in his spare time he's chairman of the small satellites. Chuck speaks in words that everyone can understand. So I'd like to give you some of his words out of his article. Uh, they're afraid somewhat. So these are Chuck's words. Let's talk about average Joe and playing Jane. Before heading to the airport for a business trip to New York City, Joe checks the weather forecast informed by Noah's weather satellites to see what pack for the trip. He then calls an uber that space app. Everybody uses it matches riders with drivers via GPS to take into the airport, So Joe has lunch of the airport. Unbeknownst to him, his organic lunch is made with the help of precision farming made possible through optimized irrigation and fertilization, with remote spectral sensing coming from space and GPS on the plane, the pilot navigates around weather, aided by GPS and nose weather satellites. And Joe makes his meeting on time to join his New York colleagues in a video call with a key customer in Singapore made possible by telecommunication satellites. Around to his next meeting, Joe receives notice changing the location of the meeting to another to the other side of town. So he calmly tells Syria to adjust the destination, and his satellite guided Google maps redirects him to the new location. That evening, Joe watches the news broadcast via satellite. The report details a meeting among world leaders discussing the developing crisis in Syria. As it turns out, various forms of quote remotely sensed. Information collected from satellites indicate that yet another band, chemical weapon, may have been used on its own people. Before going to bed, Joe decides to call his parents and congratulate them for their wedding anniversary as they cruise across the Atlantic, made possible again by communications satellites and Joe's parents can enjoy the call without even wondering how it happened the next morning. Back home, Joe's wife, Jane, is involved in a car accident. Her vehicle skids off the road. She's knocked unconscious, but because of her satellite equipped on star system, the crash is detected immediately and first responders show up on the scene. In time, Joe receives the news books. An early trip home sends flowers to his wife as he orders another uber to the airport. Over that 24 hours, Joe and Jane used space system applications for nearly every part of their day. Imagine the consequences if at any point they were somehow denied these services, whether they be by natural causes or a foreign hostility. And each of these satellite applications used in this case were initially developed for military purposes and continue to be, but also have remarkable application on our way of life. Just many people just don't know that. So, ladies and gentlemen, now you know, thanks to chuck beans, well, the United States has a proud heritage being the world's leading space faring nation, dating back to the Eisenhower and Kennedy years. Today we have mature and robust systems operating from space, providing overhead reconnaissance to quote, wash and listen, provide missile warning, communications, positioning, navigation and timing from our GPS system. Much of what you heard in Lieutenant General J. T. Thompson earlier speech. These systems are not only integral to our national security, but also our also to our quality of life is Chuck told us. We simply no longer could live without these systems as a nation and for that matter, as a world. But over the years, adversary like adversaries like China, Russia and other countries have come to realize the value of space systems and are aggressively playing ketchup while also pursuing capabilities that will challenge our systems. As many of you know, in 2000 and seven, China demonstrated it's a set system by actually shooting down is one of its own satellites and has been aggressively developing counter space systems to disrupt hours. So in a heavily congested space environment, our systems are now being contested like never before and will continue to bay well as Bond mentioned, the United States has responded to these changing threats. In addition to adding ways to protect our system, the administration and in Congress recently created the United States Space Force and the operational you United States Space Command, the latter of which you heard President Armstrong and other Californians hope is going to be located. Vandenberg Air Force Base Combined with our intelligence community today, we have focused military and civilian leadership now in space. And that's a very, very good thing. Commence, really. On the industry side, we did create the National Security Space Association devoted solely to supporting the national security Space Enterprise. We're based here in the D C area, but we have arms and legs across the country, and we are loaded with extraordinary talent. In scores of Forman, former government executives, So S s a is joined at the hip with our government customers to serve and to support. We're busy with a multitude of activities underway ranging from a number of thought provoking policy. Papers are recurring space time Webcast supporting Congress's Space Power Caucus and other main serious efforts. Check us out at NSS. A space dot org's One of our strategic priorities in central to today's events is to actively promote and nurture the workforce development. Just like cow calling. We will work with our U. S. Government customers, industry leaders and academia to attract and recruit students to join the space world, whether in government or industry and two assistant mentoring and training as their careers. Progress on that point, we're delighted. Be delighted to be working with Cal Poly as we hopefully will undertake a new pilot program with him very soon. So students stay tuned something I can tell you Space is really cool. While our nation's satellite systems are technical and complex, our nation's government and industry work force is highly diverse, with a combination of engineers, physicists, method and mathematicians, but also with a large non technical expertise as well. Think about how government gets things thes systems designed, manufactured, launching into orbit and operating. They do this via contracts with our aerospace industry, requiring talents across the board from cost estimating cost analysis, budgeting, procurement, legal and many other support. Tasker Integral to the mission. Many thousands of people work in the space workforce tens of billions of dollars every year. This is really cool stuff, no matter what your education background, a great career to be part of. When summary as bang had mentioned Aziz, well, there is a great deal of exciting challenges ahead we will see a new renaissance in space in the years ahead, and in some cases it's already begun. Billionaires like Jeff Bezos, Elon Musk, Sir Richard Richard Branson are in the game, stimulating new ideas in business models, other private investors and start up companies. Space companies are now coming in from all angles. The exponential advancement of technology and microelectronics now allows the potential for a plethora of small SAT systems to possibly replace older satellites the size of a Greyhound bus. It's getting better by the day and central to this conference, cybersecurity is paramount to our nation's critical infrastructure in space. So once again, thanks very much, and I look forward to the further conversation. >>Steve, thank you very much. Space is cool. It's relevant. But it's important, as you pointed out, and you're awesome story about how it impacts our life every day. So I really appreciate that great story. I'm glad you took the time Thio share that you forgot the part about the drone coming over in the crime scene and, you know, mapping it out for you. But that would add that to the story later. Great stuff. My first question is let's get into the conversations because I think this is super important. President Armstrong like you to talk about some of the points that was teased out by Bang and Steve. One in particular is the comment around how military research was important in developing all these capabilities, which is impacting all of our lives. Through that story. It was the military research that has enabled a generation and generation of value for consumers. This is kind of this workforce conversation. There are opportunities now with with research and grants, and this is, ah, funding of innovation that it's highly accelerate. It's happening very quickly. Can you comment on how research and the partnerships to get that funding into the universities is critical? >>Yeah, I really appreciate that And appreciate the comments of my colleagues on it really boils down to me to partnerships, public private partnerships. You mentioned Northrop Grumman, but we have partnerships with Lockie Martin, Boeing, Raytheon Space six JPL, also member of organization called Business Higher Education Forum, which brings together university presidents and CEOs of companies. There's been focused on cybersecurity and data science, and I hope that we can spill into cybersecurity in space but those partnerships in the past have really brought a lot forward at Cal Poly Aziz mentioned we've been involved with Cube set. Uh, we've have some secure work and we want to plan to do more of that in the future. Uh, those partnerships are essential not only for getting the r and d done, but also the students, the faculty, whether masters or undergraduate, can be involved with that work. Uh, they get that real life experience, whether it's on campus or virtually now during Covic or at the location with the partner, whether it may be governmental or our industry. Uh, and then they're even better equipped, uh, to hit the ground running. And of course, we'd love to see even more of our students graduate with clearance so that they could do some of that a secure work as well. So these partnerships are absolutely critical, and it's also in the context of trying to bring the best and the brightest and all demographics of California and the US into this field, uh, to really be successful. So these partnerships are essential, and our goal is to grow them just like I know other colleagues and C. S u and the U C are planning to dio, >>you know, just as my age I've seen I grew up in the eighties, in college and during that systems generation and that the generation before me, they really kind of pioneered the space that spawned the computer revolution. I mean, you look at these key inflection points in our lives. They were really funded through these kinds of real deep research. Bond talk about that because, you know, we're living in an age of cloud. And Bezos was mentioned. Elon Musk. Sir Richard Branson. You got new ideas coming in from the outside. You have an accelerated clock now on terms of the innovation cycles, and so you got to react differently. You guys have programs to go outside >>of >>the Defense Department. How important is this? Because the workforce that air in schools and our folks re skilling are out there and you've been on both sides of the table. So share your thoughts. >>No, thanks, John. Thanks for the opportunity responded. And that's what you hit on the notes back in the eighties, R and D in space especially, was dominated by my government funding. Uh, contracts and so on. But things have changed. As Steve pointed out, A lot of these commercial entities funded by billionaires are coming out of the woodwork funding R and D. So they're taking the lead. So what we can do within the deal, the in government is truly take advantage of the work they've done on. Uh, since they're they're, you know, paving the way to new new approaches and new way of doing things. And I think we can We could certainly learn from that. And leverage off of that saves us money from an R and D standpoint while benefiting from from the product that they deliver, you know, within the O D Talking about workforce development Way have prioritized we have policies now to attract and retain talent. We need I I had the folks do some research and and looks like from a cybersecurity workforce standpoint. A recent study done, I think, last year in 2019 found that the cybersecurity workforce gap in the U. S. Is nearing half a million people, even though it is a growing industry. So the pipeline needs to be strengthened off getting people through, you know, starting young and through college, like assess a professor Armstrong indicated, because we're gonna need them to be in place. Uh, you know, in a period of about maybe a decade or so, Uh, on top of that, of course, is the continuing issue we have with the gap with with stamps students, we can't afford not to have expertise in place to support all the things we're doing within the with the not only deal with the but the commercial side as well. Thank you. >>How's the gap? Get? Get filled. I mean, this is the this is again. You got cybersecurity. I mean, with space. It's a whole another kind of surface area, if you will, in early surface area. But it is. It is an I o t. Device if you think about it. But it does have the same challenges. That's kind of current and and progressive with cybersecurity. Where's the gap Get filled, Steve Or President Armstrong? I mean, how do you solve the problem and address this gap in the workforce? What is some solutions and what approaches do we need to put in place? >>Steve, go ahead. I'll follow up. >>Okay. Thanks. I'll let you correct. May, uh, it's a really good question, and it's the way I would. The way I would approach it is to focus on it holistically and to acknowledge it up front. And it comes with our teaching, etcetera across the board and from from an industry perspective, I mean, we see it. We've gotta have secure systems with everything we do and promoting this and getting students at early ages and mentoring them and throwing internships at them. Eyes is so paramount to the whole the whole cycle, and and that's kind of and it really takes focused attention. And we continue to use the word focus from an NSS, a perspective. We know the challenges that are out there. There are such talented people in the workforce on the government side, but not nearly enough of them. And likewise on industry side. We could use Maura's well, but when you get down to it, you know we can connect dots. You know that the the aspect That's a Professor Armstrong talked about earlier toe where you continue to work partnerships as much as you possibly can. We hope to be a part of that. That network at that ecosystem the will of taking common objectives and working together to kind of make these things happen and to bring the power not just of one or two companies, but our our entire membership to help out >>President >>Trump. Yeah, I would. I would also add it again. It's back to partnerships that I talked about earlier. One of our partners is high schools and schools fortune Margaret Fortune, who worked in a couple of, uh, administrations in California across party lines and education. Their fifth graders all visit Cal Poly and visit our learned by doing lab and you, you've got to get students interested in stem at a early age. We also need the partnerships, the scholarships, the financial aid so the students can graduate with minimal to no debt to really hit the ground running. And that's exacerbated and really stress. Now, with this covert induced recession, California supports higher education at a higher rate than most states in the nation. But that is that has dropped this year or reasons. We all understand, uh, due to Kobe, and so our partnerships, our creativity on making sure that we help those that need the most help financially uh, that's really key, because the gaps air huge eyes. My colleagues indicated, you know, half of half a million jobs and you need to look at the the students that are in the pipeline. We've got to enhance that. Uh, it's the in the placement rates are amazing. Once the students get to a place like Cal Poly or some of our other amazing CSU and UC campuses, uh, placement rates are like 94%. >>Many of our >>engineers, they have jobs lined up a year before they graduate. So it's just gonna take key partnerships working together. Uh, and that continued partnership with government, local, of course, our state of CSU on partners like we have here today, both Stephen Bang So partnerships the thing >>e could add, you know, the collaboration with universities one that we, uh, put a lot of emphasis, and it may not be well known fact, but as an example of national security agencies, uh, National Centers of Academic Excellence in Cyber, the Fast works with over 270 colleges and universities across the United States to educate its 45 future cyber first responders as an example, so that Zatz vibrant and healthy and something that we ought Teoh Teik, banjo >>off. Well, I got the brain trust here on this topic. I want to get your thoughts on this one point. I'd like to define what is a public private partnership because the theme that's coming out of the symposium is the script has been flipped. It's a modern error. Things air accelerated get you got security. So you get all these things kind of happen is a modern approach and you're seeing a digital transformation play out all over the world in business. Andi in the public sector. So >>what is what >>is a modern public private partnership? What does it look like today? Because people are learning differently, Covert has pointed out, which was that we're seeing right now. How people the progressions of knowledge and learning truth. It's all changing. How do you guys view the modern version of public private partnership and some some examples and improve points? Can you can you guys share that? We'll start with the Professor Armstrong. >>Yeah. A zai indicated earlier. We've had on guy could give other examples, but Northup Grumman, uh, they helped us with cyber lab. Many years ago. That is maintained, uh, directly the software, the connection outside its its own unit so that students can learn the hack, they can learn to penetrate defenses, and I know that that has already had some considerations of space. But that's a benefit to both parties. So a good public private partnership has benefits to both entities. Uh, in the common factor for universities with a lot of these partnerships is the is the talent, the talent that is, that is needed, what we've been working on for years of the, you know, that undergraduate or master's or PhD programs. But now it's also spilling into Skilling and re Skilling. As you know, Jobs. Uh, you know, folks were in jobs today that didn't exist two years, three years, five years ago. But it also spills into other aspects that can expand even mawr. We're very fortunate. We have land, there's opportunities. We have one tech part project. We're expanding our tech park. I think we'll see opportunities for that, and it'll it'll be adjusted thio, due to the virtual world that we're all learning more and more about it, which we were in before Cove it. But I also think that that person to person is going to be important. Um, I wanna make sure that I'm driving across the bridge. Or or that that satellites being launched by the engineer that's had at least some in person training, uh, to do that and that experience, especially as a first time freshman coming on a campus, getting that experience expanding and as adult. And we're gonna need those public private partnerships in order to continue to fund those at a level that is at the excellence we need for these stem and engineering fields. >>It's interesting People in technology can work together in these partnerships in a new way. Bank Steve Reaction Thio the modern version of what a public, successful private partnership looks like. >>If I could jump in John, I think, you know, historically, Dodi's has have had, ah, high bar thio, uh, to overcome, if you will, in terms of getting rapid pulling in your company. This is the fault, if you will and not rely heavily in are the usual suspects of vendors and like and I think the deal is done a good job over the last couple of years off trying to reduce the burden on working with us. You know, the Air Force. I think they're pioneering this idea around pitch days where companies come in, do a two hour pitch and immediately notified of a wooden award without having to wait a long time. Thio get feedback on on the quality of the product and so on. So I think we're trying to do our best. Thio strengthen that partnership with companies outside the main group of people that we typically use. >>Steve, any reaction? Comment to add? >>Yeah, I would add a couple of these air. Very excellent thoughts. Uh, it zits about taking a little gamble by coming out of your comfort zone. You know, the world that Bond and Bond lives in and I used to live in in the past has been quite structured. It's really about we know what the threat is. We need to go fix it, will design it says we go make it happen, we'll fly it. Um, life is so much more complicated than that. And so it's it's really to me. I mean, you take you take an example of the pitch days of bond talks about I think I think taking a gamble by attempting to just do a lot of pilot programs, uh, work the trust factor between government folks and the industry folks in academia. Because we are all in this together in a lot of ways, for example. I mean, we just sent the paper to the White House of their requests about, you know, what would we do from a workforce development perspective? And we hope Thio embellish on this over time once the the initiative matures. But we have a piece of it, for example, is the thing we call clear for success getting back Thio Uh, President Armstrong's comments at the collegiate level. You know, high, high, high quality folks are in high demand. So why don't we put together a program they grabbed kids in their their underclass years identifies folks that are interested in doing something like this. Get them scholarships. Um, um, I have a job waiting for them that their contract ID for before they graduate, and when they graduate, they walk with S C I clearance. We believe that could be done so, and that's an example of ways in which the public private partnerships can happen to where you now have a talented kid ready to go on Day one. We think those kind of things can happen. It just gets back down to being focused on specific initiatives, give them giving them a chance and run as many pilot programs as you can like these days. >>That's a great point, E. President. >>I just want to jump in and echo both the bank and Steve's comments. But Steve, that you know your point of, you know, our graduates. We consider them ready Day one. Well, they need to be ready Day one and ready to go secure. We totally support that and and love to follow up offline with you on that. That's that's exciting, uh, and needed very much needed mawr of it. Some of it's happening, but way certainly have been thinking a lot about that and making some plans, >>and that's a great example of good Segway. My next question. This kind of reimagining sees work flows, eyes kind of breaking down the old the old way and bringing in kind of a new way accelerated all kind of new things. There are creative ways to address this workforce issue, and this is the next topic. How can we employ new creative solutions? Because, let's face it, you know, it's not the days of get your engineering degree and and go interview for a job and then get slotted in and get the intern. You know the programs you get you particularly through the system. This is this is multiple disciplines. Cybersecurity points at that. You could be smart and math and have, ah, degree in anthropology and even the best cyber talents on the planet. So this is a new new world. What are some creative approaches that >>you know, we're >>in the workforce >>is quite good, John. One of the things I think that za challenge to us is you know, we got somehow we got me working for with the government, sexy, right? The part of the challenge we have is attracting the right right level of skill sets and personnel. But, you know, we're competing oftentimes with the commercial side, the gaming industry as examples of a big deal. And those are the same talents. We need to support a lot of programs we have in the U. D. So somehow we have to do a better job to Steve's point off, making the work within the U. D within the government something that they would be interested early on. So I tracked him early. I kind of talked about Cal Poly's, uh, challenge program that they were gonna have in June inviting high school kid. We're excited about the whole idea of space and cyber security, and so on those air something. So I think we have to do it. Continue to do what were the course the next several years. >>Awesome. Any other creative approaches that you guys see working or might be on idea, or just a kind of stoked the ideation out their internship. So obviously internships are known, but like there's gotta be new ways. >>I think you can take what Steve was talking about earlier getting students in high school, uh, and aligning them sometimes. Uh, that intern first internship, not just between the freshman sophomore year, but before they inter cal poly per se. And they're they're involved s So I think that's, uh, absolutely key. Getting them involved many other ways. Um, we have an example of of up Skilling a redeveloped work redevelopment here in the Central Coast. PG and e Diablo nuclear plant as going to decommission in around 2020 24. And so we have a ongoing partnership toe work on reposition those employees for for the future. So that's, you know, engineering and beyond. Uh, but think about that just in the manner that you were talking about. So the up skilling and re Skilling uh, on I think that's where you know, we were talking about that Purdue University. Other California universities have been dealing with online programs before cove it and now with co vid uh, so many more faculty or were pushed into that area. There's going to be much more going and talk about workforce development and up Skilling and Re Skilling The amount of training and education of our faculty across the country, uh, in in virtual, uh, and delivery has been huge. So there's always a silver linings in the cloud. >>I want to get your guys thoughts on one final question as we in the in the segment. And we've seen on the commercial side with cloud computing on these highly accelerated environments where you know, SAS business model subscription. That's on the business side. But >>one of The >>things that's clear in this trend is technology, and people work together and technology augments the people components. So I'd love to get your thoughts as we look at the world now we're living in co vid um, Cal Poly. You guys have remote learning Right now. It's a infancy. It's a whole new disruption, if you will, but also an opportunity to enable new ways to collaborate, Right? So if you look at people and technology, can you guys share your view and vision on how communities can be developed? How these digital technologies and people can work together faster to get to the truth or make a discovery higher to build the workforce? These air opportunities? How do you guys view this new digital transformation? >>Well, I think there's there's a huge opportunities and just what we're doing with this symposium. We're filming this on one day, and it's going to stream live, and then the three of us, the four of us, can participate and chat with participants while it's going on. That's amazing. And I appreciate you, John, you bringing that to this this symposium, I think there's more and more that we can do from a Cal poly perspective with our pedagogy. So you know, linked to learn by doing in person will always be important to us. But we see virtual. We see partnerships like this can expand and enhance our ability and minimize the in person time, decrease the time to degree enhanced graduation rate, eliminate opportunity gaps or students that don't have the same advantages. S so I think the technological aspect of this is tremendous. Then on the up Skilling and Re Skilling, where employees air all over, they can be reached virtually then maybe they come to a location or really advanced technology allows them to get hands on virtually, or they come to that location and get it in a hybrid format. Eso I'm I'm very excited about the future and what we can do, and it's gonna be different with every university with every partnership. It's one. Size does not fit all. >>It's so many possibilities. Bond. I could almost imagine a social network that has a verified, you know, secure clearance. I can jump in, have a little cloak of secrecy and collaborate with the d o. D. Possibly in the future. But >>these are the >>kind of kind of crazy ideas that are needed. Are your thoughts on this whole digital transformation cross policy? >>I think technology is gonna be revolutionary here, John. You know, we're focusing lately on what we call digital engineering to quicken the pace off, delivering capability to warfighter. As an example, I think a I machine language all that's gonna have a major play and how we operate in the future. We're embracing five G technologies writing ability Thio zero latency or I o t More automation off the supply chain. That sort of thing, I think, uh, the future ahead of us is is very encouraging. Thing is gonna do a lot for for national defense on certainly the security of the country. >>Steve, your final thoughts. Space systems are systems, and they're connected to other systems that are connected to people. Your thoughts on this digital transformation opportunity >>Such a great question in such a fun, great challenge ahead of us. Um echoing are my colleague's sentiments. I would add to it. You know, a lot of this has I think we should do some focusing on campaigning so that people can feel comfortable to include the Congress to do things a little bit differently. Um, you know, we're not attuned to doing things fast. Uh, but the dramatic You know, the way technology is just going like crazy right now. I think it ties back Thio hoping Thio, convince some of our senior leaders on what I call both sides of the Potomac River that it's worth taking these gamble. We do need to take some of these things very way. And I'm very confident, confident and excited and comfortable. They're just gonna be a great time ahead and all for the better. >>You know, e talk about D. C. Because I'm not a lawyer, and I'm not a political person, but I always say less lawyers, more techies in Congress and Senate. So I was getting job when I say that. Sorry. Presidential. Go ahead. >>Yeah, I know. Just one other point. Uh, and and Steve's alluded to this in bonded as well. I mean, we've got to be less risk averse in these partnerships. That doesn't mean reckless, but we have to be less risk averse. And I would also I have a zoo. You talk about technology. I have to reflect on something that happened in, uh, you both talked a bit about Bill Britton and his impact on Cal Poly and what we're doing. But we were faced a few years ago of replacing a traditional data a data warehouse, data storage data center, and we partner with a W S. And thank goodness we had that in progress on it enhanced our bandwidth on our campus before Cove. It hit on with this partnership with the digital transformation hub. So there is a great example where, uh, we we had that going. That's not something we could have started. Oh, covitz hit. Let's flip that switch. And so we have to be proactive on. We also have thio not be risk averse and do some things differently. Eyes that that is really salvage the experience for for students. Right now, as things are flowing, well, we only have about 12% of our courses in person. Uh, those essential courses, uh, and just grateful for those partnerships that have talked about today. >>Yeah, and it's a shining example of how being agile, continuous operations, these air themes that expand into space and the next workforce needs to be built. Gentlemen, thank you. very much for sharing your insights. I know. Bang, You're gonna go into the defense side of space and your other sessions. Thank you, gentlemen, for your time for great session. Appreciate it. >>Thank you. Thank you. >>Thank you. >>Thank you. Thank you. Thank you all. >>I'm John Furry with the Cube here in Palo Alto, California Covering and hosting with Cal Poly The Space and Cybersecurity Symposium 2020. Thanks for watching.

>> Voiceover: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020 hosted by Cal Poly. >> Hello everyone? Welcome to the Space and Cybersecurity Symposium 2020 hosted by Cal Poly and theCUBE. I'm John Furrier, your host. We have a great session here. Space cybersecurity, the Department of Defense perspective. We have Bong Gumahad, Director of C4ISR, Directorate Office of the Under Secretary of Defense for Acquisition and Sustainment for the DOD. And Chris Henson, Technical Director Space and Weapons, Cybersecurity Solutions for the National Security Agency. Gentlemen, thank you for taking the time for this awesome session. >> Thank you, John. >> Thank you. >> So we're going to talk about the perspective of the DOD relative to space cybersecurity. A lot going on, congestion, contention, freedom, evolution, innovation. So Bong, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective. >> John, thanks for the intro, really appreciate it. First, let me give my thanks to Cal Poly for convening the Space and Cybersecurity Symposium this year. And despite the pandemic, the organization and the content delivery is pretty impressive. I really foot stomping what can possibly be done with a number of these virtual platforms. This has been awesome, thanks for the opportunity. I also want to recognize my colleague, Chris Henson from NSA, who is actually assigned to our staff at the OUSD, but he brings both policy and technical perspective in this whole area. So I think you'll find his commentary and positions on things very refreshing for today's seminar. Now space cybersecurity is a pretty interesting terminology for us all. Cybersecurity means protecting against cyber threats. And it's really more than just computers here on earth. Space is the newest war fighting domain and cybersecurity is perhaps even more of a challenge in this domain than others. I'm sure Lieutenant General Thompson and Major John Shaw discuss the criticality of this new Space Force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. Let me start by talking about what space means to DOD and what we're doing directly from my advantage point as part of the Acquisition and Sustainment arm of the Pentagon. Well, what I want to share with you today is how the current space strategy ties into the National Defense strategy and supports the department's operational objectives. As the director of C4ISR, I have come to understand how the integration of C4ISR capability is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the Under Secretary for Acquisition and Sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project lethality in contested environments and across all domains through an operationally integrated and resiliency 4ISR infrastructure. We are also cultivating our alliances, deepening interoperability, which is very important in a future fight and collaboratively planning with those who partner with us in the fight. Most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest fighting domain. And while it is indeed unique, it shares many common traits with the others, land, air and sea. All are important to the defense of the US. In conflict, no doubt about this, they will be contested and they must be defended. One domain will not win future conflicts and in a joint operation in a future fight and the future conflict they must all succeed. I see three areas being key toward DOD strategic success in space. One, developing our whole of government approach in close partnership with the private sector and our allies. Two, prioritizing our investments in resiliency, innovation and adaptive operations. And third, responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance US strengths, partnerships and alliances. Let me emphasize that space is increasingly congested and tested and demanded as essential to lethality operational effectiveness and the security of our nation. Now the commercialization space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, for the department and the nation. It's funny, there's a new race, a race for space, if you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force coordinated across all domains. We call it the Joint All Domain Command and Control, JADC2. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of JADC2 is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them. Operationally, JADC2 seeks to maintain seamless integration, adaptation, and employment of our capability to sense signal, connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance space awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings in these systems and capabilities will provide our war fighters overwhelming superiority on the battlefield in an environment challenged by near peer adversaries, as well as non state actors. In space, the character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensory diversity, and many more. As I said before, the commercial world is pioneering high rate production of small satellites in their efforts to deploy hundreds, if not thousands of nodes. SpaceX Starlink Constellation is one example. Another one is Amazon's Kuiper. Kuiper just received FCC approval to deploy like over 3000 of these different nodes. While a number of these companies continue to grow, some have struggled. Case in point is OneWeb. Nevertheless, the appetite remains strong and DOD is taken advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding our small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is to enable a standard of practice that can be applied across all of the domains. This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris will talk more about that, being that he's the expert in this area. One challenge that we can definitely start working on today is workforce development. Cybersecurity is unique as it straddles STEM and security and policy. The trade craft is different. And unfortunately I've seen estimates recently suggesting a workforce gap in the next several years, much like the STEM fields. During the next session, I am a part of a panel with president Armstrong at Cal Poly, and Steve Jacques, the founder of the National Security Space Association to address workforce development. But for this panel, I'll look forward to having this dialogue surrounding space cybersecurity with Chris and John. Thank you, John. >> Bong, thank you for that opening statement and yes, workforce gaps, we need the new skill space is here. Thank you very much. Chris Henson's Technical Director of Space and Weapons, Cybersecurity Solutions for the National Security Agency. Your opening statement. >> Thank you for having me. I'm one of several technical leaders in space at the National Security Agency. And I'm currently on a joint duty assignment at the office of Under Secretary of Defense for Acquisition and Sustainment. I work under Mr. Gumahad in the C4ISR area. But almost 63 years ago, on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet Union and space history was made. And each of you can continue to write future space history in your careers. And just like in 1957, the US isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese Space Agency, the European Space Agency and the Canadian Space Agency, just to name a few. And when we tackle cybersecurity per space, we have to address the idea that the communications command and control and those mission datas will transverse networks owned and operated by a variety of partners, not only .go, .mil, .com, .edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk accepted by one is shared by all. And sharing cyber best practices, lessons learned, data vulnerabilities, threat data mitigation procedures, all our valuable takeaways in expanding the space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions, thank you. >> Thank you, Chris, thank you, Bong. Okay, I mean, open innovation, the internet, you see plenty of examples. The theme here is partners, commercial, government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bong, we'll start with you is what do you see as the DOD's role in addressing cybersecurity in space? It's real, it's a new frontier. It's not going away, it's only going to get more innovative, more open, more contested. It seems like a lot to do there. What's your role in addressing cyber security in space? >> I think our role is to be the leader in developing not only is it the strategy, but the implementation plans to ensure a full of cybersecurity. If you look at the National Cyber Strategy, I think published in 2018, calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, digital safety policy, advocacy, and research. You here today, and those listening are fulfilling their strategy. When you develop, enable use cyber hygiene products as examples and capabilities, you're pushing the goal to provision. When you know what's on your network, patch network, backup and encrypt your network, you're hardening and preventing cyber attacks. And we in government academia, in the case of Cal Poly, civil networks and in commercial companies, we all benefit from doing that. Cyber security, and I think Chris will definitely back me up on this, more than passwords encryption or firewall. It's truly a mindset and a culture of enabling mission to succeed in assured and in a resilient fashion. >> Chris, you're take and reaction to the cybersecurity challenge involved here. >> It's starting really at the highest level of governments. We have, you know, the recent security policy Directive-5 that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as Mr. Gumahad said, is the leadership role. And that leadership blends out very well into partnership. So partnership with industry, partnership with academia, partnership with other people that are exploring space. And those partnerships blend itself very naturally to sharing cybersecurity issues, topics, as we come up with best practices, as we come up with mitigation strategies, and as we come up with vulnerabilities and share that information. We're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas. That the DOD has to be involved in many spectrums of deploying to space. And that deployment involves, as Mr. Gumahad said, encryption, authentication, knowing what's on the network, knowing the fabric of that network, and if nothing else, this internet of things and work from home environment that we've partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different locations. Well, space will be that natural node, that natural next network in measure involvement that we'll have to protect and explore on, not just from a terrestrial involvement, but all segments of it. The calm segment, the space vehicle, and the ground portion. >> You know, Bong, we talked about this in our other segment around with the president of Cal Poly, but the operating models of the Space Force and of the DOD and getting to space. But it's a software defined world, right? So cybersecurity is a real big issue 'cause you have an operating model that's requiring software to power these low hanging satellites. That's just an extension to the network. It's distributed computing, we know what this is. If you understand what technology we do in space, it's no different, it's just a different environment so it's software defined. That just lends itself well to hacking. I mean, if I'm a hacker I'm going, "Hey, why not just take out a satellite and crash it down "or make the GPS do something different?" I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server, you got to really protect. >> Right, because in one hand it space will carry not only focal national security information, but if you look at the economic wellbeing, the financial state of a lot of countries, institutions, you know, more and more John, they'll be using space assets to make all that happen. So, and if you look at the, you mentioned the attack vectors in space. It's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, the tasking that you need to do, the command and controlling of the vehicle, the data that comes down in the ground, even when you launch the birds, the satellites, you know, they all need to be protected because they're all somewhat vulnerable to hacking, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, the potential of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >> Gentlemen, like you guys said to move on to this leadership role, Bong, you mentioned it. You want to be a leader, I get it, the DOD is Department of Defense, it's a new frontier to defend war time zone, you mentioned war time opportunity potentially. But how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, there's security challenge. What does being a leader mean? And how does the DOD, Department of Defense assist driving the public and private? Do you lead from a project standpoint? Do you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end-to-end architecture. It's not just cloud it's on premise, it's in devices, it's offloaded with new AI technology and nix and devices. It's IOT, it's all this and all new. This is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >> Yeah, I think the one hand, you know, DOD used to lead in terms of being the only source of funding for a lot of highly developmental efforts. We're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways allies commercial companies are actually leading the R&D of a lot different technology. So we certainly want to take advantage of that. So from a leadership standpoint, I think leadership can come in, by partnering a lot more with the commercial companies. In 2020, the DOD released the Defense Space Strategy, as an example, that highlights the threats, the challenges and opportunities the United States has faced by setting example of how we counter the threats that are out there, not just the DOD, but the civilian and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire to state space. Our lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations, like I mentioned before. Shaping that strategic environment and cooperating with allies, partners in industry and other US governmental departments and agencies to advance the cost of space. To take full advantage of what space can provide us in DOD and the nation. >> Chris as a domain now, what's your take on all of this? Because again, it's going to take more people, more diverse, potentially more security hauls. What's your view on this? >> Well, let's look at how innovation and new technologies can help us in these areas. So, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the architecture. Where we look at a zero trust architecture, one of the NIST standards that's come about. Where it talks about the authentication, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication credential, or other aspects of the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is one approach where we can show some leadership and guidance. Another area is in a topic that you touched on as well, was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And you know, this vast array of software code that's going into system nowadays. And then that frees up our human exquisite talent and developers that can then look at other areas and not focus on minor vulnerability, fix a vulnerability. They can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those unknown hidden lines of code that get put into a software library and then pull down over and over again from system to system. So I think between an architecture leadership role and employee innovation are two areas that we can show some benefits and process improvement to this whole system. >> That's a great point, Chris, and you think about just the architectural computer architecture network attached storage is an advantage software defined there. You could have flash, all flash arrays for storage. You could have multiple cores on a device. And this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed, all the processors all built in. So there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just efficiencies. But this brings up the whole supply chain conversation. I want to get your thoughts on this because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts? >> Yeah, it's a serious threat and not just for the US space supply chain, if you will, is the supply chain you access with large, I think it's a threat that's this real we're seeing today. I just saw an example recently involving, I think our law and services, where there was a foreign threat that was trying to get into a troop through with predatory investments. So it is something that we need to be aware of, it's happening and will continue to happen. It's an easy way to gain access to do our IP. And so it's something that we are serious about in terms of awareness and countering. >> Chris, your thoughts? I mean, I'm an open source guy. We've seen it when I grew up in the industry in the '80s open source became a revolution. But with that, it enabled new tactics for state sponsored attacks and that became a domain in of itself. That's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring a supply chain nightmare. How do you track it all? (chuckles) Who's got what software and what device... Where the chip from? Who made it? Just the potential is everywhere. How do you see these tactics? Whether it's a VC firm from another country or this, that, and the other thing, startup, big company-- >> Yeah, so when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip. Then that microchip could be used in a cell phone or a satellite or an automobile. So all of our are industries that have these companies that are being purchased or a large born investment influx into those, they can be suspect. And we have to be very careful with those and do the tracking of those, especially when those, some of those parts and mechanisms are coming from off shore. And again, going back to the Space Policy Directive-5, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the quantitative ability of knowing where those software libraries came from, where the parts came from, and the tracking and delivery of that from an end-to-end system. And typically when we have a really large vendor, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that before we employ them, we have to do some robust testing. And I don't want to say that's the last line of defense, but that certainly is a mechanism for finding out do the systems perform as they stated on a test bench or a flat set, whatever the case may be, before we actually deploy it. And then we're relying on the output or the data that comes from that system that may have some corrupt or suspect parts in it. >> Great point, this federal views-- >> The problem with space systems is kind of, you know, is once you launch the bird or the satellite, your access to it is diminished significantly, right? Unless you go up there and take it down. So, you know, kind of to Chris's point, we need to be able to test all the different parts to ensure that is performing as described there, as specified with good knowledge that it's trustworthy. And so we do that all on the ground before we take it up to launch it. >> It's funny, you want agility, you want speed, and you security, and you want reliability, and risk management. All aggressive, and it's a technical problem, it's a business model problem. Love to get real quick before we jump into some of the more workforce and gap issues on the personnel side, have you guys to just take a minute to explain quickly what's the federal view? If you had to kind of summarize the federal view of the DOD and the role with it wants to take, so all the people out there on the commercial side or students out there who are wanting to jump in, what is the current modern federal view of space cybersecurity? >> Chris, why don't you take that on and I'll follow up. >> Okay, I don't know that I can give you the federal view, but I can certainly give you the Department of Defense that cyber security is extremely important. And as our vendors and our suppliers take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we look at the vendors and how they implement and employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security. That when we want to write a contract or a vendor for a purchase that's going to go into a space system, we'd like to know from a third party audit capability, can that vendor protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up, before it even gets put into a larger system. So that shows a level of the CMMC process that we've thought about and started to employ beginning in 2021 and will be further built on in the out years. How important the DOD takes that. And other parts of the government are looking at this. In fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, not just in the Department of Defense, that they're going to adopt an approach like this. So it shows the pluses and the benefits of a cybersecurity model that all can build on. >> Bong, your reaction. >> Yeah, I'll just add to that. John, you asked earlier about, you know, how do we track commercial entities or people into the space and cyber security domains? I can tell you that at least my view of it, space and cybersecurity are new. It's exciting, it's challenging, a lot of technical challenges there. So I think in terms of attracting the right people and personnel to work those areas, I think it's not only intellectually challenging, but it's important for the defensing and near States. And it's important for economic security at large for us as well. So I think in terms of a workforce and trying to get people interested in those domains, I hope that they see the same thing we do in terms of the challenges and the opportunities it presents itself in the future. >> Awesome, I loved your talk on intro track there. Bong, you mentioned the three key areas of DOD success, developing a whole government approach to partnership with the private sector. I think that's critical, and the allies. Prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology seem to be fast. I think all those things are relevant. So given that, I want to get your thoughts on the Defense Space Strategy. In 2020, the DOD released dispense Defense Space Strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are those things that you're watching in the defense space area? >> Right, well, I think as I said before, Chris as well, you know, we're seeing that space will be highly contested because it's a critical element in our war fighting construct. To win our future conflict, I think we need to win space as well. So when you look at our near peer adversaries, there's a lot of efforts in China to take that advantage away from the United States. So the threat is real, and I think it's going to continue to evolve and grow. And the more we use space, for both commercial and government, I think you're going to see a lot more when these threats, some AFAs itself in forms of cyber attacks, or even kinetic attacks in some cases as needed. So, yeah, so the threat is indeed growing, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, like we do now in all the other domains, a way to defend it. And that's what we're working on within DOD. How do we protect our assets in space, and how do we make sure that the data information that traverses through space assets are trustworthy and free of any interference. >> Chris, exciting time, I'm mean, if you're in technology, this is crossing many lines here, tech, society, war time defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >> Yeah and I think that expansion is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we think of our cell phones and our handheld devices and tablets and so on that have just continued to get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems, when we think of smallsats and cube sets and the technology that's can be repurposed into a small vehicle, and the cost has come down so dramatically that, you know, we can afford to get rapid experiments, rapid exploitations and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, DevSecOps, and this notion of spins and cycles and refreshing and re-addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's relevant and new. And the cybersecurity and the vulnerabilities of that have to be addressed and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new experiments and demonstrations in space and get lessons learned from them over and over again. >> Well, that brings us to the next big topic. I want to spend the remainder of our time on, that is workforce, this next generation. If I wasn't so old, I would quit my job and I would join immediately. It's so much fun, it's exciting, and it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind adding space to it. So this is the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, young person to person re-skilling, this is a big deal. Bong, you have thoughts on this? It's not just STEM, it's everything. >> Yeah, it's everything, you know, the opportunities we have in space, it's significant and tremendous. And I think if I were young again, as you pointed out, John, you know, I'm lucky that I'm in this domain in this world and I started years ago, but it continues to be exciting, lots of opportunities, you know. When you look at some of the commercial space systems are being put up, if you look at, I mentioned Starlink before and Amazon's Kuiper Constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally, and that sort of thing. And they're not the only ones that are out there producing capability. We're seeing a lot more commercial imagery products being developed by companies, both within the US and foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities. There's technical challenges galore in terms of not only the overcoming the physics of space, but being able to operate flexibly and get the most you can out of the capabilities we have operating up in space. >> Besides being cool, I mean, everyone looks at launch of space gets millions of views on live streams, the On-Demand reruns get millions and millions of views. There's a lot of things there. So, Chris, what specifically could you share are things that people would work on? Jobs, skills, what's the aperture? What's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there? >> I'll talk to the aperture, but I want to give a shout out to our Space Force. And I mean, their job is to train and equip each air space and that space talent. And I think that's going to be a huge plus up to have a Space Force that's dedicated to training, equipping, an acquisition and a deployment model that will benefit not just the other services, but all of our national defense and our strategic way of how this company, country employees space altogether. So having a Space Force, I think, is a huge issue. And then to get to that aperture aspect of what you're asking and that addresses a larger workforce, we need so many different talents in this area. We can employ a variety of people from technical writers, to people who write and develop software to those who bending metal and actually working in a hardware environment. And those that do planning and launch operations and all of those spectrums and issues of jobs, are directly related to a workforce that can contribute to space. And then once that data gets to the ground and employed out to a user, whether it's a weather data, or we're looking at from a sensor, recent events on shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open for a variety of backgrounds. And those that really just want to take an opportunity, take a technical degree, or a degree that can apply itself to a tough problem, because they certainly exist in space. And we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, white hat approach to testing and vulnerability exploration. Or somebody who knows how to actually make operations safer, better through space situation awareness. So there's a huge swath of opportunity for us. >> Bong, talk about the cybersecurity enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, which is in and of itself, a huge range of jobs, codings, supply chain, we just talked about a bunch of them. There's still more connected use cases that go beyond that, that are enabled by it, if you think about it. And this is what the students at Cal Poly and every other college and university, community college, you name it, who are watching videos on YouTube. Anyone with a brain can jump in if they see the future. It's all net news. Space Force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cyber secure systems. Your thoughts? >> Absolutely, I was had planned on attending the Cyber Challenge that's Cal Poly had planned in June. Of course, the pandemic took care of that plan, but I was intrigued by the approach that the Cal Poly was taking with middle school and high school kids of exposing him to a problem set. Here, you have a satellite that came down from space and part of the challenge was to do forensic analysis on the debris, the remaining pieces of the satellite to figure out what happened. It had a cyber cybersecurity connotation. It was hacked, it was attacked by cyber threat nation, took it down. And the beauty of having these kids kind of play with the remaining parts of the satellite, figure out what happened. So it was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I look forward to future events like that, to get our young people intrigued and interested in this new field of space. Now, Chris was talking earlier about opportunities, there're opportunities that you talk about, while I would like to have people come to the government, to help us out, it's not just focused on government. There's lots of opportunities in commercial space, if you will, for a lot of talent to participate in. So the challenge is immense, both government and the commercial sector, John. >> I mean, you get the hardcore, you know, I want to work for the DOD, I want to work for NSA, I want to work for the government. You clearly got people who want to have that kind of mission. But for the folks out there, Chris and Bong that are like, "Do I qualify?" It's like the black box of the DOD, it's like a secret thing, you got to get clearance, you've got to get all these certifications. And you got to take all kinds of tests and background checks. Is it like that, and will that continue? 'Cause some people might say, "Hey, can I even get involved? "What do I do?" So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved in that they might not know about? >> For NSA, there's a variety of workforce initiatives that for anybody from a high school work study can take advantage of to those that would like have to have internships. And those that are in a traditional academic environment, there's several NSA schools across the country that have academic and cyber sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive nature that can be worked in and in an academia environment. So those are two or three examples of how somebody can break into an intelligence organization. And the other agencies have those opportunities as well across the intelligence community. And the partnership between and collaboration between private industry and the agencies and the Department of Defense just continue to grow over and over again. And even myself being able to take advantage of a joint duty assignment between my home organization and the Pentagon, just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of that partnering that's going on today. >> So there's some innovation. Bong, nontraditional pathways to find talent, what are out there, what are new? What are these new nontraditional ways? >> I was going to add to what Chris was mentioning, John. Even within DOD and under the purview of our chief information officer, back in 2013, the Deputy Secretary Defense signed the, what we call the DOD Cyberspace Workforce Strategy into effect. And that included a program called the Cyber Information Technology Exchange Program. It's an exchange program in which a private sector employee can work for the DOD in cyber security positions span across multiple mission critical areas. So this is one opportunity to learn, inside the DOD what's happening as a private sector person, if you will. Going back to what we talked about, kind of opportunities within the government for somebody who might be interested. You don't have to be super smart, dork in space, there's a lot of, like Chris pointed out, there's a lot of different areas that we need to have people, talented people to conduct the mission in space. So you don't have to be mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for any types of talent, any type of academic disciplines that are out there. >> All right, thank you, and Chris's shout out to the Space Force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's going to create some activation for a younger generation, certainly, and kind of new opportunities, new problems to solve, new threats to take on, and move it on. So really super conversation, space and cybersecurity, the Department of Defense perspective. Bong and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you Bong and then Chris. Summarize for the folks watching, whether it's a student at Cal Poly or other university or someone in industry and government, what is the Department of Defense perspective for space cybersecurity? >> Chris, want to go and take that on? >> That's right, thank you. Cybersecurity applies to much more than just the launch and download of mission data or human led exploration. And the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants cyber security safeguards. In any economic espionage, your data exfiltration, or denied access to that data, i.e. ransomware or some other attack, that can cripple any business or government endeavor, no matter how small or large, if it's left unprotected. And our economic backbone clearly depends on space. And GPS is more than just a direction finding, banking needs that T and timing from P and T or whether it just systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not. Even fighting forest fires picked up by a remote sensor. All those space space assets require protection from spoofing date, data denial, or total asset loss. An example would be if a satellite sensitive optics or intentionally pointed at the sun and damaged, or if a command to avoid collision with another space vehicle was delayed or disrupted or a ground termination command as we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, those losses are real and can be catastrophic. So the threat to space is pervasive, real and genuine, and your active work across all those platforms is necessary and appreciated. And your work in this area is critical going forward. Thank you for this opportunity to speak with you and talking on this important topic. Thank you, Chris Henson. Bong Gumahad, closing remarks? >> Yeah, likewise, John, again, as Chris said, thank you for the opportunity to discuss this very important around space cybersecurity, as well as addressing at the end there, we were talking about workforce development and the need to have people in the mix for future. (indistinct) We discussed, we need to start that recruiting early as we're doing to address the STEM gap today, we need to apply the same thing for cybersecurity. We absolutely need smart and innovative people to protect both our economic wellbeing as a nation, as well as our national defense. So this is the right conversation to have at this time, John. And again, thank you and Cal Poly host for having this symposium and having this opportunity to have this dialogue. Thank you. >> Gentlemen, thank you for your time and great insights. We couldn't be there in person. We're here virtual for the Space and Cybersecurity Symposium 2020, the Cal Poly. I'm John Furrier with SiliconANGLE and theCUBE, your host. Thank you for watching. (soft music)

>> Announcer: From around the globe, it's The Cube, covering Space and Cybersecurity Symposium 2020, hosted by Cal Poly. >> Everyone, welcome to this special virtual conference, the Space and Cybersecurity Symposium 2020 put on by Cal Poly with support from The Cube. I'm John Furey, your host and master of ceremony's got a great topic today, and this session is really the intersection of space and cybersecurity. This topic, and this conversation is a cybersecurity workforce development through public and private partnerships. And we've got a great lineup, we've Jeff Armstrong is the president of California Polytechnic State University, also known as Cal Poly. Jeffrey, thanks for jumping on and Bong Gumahad. The second, Director of C4ISR Division, and he's joining us from the Office of the Under Secretary of Defense for the acquisition and sustainment of Department of Defense, DOD, and of course Steve Jacques is Executive Director, founder National Security Space Association, and managing partner at Velos. Gentlemen, thank you for joining me for this session, we've got an hour of conversation, thanks for coming on. >> Thank you. >> So we've got a virtual event here, we've got an hour to have a great conversation, I'd love for you guys to do an opening statement on how you see the development through public and private partnerships around cybersecurity and space, Jeff, we'll start with you. >> Well, thanks very much, John, it's great to be on with all of you. On behalf of Cal Poly, welcome everyone. Educating the workforce of tomorrow is our mission at Cal Poly, whether that means traditional undergraduates, masters students, or increasingly, mid-career professionals looking to upskill or re-skill. Our signature pedagogy is learn by doing, which means that our graduates arrive at employers, ready day one with practical skills and experience. We have long thought of ourselves as lucky to be on California's beautiful central coast, but in recent years, as we've developed closer relationships with Vandenberg Air Force Base, hopefully the future permanent headquarters of the United States Space Command with Vandenberg and other regional partners, We have discovered that our location is even more advantageous than we thought. We're just 50 miles away from Vandenberg, a little closer than UC Santa Barbara and the base represents the Southern border of what we have come to think of as the central coast region. Cal Poly and Vandenberg Air Force Base have partnered to support regional economic development, to encourage the development of a commercial space port, to advocate for the space command headquarters coming to Vandenberg and other ventures. These partnerships have been possible because both parties stand to benefit. Vandenberg, by securing new streams of revenue, workforce, and local supply chain and Cal Poly by helping to grow local jobs for graduates, internship opportunities for students and research and entrepreneurship opportunities for faculty and staff. Crucially, what's good for Vandenberg Air Force Base and for Cal Poly is also good for the central coast and the U.S., creating new head of household jobs, infrastructure, and opportunity. Our goal is that these new jobs bring more diversity and sustainability for the region. This regional economic development has taken on a life of its own, spawning a new nonprofit called REACH which coordinates development efforts from Vandenberg Air Force Base in the South to Camp Roberts in the North. Another factor that has facilitated our relationship with Vandenberg Air Force Base is that we have some of the same friends. For example, Northrop Grumman has as long been an important defense contractor and an important partner to Cal Poly, funding scholarships in facilities that have allowed us to stay current with technology in it to attract highly qualified students for whom Cal Poly's costs would otherwise be prohibitive. For almost 20 years, Northrop Grumman has funded scholarships for Cal Poly students. This year, they're funding 64 scholarships, some directly in our College of Engineering and most through our Cal Poly Scholars Program. Cal Poly scholars support both incoming freshmen and transfer students. These are especially important, 'cause it allows us to provide additional support and opportunities to a group of students who are mostly first generation, low income and underrepresented, and who otherwise might not choose to attend Cal Poly. They also allow us to recruit from partner high schools with large populations of underrepresented minority students, including the Fortune High School in Elk Grove, which we developed a deep and lasting connection. We know that the best work is done by balanced teams that include multiple and diverse perspectives. These scholarships help us achieve that goal and I'm sure you know Northrop Grumman was recently awarded a very large contract to modernize the U.S. ICBM armory with some of the work being done at Vandenberg Air Force Base, thus supporting the local economy and protecting... Protecting our efforts in space requires partnerships in the digital realm. Cal Poly has partnered with many private companies such as AWS. Our partnerships with Amazon Web Services has enabled us to train our students with next generation cloud engineering skills, in part, through our jointly created digital transformation hub. Another partnership example is among Cal Poly's California Cyber Security Institute College of Engineering and the California National Guard. This partnership is focused on preparing a cyber-ready workforce, by providing faculty and students with a hands on research and learning environment side by side with military law enforcement professionals and cyber experts. We also have a long standing partnership with PG&E most recently focused on workforce development and redevelopment. Many of our graduates do indeed go on to careers in aerospace and defense industry. As a rough approximation, more than 4,500 Cal Poly graduates list aerospace or defense as their employment sector on LinkedIn. And it's not just our engineers in computer sciences. When I was speaking to our fellow panelists not too long ago, speaking to Bong, we learned that Rachel Sims, one of our liberal arts majors is working in his office, so shout out to you, Rachel. And then finally, of course, some of our graduates soar to extraordinary heights, such as Commander Victor Glover, who will be heading to the International Space Station later this year. As I close, all of which is to say that we're deeply committed to workforce development and redevelopment, that we understand the value of public-private partnerships, and that we're eager to find new ways in which to benefit everyone from this further cooperation. So we're committed to the region, the state and the nation, in our past efforts in space, cyber security and links to our partners at, as I indicated, aerospace industry and governmental partners provides a unique position for us to move forward in the interface of space and cyber security. Thank you so much, John. >> President Armstrong, thank you very much for the comments and congratulations to Cal Poly for being on the forefront of innovation and really taking a unique, progressive view and want to tip a hat to you guys over there, thank you very much for those comments, appreciate it. Bong, Department of Defense. Exciting, you've got to defend the nation, space is global, your opening statement. >> Yes, sir, thanks John, appreciate that. Thank you everybody, I'm honored to be in this panel along with Preston Armstrong of Cal Poly and my longtime friend and colleague Steve Jacques of the National Security Space Association to discuss a very important topic of a cybersecurity workforce development as President Armstrong alluded to. I'll tell you, both of these organizations, Cal Poly and the NSSA have done and continue to do an exceptional job at finding talent, recruiting them and training current and future leaders and technical professionals that we vitally need for our nation's growing space programs, as well as our collective national security. Earlier today, during session three, I, along with my colleague, Chris Samson discussed space cyber security and how the space domain is changing the landscape of future conflicts. I discussed the rapid emergence of commercial space with the proliferation of hundreds, if not thousands of satellites, providing a variety of services including communications, allowing for global internet connectivity, as one example. Within DOD, we continued to look at how we can leverage this opportunity. I'll tell you, one of the enabling technologies, is the use of small satellites, which are inherently cheaper and perhaps more flexible than the traditional bigger systems that we have historically used and employed for DOD. Certainly not lost on me is the fact that Cal Poly pioneered CubeSats 28, 27 years ago, and they set a standard for the use of these systems today. So they saw the value and benefit gained way ahead of everybody else it seems. And Cal Poly's focus on training and education is commendable. I'm especially impressed by the efforts of another of Steven's colleague, the current CIO, Mr. Bill Britton, with his high energy push to attract the next generation of innovators. Earlier this year, I had planned on participating in this year's cyber innovation challenge in June, Oops, Cal Poly hosts California middle, and high school students, and challenge them with situations to test their cyber knowledge. I tell you, I wish I had that kind of opportunity when I was a kid, unfortunately, the pandemic changed the plan, but I truly look forward to future events such as these, to participate in. Now, I want to recognize my good friend, Steve Jacques, whom I've known for perhaps too long of a time here, over two decades or so, who was an acknowledged space expert and personally I've truly applaud him for having the foresight a few years back to form the National Security Space Association to help the entire space enterprise navigate through not only technology, but policy issues and challenges and paved the way for operationalizing space. Space, it certainly was fortifying domain, it's not a secret anymore, and while it is a unique area, it shares a lot of common traits with the other domains, such as land, air, and sea, obviously all are strategically important to the defense of the United States. In conflict, they will all be contested and therefore they all need to be defended. One domain alone will not win future conflicts, and in a joint operation, we must succeed in all. So defending space is critical, as critical as to defending our other operational domains. Funny, space is the only sanctuary available only to the government. Increasingly as I discussed in a previous session, commercial space is taking the lead in a lot of different areas, including R&D, the so-called new space. So cybersecurity threat is even more demanding and even more challenging. The U.S. considers and futhered access to and freedom to operate in space, vital to advancing security, economic prosperity and scientific knowledge of the country, thus making cyberspace an inseparable component of America's financial, social government and political life. We stood up US Space Force a year ago or so as the newest military service. Like the other services, its mission is to organize, train and equip space forces in order to protect U.S. and allied interest in space and to provide spacecape builders who joined force. Imagine combining that U.S. Space Force with the U.S. Cyber Command to unify the direction of the space and cyberspace operation, strengthen DOD capabilities and integrate and bolster a DOD cyber experience. Now, of course, to enable all of this requires a trained and professional cadre of cyber security experts, combining a good mix of policy, as well as a high technical skill set. Much like we're seeing in STEM, we need to attract more people to this growing field. Now, the DOD has recognized the importance to the cybersecurity workforce, and we have implemented policies to encourage its growth. Back in 2013, the Deputy Secretary of Defense signed a DOD Cyberspace Workforce Strategy, to create a comprehensive, well-equipped cyber security team to respond to national security concerns. Now, this strategy also created a program that encourages collaboration between the DOD and private sector employees. We call this the Cyber Information Technology Exchange program, or CITE that it's an exchange program, which is very interesting in which a private sector employee can naturally work for the DOD in a cyber security position that spans across multiple mission critical areas, important to the DOD. A key responsibility of the cyber security community is military leaders, unrelated threats, and the cyber security actions we need to have to defeat these threats. We talked about rapid acquisition, agile business processes and practices to speed up innovation, likewise, cyber security must keep up with this challenge. So cyber security needs to be right there with the challenges and changes, and this requires exceptional personnel. We need to attract talent, invest in the people now to grow a robust cybersecurity workforce for the future. I look forward to the panel discussion, John, thank you. >> Thank you so much, Bob for those comments and, you know, new challenges or new opportunities and new possibilities and freedom to operate in space is critical, thank you for those comments, looking forward to chatting further. Steve Jacques, Executive Director of NSSA, you're up, opening statement. >> Thank you, John and echoing Bongs, thanks to Cal Poly for pulling this important event together and frankly, for allowing the National Security Space Association be a part of it. Likewise, on behalf of the association, I'm delighted and honored to be on this panel of President Armstrong, along with my friend and colleague, Bong Gumahad. Something for you all to know about Bong, he spent the first 20 years of his career in the Air Force doing space programs. He then went into industry for several years and then came back into government to serve, very few people do that. So Bong, on behalf of the space community, we thank you for your lifelong devotion to service to our nation, we really appreciate that. And I also echo a Bong shout out to that guy, Bill Britton. who's been a long time co-conspirator of ours for a long time, and you're doing great work there in the cyber program at Cal Poly, Bill, keep it up. But Professor Armstrong, keep a close eye on him. (laughter) I would like to offer a little extra context to the great comments made by President Armstrong and Bong. And in our view, the timing of this conference really could not be any better. We all recently reflected again on that tragic 9/11 surprise attack on our homeland and it's an appropriate time we think to take pause. While a percentage of you in the audience here weren't even born or were babies then, for the most of us, it still feels like yesterday. And moreover, a tragedy like 9/11 has taught us a lot to include, to be more vigilant, always keep our collective eyes and ears open, to include those "eyes and ears from space," making sure nothing like this ever happens again. So this conference is a key aspect, protecting our nation requires we work in a cyber secure environment at all times. But you know, the fascinating thing about space systems is we can't see 'em. Now sure, we see space launches, man, there's nothing more invigorating than that. But after launch they become invisible, so what are they really doing up there? What are they doing to enable our quality of life in the United States and in the world? Well to illustrate, I'd like to paraphrase elements of an article in Forbes magazine, by Bongs and my good friend, Chuck Beames, Chuck is a space guy, actually had Bongs job a few years in the Pentagon. He's now Chairman and Chief Strategy Officer at York Space Systems and in his spare time, he's Chairman of the Small Satellites. Chuck speaks in words that everyone can understand, so I'd like to give you some of his words out of his article, paraphrase somewhat, so these are Chuck's words. "Let's talk about average Joe and plain Jane. "Before heading to the airport for a business trip "to New York city, Joe checks the weather forecast, "informed by NOAA's weather satellites, "to see what to pack for the trip. "He then calls an Uber, that space app everybody uses, "it matches riders with drivers via GPS, "to take him to the airport. "So Joe has launched in the airport, "unbeknownst to him, his organic lunch is made "with the help of precision farming "made possible to optimize the irrigation and fertilization "with remote spectral sensing coming from space and GPS. "On the plane, the pilot navigates around weather, "aided by GPS and NOAA's weather satellites "and Joe makes his meeting on time "to join his New York colleagues in a video call "with a key customer in Singapore, "made possible by telecommunication satellites. "En route to his next meeting, "Joe receives notice changing the location of the meeting "to the other side of town. "So he calmly tells Siri to adjust the destination "and his satellite-guided Google maps redirect him "to the new location. "That evening, Joe watches the news broadcast via satellite, "report details of meeting among world leaders, "discussing the developing crisis in Syria. "As it turns out various forms of "'remotely sensed information' collected from satellites "indicate that yet another banned chemical weapon "may have been used on its own people. "Before going to bed, Joe decides to call his parents "and congratulate them for their wedding anniversary "as they cruise across the Atlantic, "made possible again by communication satellites "and Joe's parents can enjoy the call "without even wondering how it happened. "The next morning back home, "Joe's wife, Jane is involved in a car accident. "Her vehicle skids off the road, she's knocked unconscious, "but because of her satellite equipped OnStar system, "the crash is detected immediately, "and first responders show up on the scene in time. "Joe receives the news, books an early trip home, "sends flowers to his wife "as he orders another Uber to the airport. "Over that 24 hours, "Joe and Jane used space system applications "for nearly every part of their day. "Imagine the consequences if at any point "they were somehow denied these services, "whether they be by natural causes or a foreign hostility. "In each of these satellite applications used in this case, "were initially developed for military purposes "and continued to be, but also have remarkable application "on our way of life, just many people just don't know that." So ladies and gentlemen, now you know, thanks to Chuck Beames. Well, the United States has a proud heritage of being the world's leading space-faring nation. Dating back to the Eisenhower and Kennedy years, today, we have mature and robust systems operating from space, providing overhead reconnaissance to "watch and listen," provide missile warning, communications, positioning, navigation, and timing from our GPS system, much of which you heard in Lieutenant General JT Thomson's earlier speech. These systems are not only integral to our national security, but also to our quality of life. As Chuck told us, we simply no longer can live without these systems as a nation and for that matter, as a world. But over the years, adversaries like China, Russia and other countries have come to realize the value of space systems and are aggressively playing catch up while also pursuing capabilities that will challenge our systems. As many of you know, in 2007, China demonstrated its ASAT system by actually shooting down one of its own satellites and has been aggressively developing counterspace systems to disrupt ours. So in a heavily congested space environment, our systems are now being contested like never before and will continue to be. Well, as a Bong mentioned, the United States have responded to these changing threats. In addition to adding ways to protect our system, the administration and the Congress recently created the United States Space Force and the operational United States Space Command, the latter of which you heard President Armstrong and other Californians hope is going to be located at Vandenberg Air Force Base. Combined with our intelligence community, today we have focused military and civilian leadership now in space, and that's a very, very good thing. Commensurately on the industry side, we did create the National Security Space Association, devoted solely to supporting the National Security Space Enterprise. We're based here in the DC area, but we have arms and legs across the country and we are loaded with extraordinary talent in scores of former government executives. So NSSA is joined at the hip with our government customers to serve and to support. We're busy with a multitude of activities underway, ranging from a number of thought-provoking policy papers, our recurring spacetime webcasts, supporting Congress's space power caucus, and other main serious efforts. Check us out at nssaspace.org. One of our strategic priorities and central to today's events is to actively promote and nurture the workforce development, just like Cal-Poly. We will work with our U.S. government customers, industry leaders, and academia to attract and recruit students to join the space world, whether in government or industry, and to assist in mentoring and training as their careers progress. On that point, we're delighted to be working with Cal Poly as we hopefully will undertake a new pilot program with them very soon. So students stay tuned, something I can tell you, space is really cool. While our nation's satellite systems are technical and complex, our nation's government and industry workforce is highly diverse, with a combination of engineers, physicists and mathematicians, but also with a large non-technical expertise as well. Think about how government gets these systems designed, manufactured, launching into orbit and operating. They do this via contracts with our aerospace industry, requiring talents across the board, from cost estimating, cost analysis, budgeting, procurement, legal, and many other support tasks that are integral to the mission. Many thousands of people work in the space workforce, tens of billions of dollars every year. This is really cool stuff and no matter what your education background, a great career to be part of. In summary, as Bong had mentioned as well, there's a great deal of exciting challenges ahead. We will see a new renaissance in space in the years ahead and in some cases it's already begun. Billionaires like Jeff Bezos, Elon Musk, Sir Richard Branson, are in the game, stimulating new ideas and business models. Other private investors and startup companies, space companies are now coming in from all angles. The exponential advancement of technology and micro electronics now allows a potential for a plethora of small sat systems to possibly replace older satellites, the size of a Greyhound bus. It's getting better by the day and central to this conference, cybersecurity is paramount to our nation's critical infrastructure in space. So once again, thanks very much and I look forward to the further conversation. >> Steve, thank you very much. Space is cool, it's relevant, but it's important as you pointed out in your awesome story about how it impacts our life every day so I really appreciate that great story I'm glad you took the time to share that. You forgot the part about the drone coming over in the crime scene and, you know, mapping it out for you, but we'll add that to the story later, great stuff. My first question is, let's get into the conversations, because I think this is super important. President Armstrong, I'd like you to talk about some of the points that was teased out by Bong and Steve. One in particular is the comment around how military research was important in developing all these capabilities, which is impacting all of our lives through that story. It was the military research that has enabled a generation and generation of value for consumers. This is kind of this workforce conversation, there are opportunities now with research and grants, and this is a funding of innovation that is highly accelerated, it's happening very quickly. Can you comment on how research and the partnerships to get that funding into the universities is critical? >> Yeah, I really appreciate that and appreciate the comments of my colleagues. And it really boils down to me to partnerships, public-private partnerships, you have mentioned Northrop Grumman, but we have partnerships with Lockheed Martin, Boeing, Raytheon, Space X, JPL, also member of an organization called Business Higher Education Forum, which brings together university presidents and CEOs of companies. There's been focused on cybersecurity and data science and I hope that we can spill into cybersecurity and space. But those partnerships in the past have really brought a lot forward. At Cal Poly, as mentioned, we've been involved with CubeSat, we've have some secure work, and we want to plan to do more of that in the future. Those partnerships are essential, not only for getting the R&D done, but also the students, the faculty, whether they're master's or undergraduate can be involved with that work, they get that real life experience, whether it's on campus or virtually now during COVID or at the location with the partner, whether it may be governmental or industry, and then they're even better equipped to hit the ground running. And of course we'd love to see more of our students graduate with clearance so that they could do some of that secure work as well. So these partnerships are absolutely critical and it's also in the context of trying to bring the best and the brightest in all demographics of California and the U.S. into this field, to really be successful. So these partnerships are essential and our goal is to grow them just like I know our other colleagues in the CSU and the UC are planning to do. >> You know, just as my age I've seen, I grew up in the eighties and in college and they're in that system's generation and the generation before me, they really kind of pioneered the space that spawned the computer revolution. I mean, you look at these key inflection points in our lives, they were really funded through these kinds of real deep research. Bong, talk about that because, you know, we're living in an age of cloud and Bezos was mentioned, Elon Musk, Sir Richard Branson, you got new ideas coming in from the outside, you have an accelerated clock now in terms of the innovation cycles and so you got to react differently, you guys have programs to go outside of the defense department, how important is this because the workforce that are in schools and/or folks re-skilling are out there and you've been on both sides of the table, so share your thoughts. >> No, thanks Johnny, thanks for the opportunity to respond to, and that's what, you know, you hit on the nose back in the 80's, R&D and space especially was dominated by government funding, contracts and so on, but things have changed as Steve pointed out, allow these commercial entities funded by billionaires are coming out of the woodwork, funding R&D so they're taking the lead, so what we can do within the DOD in government is truly take advantage of the work they've done. And since they're, you know, paving the way to new approaches and new way of doing things and I think we can certainly learn from that and leverage off of that, saves us money from an R&D standpoint, while benefiting from the product that they deliver. You know, within DOD, talking about workforce development, you know, we have prioritized and we have policies now to attract and retain the talent we need. I had the folks do some research and it looks like from a cybersecurity or workforce standpoint, a recent study done, I think last year in 2019, found that the cyber security workforce gap in U.S. is nearing half a million people, even though it is a growing industry. So the pipeline needs to be strengthened, getting people through, you know, starting young and through college, like Professor Armstrong indicated because we're going to need them to be in place, you know, in a period of about maybe a decade or so. On top of that, of course, is the continuing issue we have with the gap with STEM students. We can't afford not have expertise in place to support all the things we're doing within DoD, not only DoD but the commercial side as well, thank you. >> How's the gap get filled, I mean, this is, again, you've got cybersecurity, I mean, with space it's a whole other kind of surface area if you will, it's not really surface area, but it is an IOT device if you think about it, but it does have the same challenges, that's kind of current and progressive with cybersecurity. Where's the gap get filled, Steve or President Armstrong, I mean, how do you solve the problem and address this gap in the workforce? What are some solutions and what approaches do we need to put in place? >> Steve, go ahead., I'll follow up. >> Okay, thanks, I'll let you correct me. (laughter) It's a really good question, and the way I would approach it is to focus on it holistically and to acknowledge it upfront and it comes with our teaching, et cetera, across the board. And from an industry perspective, I mean, we see it, we've got to have secure systems in everything we do, and promoting this and getting students at early ages and mentoring them and throwing internships at them is so paramount to the whole cycle. And that's kind of, it really takes a focused attention and we continue to use the word focus from an NSSA perspective. We know the challenges that are out there. There are such talented people in the workforce, on the government side, but not nearly enough of them and likewise on the industry side, we could use more as well, but when you get down to it, you know, we can connect dots, you know, the aspects that Professor Armstrong talked about earlier to where you continue to work partnerships as much as you possibly can. We hope to be a part of that network, that ecosystem if you will, of taking common objectives and working together to kind of make these things happen and to bring the power, not just of one or two companies, but of our entire membership thereabout. >> President Armstrong-- >> Yeah, I would also add it again, it's back to the partnerships that I talked about earlier, one of our partners is high schools and schools Fortune, Margaret Fortune, who worked in a couple of administrations in California across party lines and education, their fifth graders all visit Cal Poly, and visit our learned-by-doing lab. And you've got to get students interested in STEM at an early age. We also need the partnerships, the scholarships, the financial aid, so the students can graduate with minimal to no debt to really hit the ground running and that's exacerbated and really stress now with this COVID induced recession. California supports higher education at a higher rate than most states in the nation, but that has brought this year for reasons all understand due to COVID. And so our partnerships, our creativity, and making sure that we help those that need the most help financially, that's really key because the gaps are huge. As my colleagues indicated, you know, half a million jobs and I need you to look at the students that are in the pipeline, we've got to enhance that. And the placement rates are amazing once the students get to a place like Cal Poly or some of our other amazing CSU and UC campuses, placement rates are like 94%. Many of our engineers, they have jobs lined up a year before they graduate. So it's just going to take a key partnerships working together and that continued partnership with government local, of course, our state, the CSU, and partners like we have here today, both Steve and Bong so partnerships is the thing. >> You know, that's a great point-- >> I could add, >> Okay go ahead. >> All right, you know, the collaboration with universities is one that we put on lot of emphasis here, and it may not be well known fact, but just an example of national security, the AUC is a national centers of academic excellence in cyber defense works with over 270 colleges and universities across the United States to educate and certify future cyber first responders as an example. So that's vibrant and healthy and something that we ought to take advantage of. >> Well, I got the brain trust here on this topic. I want to get your thoughts on this one point, 'cause I'd like to define, you know, what is a public-private partnership because the theme that's coming out of the symposium is the script has been flipped, it's a modern era, things are accelerated, you've got security, so you've got all of these things kind of happenning it's a modern approach and you're seeing a digital transformation play out all over the world in business and in the public sector. So what is a modern public-private partnership and what does it look like today because people are learning differently. COVID has pointed out, which is that we're seeing right now, how people, the progressions of knowledge and learning, truth, it's all changing. How do you guys view the modern version of public-private partnership and some examples and some proof points, can you guys share that? We'll start with you, Professor Armstrong. >> Yeah, as I indicated earlier, we've had, and I could give other examples, but Northrop Grumman, they helped us with a cyber lab many years ago that is maintained directly, the software, the connection outside it's its own unit so the students can learn to hack, they can learn to penetrate defenses and I know that that has already had some considerations of space, but that's a benefit to both parties. So a good public-private partnership has benefits to both entities and the common factor for universities with a lot of these partnerships is the talent. The talent that is needed, what we've been working on for years of, you know, the undergraduate or master's or PhD programs, but now it's also spilling into upskilling and reskilling, as jobs, you know, folks who are in jobs today that didn't exist two years, three years, five years ago, but it also spills into other aspects that can expand even more. We're very fortunate we have land, there's opportunities, we have ONE Tech project. We are expanding our tech park, I think we'll see opportunities for that and it'll be adjusted due to the virtual world that we're all learning more and more about it, which we were in before COVID. But I also think that that person to person is going to be important, I want to make sure that I'm driving across a bridge or that satellite's being launched by the engineer that's had at least some in person training to do that in that experience, especially as a first time freshman coming on campus, getting that experience, expanding it as an adult, and we're going to need those public-private partnerships in order to continue to fund those at a level that is at the excellence we need for these STEM and engineering fields. >> It's interesting people and technology can work together and these partnerships are the new way. Bongs too with reaction to the modern version of what a public successful private partnership looks like. >> If I could jump in John, I think, you know, historically DOD's had a high bar to overcome if you will, in terms of getting rapid... pulling in new companies, miss the fall if you will, and not rely heavily on the usual suspects, of vendors and the like, and I think the DOD has done a good job over the last couple of years of trying to reduce that burden and working with us, you know, the Air Force, I think they're pioneering this idea around pitch days, where companies come in, do a two-hour pitch and immediately notified of, you know, of an a award, without having to wait a long time to get feedback on the quality of the product and so on. So I think we're trying to do our best to strengthen that partnership with companies outside of the main group of people that we typically use. >> Steve, any reaction, any comment to add? >> Yeah, I would add a couple and these are very excellent thoughts. It's about taking a little gamble by coming out of your comfort zone, you know, the world that Bong and I, Bong lives in and I used to live in the past, has been quite structured. It's really about, we know what the threat is, we need to go fix it, we'll design as if as we go make it happen, we'll fly it. Life is so much more complicated than that and so it's really, to me, I mean, you take an example of the pitch days of Bong talks about, I think taking a gamble by attempting to just do a lot of pilot programs, work the trust factor between government folks and the industry folks and academia, because we are all in this together in a lot of ways. For example, I mean, we just sent a paper to the white house at their request about, you know, what would we do from a workforce development perspective and we hope to embellish on this over time once the initiative matures, but we have a piece of it for example, is a thing we call "clear for success," getting back to president Armstrong's comments so at a collegiate level, you know, high, high, high quality folks are in high demand. So why don't we put together a program that grabs kids in their underclass years, identifies folks that are interested in doing something like this, get them scholarships, have a job waiting for them that they're contracted for before they graduate, and when they graduate, they walk with an SCI clearance. We believe that can be done, so that's an example of ways in which public-private partnerships can happen to where you now have a talented kid ready to go on day one. We think those kinds of things can happen, it just gets back down to being focused on specific initiatives, giving them a chance and run as many pilot programs as you can, like pitch days. >> That's a great point, it's a good segue. Go ahead, President Armstrong. >> I just want to jump in and echo both the Bong and Steve's comments, but Steve that, you know, your point of, you know our graduates, we consider them ready day one, well they need to be ready day one and ready to go secure. We totally support that and love to follow up offline with you on that. That's exciting and needed, very much needed more of it, some of it's happening, but we certainly have been thinking a lot about that and making some plans. >> And that's a great example, a good segue. My next question is kind of re-imagining these workflows is kind of breaking down the old way and bringing in kind of the new way, accelerate all kinds of new things. There are creative ways to address this workforce issue and this is the next topic, how can we employ new creative solutions because let's face it, you know, it's not the days of get your engineering degree and go interview for a job and then get slotted in and get the intern, you know, the programs and you'd matriculate through the system. This is multiple disciplines, cybersecurity points at that. You could be smart in math and have a degree in anthropology and be one of the best cyber talents on the planet. So this is a new, new world, what are some creative approaches that's going to work for you? >> Alright, good job, one of the things, I think that's a challenge to us is, you know, somehow we got me working for, with the government, sexy right? You know, part of the challenge we have is attracting the right level of skill sets and personnel but, you know, we're competing, oftentimes, with the commercial side, the gaming industry as examples is a big deal. And those are the same talents we need to support a lot of the programs that we have in DOD. So somehow we have do a better job to Steve's point about making the work within DOD, within the government, something that they would be interested early on. So attract them early, you know, I could not talk about Cal Poly's challenge program that they were going to have in June inviting high school kids really excited about the whole idea of space and cyber security and so on. Those are some of the things that I think we have to do and continue to do over the course of the next several years. >> Awesome, any other creative approaches that you guys see working or might be an idea, or just to kind of stoke the ideation out there? Internships, obviously internships are known, but like, there's got to be new ways. >> Alright, I think you can take what Steve was talking about earlier, getting students in high school and aligning them sometimes at first internship, not just between the freshman and sophomore year, but before they enter Cal Poly per se and they're involved. So I think that's absolutely key, getting them involved in many other ways. We have an example of upskilling or work redevelopment here in the central coast, PG&E Diablo nuclear plant that is going to decommission in around 2024. And so we have a ongoing partnership to work and reposition those employees for the future. So that's, you know, engineering and beyond but think about that just in the manner that you were talking about. So the upskilling and reskilling, and I think that's where, you know, we were talking about that Purdue University, other California universities have been dealing with online programs before COVID, and now with COVID so many more Faculty were pushed into that area, there's going to be a much more going and talk about workforce development in upskilling and reskilling, the amount of training and education of our faculty across the country in virtual and delivery has been huge. So there's always a silver linings in the cloud. >> I want to get your guys' thoughts on one final question as we end the segment, and we've seen on the commercial side with cloud computing on these highly accelerated environments where, you know, SAS business model subscription, and that's on the business side, but one of the things that's clear in this trend is technology and people work together and technology augments the people components. So I'd love to get your thoughts as we look at a world now, we're living in COVID, and Cal Poly, you guys have remote learning right now, it's at the infancy, it's a whole new disruption, if you will, but also an opportunity enable new ways to encollaborate, So if you look at people and technology, can you guys share your view and vision on how communities can be developed, how these digital technologies and people can work together faster to get to the truth or make a discovery, hire, develop the workforce, these are opportunities, how do you guys view this new digital transformation? >> Well, I think there's huge opportunities and just what we're doing with this symposium, we're filming this on Monday and it's going to stream live and then the three of us, the four of us can participate and chat with participants while it's going on. That's amazing and I appreciate you, John, you bringing that to this symposium. I think there's more and more that we can do. From a Cal Poly perspective, with our pedagogy so, you know, linked to learn by doing in-person will always be important to us, but we see virtual, we see partnerships like this, can expand and enhance our ability and minimize the in-person time, decrease the time to degree, enhance graduation rate, eliminate opportunity gaps for students that don't have the same advantages. So I think the technological aspect of this is tremendous. Then on the upskilling and reskilling, where employees are all over, they can re be reached virtually, and then maybe they come to a location or really advanced technology allows them to get hands on virtually, or they come to that location and get it in a hybrid format. So I'm very excited about the future and what we can do, and it's going to be different with every university, with every partnership. It's one size does not fit all, There's so many possibilities, Bong, I can almost imagine that social network that has a verified, you know, secure clearance. I can jump in, and have a little cloak of secrecy and collaborate with the DOD possibly in the future. But these are the kind of crazy ideas that are needed, your thoughts on this whole digital transformation cross-pollination. >> I think technology is going to be revolutionary here, John, you know, we're focusing lately on what we call visual engineering to quicken the pace of the delivery capability to warfighter as an example, I think AI, Machine Language, all that's going to have a major play in how we operate in the future. We're embracing 5G technologies, and the ability for zero latency, more IOT, more automation of the supply chain, that sort of thing, I think the future ahead of us is very encouraging, I think it's going to do a lot for national defense, and certainly the security of the country. >> Steve, your final thoughts, space systems are systems, and they're connected to other systems that are connected to people, your thoughts on this digital transformation opportunity. >> Such a great question and such a fun, great challenge ahead of us. Echoing my colleagues sentiments, I would add to it, you know, a lot of this has, I think we should do some focusing on campaigning so that people can feel comfortable to include the Congress to do things a little bit differently. You know, we're not attuned to doing things fast, but the dramatic, you know, the way technology is just going like crazy right now, I think it ties back to, hoping to convince some of our senior leaders and what I call both sides of the Potomac river, that it's worth taking this gamble, we do need to take some of these things you know, in a very proactive way. And I'm very confident and excited and comfortable that this is going to be a great time ahead and all for the better. >> You know, I always think of myself when I talk about DC 'cause I'm not a lawyer and I'm not a political person, but I always say less lawyers, more techies than in Congress and Senate, so (laughter)I always get in trouble when I say that. Sorry, President Armstrong, go ahead. >> Yeah, no, just one other point and Steve's alluded to this and Bong did as well, I mean, we've got to be less risk averse in these partnerships, that doesn't mean reckless, but we have to be less risk averse. And also, as you talk about technology, I have to reflect on something that happened and you both talked a bit about Bill Britton and his impact on Cal Poly and what we're doing. But we were faced a few years ago of replacing traditional data, a data warehouse, data storage, data center and we partnered with AWS and thank goodness, we had that in progress and it enhanced our bandwidth on our campus before COVID hit, and with this partnership with the digital transformation hub, so there's a great example where we had that going. That's not something we could have started, "Oh COVID hit, let's flip that switch." And so we have to be proactive and we also have to not be risk-averse and do some things differently. That has really salvaged the experience for our students right now, as things are flowing well. We only have about 12% of our courses in person, those essential courses and I'm just grateful for those partnerships that I have talked about today. >> And it's a shining example of how being agile, continuous operations, these are themes that expand the space and the next workforce needs to be built. Gentlemen, thank you very much for sharing your insights, I know Bong, you're going to go into the defense side of space in your other sessions. Thank you gentlemen, for your time, for a great session, I appreciate it. >> Thank you. >> Thank you gentlemen. >> Thank you. >> Thank you. >> Thank you, thank you all. I'm John Furey with The Cube here in Palo Alto, California covering and hosting with Cal Poly, the Space and Cybersecurity Symposium 2020, thanks for watching. (bright atmospheric music)

>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation, >>Everyone. Welcome to this cube conversation. I'm John for host of the Cube here in the Cubes Palo Alto studios during the co vid crisis. Square Quarantine with our crew, but we got the remote interviews. Got great to get great guests here from 44 to guard Fortinet, 40 Guard Labs, Derek Manky chief Security Insights and Global Threat alliances. At 14 it's 40 guard labs and, um, are Lakhani. Who's the lead researcher for the Guard Labs. Guys, great to see you. Derek. Good to see you again. Um, are you meet you? >>Hey, it's it's it's been a while and that it happened so fast, >>it just seems, are say it was just the other day. Derek, we've done a couple interviews in between. A lot of flow coming out of Florida net for the guards. A lot of action, certainly with co vid everyone's pulled back home. The bad actors taking advantage of the situation. The surface areas increased really is the perfect storm for security. Uh, in terms of action, bad actors are at all time high new threats here is going on. Take us through what you guys were doing. What's your team makeup look like? What are some of the roles and you guys were seeing on your team? And how's that transcend to the market? >>Yeah, sure, Absolutely. So you're right. I mean, like, you know, like I was saying earlier this this is all this always happens fast and furious. We couldn't do this without, you know, a world class team at 40 guard labs eso we've grown our team now to over 235 globally. There's different rules within the team. You know, if we look 20 years ago, the rules used to be just very pigeonholed into, say, anti virus analysis. Right now we have Thio account for when we're looking at threats. We have to look at that growing attack surface. We have to look at where these threats coming from. How frequently are they hitting? What verticals are they hitting? You know what regions? What are the particular techniques? Tactics, procedures, You know, we have threat. This is the world of threat Intelligence, Of course. Contextualizing that information and it takes different skill sets on the back end, and a lot of people don't really realize the behind the scenes. You know what's happening on bears. A lot of magic happen not only from what we talked about before in our last conversation from artificial intelligence and machine learning, that we do a 40 yard labs and automation, but the people. And so today we want to focus on the people on and talk about you know how on the back ends, we approach a particular threat. We're going to talk to the world, a ransom and ransomware. Look at how we dissect threats. How correlate that how we use tools in terms of threat hunting as an example, And then how we actually take that to that last mile and and make it actionable so that, you know, customers are protected. How we share that information with Keith, right until sharing partners. But again it comes down to the people. We never have enough people in the industry. There's a big shortages, we know, but it it's a really key critical element, and we've been building these training programs for over a decade within 40 guard lab. So you know, you know, John, this this to me is why, exactly why, I always say, and I'm sure Americans share this to that. There's never a dull day in the office. I know we hear that all the time, but I think today you know, all the viewers really get a new idea of why that is, because this is very dynamic. And on the back end, there's a lot of things that doing together our hands dirty with this, >>you know, the old expression started playing Silicon Valley is if you're in the arena, that's where the action and it's different than sitting in the stands watching the game. You guys are certainly in that arena. And, you know, we've talked and we cover your your threat report that comes out, Um, frequently. But for the folks that aren't in the weeds on all the nuances of security, can you kind of give the 101 ransomware. What's going on? What's the state of the ransomware situation? Um, set the stage because that's still continues to be a threat. I don't go a week, but I don't read a story about another ransomware and then it leaks out. Yeah, they paid 10 million in Bitcoin or something like I mean, this Israel. That's a real ongoing threat. What is it, >>quite a bit? Yeah, eso I'll give sort of the one on one and then maybe capacity toe mark, who's on the front lines dealing with this every day. You know, if we look at the world of I mean, first of all, the concept to ransom, obviously you have people that that has gone extended way, way before, you know, cybersecurity. Right? Um, in the world of physical crime s Oh, of course. You know the world's first ransom, where viruses actually called PC cyborg. This is in 1989. The ransom payment was demanded to appeal box from leave. It was Panama City at the time not to effective on floppy disk. Very small audience. Not a big attack surface. I didn't hear much about it for years. Um, you know, in really it was around 2000 and 10. We started to see ransomware becoming prolific, and what they did was somewhat cybercriminals. Did was shift on success from ah, fake antivirus software model, which was, you know, popping up a whole bunch of, you know said your computer is infected with 50 or 60 viruses. Chaos will give you an anti virus solution, Which was, of course, fake. You know, people started catching on. You know, the giggles up people caught onto that. So they weren't making a lot of money selling this project software. Uh, enter Ransomware. And this is where ransomware really started to take hold because it wasn't optional to pay for the software. It was mandatory almost for a lot of people because they were losing their data. They couldn't reverse engineer the current. Uh, the encryption kind of decrypt it with any universal tool. Ransomware today is very rigid. We just released our threat report for the first half of 2020. And we saw we've seen things like master boot record nbr around somewhere. This is persistent. It sits before your operating system when you boot up your computer. So it's hard to get rid of, um, very strong. Um, you know, public by the key cryptography that's being so each victim is infected with the different key is an example. The list goes on, and you know I'll save that for for the demo today. But that's basically it's It's very it's prolific and we're seeing shit. Not only just ransomware attacks for data, we're now starting to see ransom for extortion, for targeted ransom cases that we're going after, you know, critical business. Essentially, it's like a D O s holding revenue streams around too. So the ransom demands were getting higher because of this is Well, it's complicated. >>Yeah, I was mentioning, Omar, I want you to weigh in. I mean, 10 million is a lot we reported earlier this month. Garment was the company that was act I t guy completely locked down. They pay 10 million. Um, garment makes all those devices and a Z. We know this is impacting That's real numbers. So I mean, it's another little ones, but for the most part, it's new. It's, you know, pain in the butt Thio full on business disruption and extortion. Can you explain how it all works before I got it? Before we go to the demo, >>you know, you're you're absolutely right. It is a big number, and a lot of organizations are willing to pay that number to get their data back. Essentially their organization and their business is at a complete standstill. When they don't pay, all their files are inaccessible to them. Ransomware in general, what does end up from a very basic or review is it basically makes your files not available to you. They're encrypted. They have a essentially a pass code on them that you have to have the correct pass code to decode them. Ah, lot of times that's in the form of a program or actually a physical password you have type in. But you don't get that access to get your files back unless you pay the ransom. Ah, lot of corporations these days, they are not only paying the ransom, they're actually negotiating with the criminals as well. They're trying to say, Oh, you want 10 million? How about four million? Sometimes that it goes on as well, but it's Ah, it's something that organizations know that if they don't have the proper backups and the Attackers are getting smart, they're trying to go after the backups as well. They're trying to go after your duplicate files, so sometimes you don't have a choice, and organizations will will pay the ransom >>and it's you know they're smart. There's a business they know the probability of buy versus build or pay versus rebuild, so they kind of know where to attack. They know the tactics. The name is vulnerable. It's not like just some kitty script thing going on. This is riel system fistic ated stuff. It's and it's and this highly targeted. Can you talk about some use cases there and what's goes on with that kind of attack? >>Absolutely. The cybercriminals are doing reconnaissance. They're trying to find out as much as they can about their victims. And what happens is they're trying to make sure that they can motivate their victims in the fastest way possible to pay the ransom as well. Eh? So there's a lot of attacks going on. We usually we're finding now is ransomware is sometimes the last stage of an attack, so an attacker may go into on organization. They may already be taking data out of that organization. They may be stealing customer data P I, which is personal, identifiable information such as Social Security numbers or or driver's licenses or credit card information. Once they've done their entire attack, once they've gone, everything they can Ah, lot of times their end stage. There last attack is ransomware, and they encrypt all the files on the system and try and try and motivate the victim to pay as fast as possible and as much as possible as well. >>You know, it's interesting. I thought of my buddy today. It's like casing the joint. They check it out. They do their re kon reconnaissance. They go in, identify what's the move that's move to make. How to extract the most out of the victim in this case, Target. Um, and it really I mean, it's just go on a tangent, you know? Why don't we have the right to bear our own arms? Why can't we fight back? I mean, the end of the day, Derek, this is like, Who's protecting me? I mean, >>e do >>what? To protect my own, build my own army, or does the government help us? I mean, that's at some point, I got a right to bear my own arms here, right? I mean, this is the whole security paradigm. >>Yeah, so I mean, there's a couple of things, right? So first of all, this is exactly why we do a lot of that. I was mentioning the skills shortage and cyber cyber security professionals. Example. This is why we do a lot of the heavy lifting on the back end. Obviously, from a defensive standpoint, you obviously have the red team blue team aspect. How do you first, Um, no. There is what is to fight back by being defensive as well, too, and also by, you know, in the world that threat intelligence. One of the ways that we're fighting back is not necessarily by going and hacking the bad guys, because that's illegal in jurisdictions, right? But how we can actually find out who these people are, hit them where it hurts. Freeze assets go after money laundering that works. You follow the cash transactions where it's happening. This is where we actually work with key law enforcement partners such as Inter Pool is an example. This is the world, the threat intelligence. That's why we're doing a lot of that intelligence work on the back end. So there's other ways toe actually go on the offense without necessarily weaponizing it per se right like he's using, you know, bearing your own arms, Aziz said. There's different forms that people may not be aware of with that and that actually gets into the world of, you know, if you see attacks happening on your system, how you how you can use security tools and collaborate with threat intelligence? >>Yeah, I think that I think that's the key. I think the key is these new sharing technologies around collective intelligence is gonna be, ah, great way to kind of have more of an offensive collective strike. But I think fortifying the defense is critical. I mean, that's there's no other way to do that. >>Absolutely. I mean the you know, we say that's almost every week, but it's in simplicity. Our goal is always to make it more expensive for the cyber criminal to operate. And there's many ways to do that right you could be could be a pain to them by by having a very rigid, hard and defense. That means that if if it's too much effort on their end, I mean, they have roos and their in their sense, right, too much effort on there, and they're gonna go knocking somewhere else. Um, there's also, you know, a zay said things like disruption, so ripping infrastructure offline that cripples them. Yeah, it's wack a mole they're going to set up somewhere else. But then also going after people themselves, Um, again, the cash networks, these sorts of things. So it's sort of a holistic approach between anything. >>Hey, it's an arms race. Better ai better cloud scale always helps. You know, it's a ratchet game. Okay, tomorrow I want to get into this video. It's of ransomware four minute video. I'd like you to take us through you to lead you to read. Researcher, >>take us >>through this video and, uh, explain what we're looking at. Let's roll the video. >>All right? Sure s. So what we have here is we have the victims. That's top over here. We have a couple of things on this. Victims that stop. We have ah, batch file, which is essentially going to run the ransom where we have the payload, which is the code behind the ransomware. And then we have files in this folder, and this is where you typically find user files and, ah, really world case. This would be like Microsoft Microsoft Word documents or your Power point presentations. Over here, we just have a couple of text files that we've set up we're going to go ahead and run the ransomware and sometimes Attackers. What they do is they disguise this like they make it look like a like, important word document. They make it look like something else. But once you run, the ransomware usually get a ransom message. And in this case, the ransom message says your files are encrypted. Uh, please pay this money to this Bitcoin address. That obviously is not a real Bitcoin address that usually they look a little more complicated. But this is our fake Bitcoin address, but you'll see that the files now are encrypted. You cannot access them. They've been changed. And unless you pay the ransom, you don't get the files. Now, as the researchers, we see files like this all the time. We see ransomware all the all the time. So we use a variety of tools, internal tools, custom tools as well as open source tools. And what you're seeing here is open source tool is called the cuckoo sandbox, and it shows us the behavior of the ransomware. What exactly is a ransom we're doing in this case? You can see just clicking on that file launched a couple of different things that launched basically a command execute herbal, a power shell. It launched our windows shell and then it did things on the file. It basically had registry keys. It had network connections. It changed the disk. So this kind of gives us behind the scenes. Look at all the processes that's happening on the ransomware and just that one file itself. Like I said, there's multiple different things now what we want to do As researchers, we want to categorize this ransomware into families. We wanna try and determine the actors behind that. So we dump everything we know in the ransomware in the central databases. And then we mind these databases. What we're doing here is we're actually using another tool called malt ego and, uh, use custom tools as well as commercial and open source tools. But but this is a open source and commercial tool. But what we're doing is we're basically taking the ransomware and we're asking malty, go to look through our database and say, like, do you see any like files? Or do you see any types of incidences that have similar characteristics? Because what we want to do is we want to see the relationship between this one ransomware and anything else we may have in our system because that helps us identify maybe where the ransom that's connecting to where it's going thio other processes that may be doing. In this case, we can see multiple I P addresses that are connected to it so we can possibly see multiple infections weaken block different external websites. If we can identify a command and control system, we can categorize this to a family. And sometimes we can even categorize this to a threat actor that has claimed responsibility for it. Eso It's essentially visualizing all the connections and the relationship between one file and everything else we have in our database in this example. Off course, we put this in multiple ways. We can save these as reports as pdf type reports or, you know, usually HTML or other searchable data that we have back in our systems. And then the cool thing about this is this is available to all our products, all our researchers, all our specialty teams. So when we're researching botnets when we're researching file based attacks when we're researching, um, you know, I P reputation We have a lot of different IOC's or indicators of compromise that we can correlate where attacks goes through and maybe even detective new types of attacks as well. >>So the bottom line is you got the tools using combination of open source and commercial products. Toe look at the patterns of all ransomware across your observation space. Is that right? >>Exactly. I should you like a very simple demo. It's not only open source and commercial, but a lot of it is our own custom developed products as well. And when we find something that works, that logic that that technique, we make sure it's built into our own products as well. So our own customers have the ability to detect the same type of threats that we're detecting as well. At four of our labs intelligence that we acquire that product, that product of intelligence, it's consumed directly by our projects. >>Also take me through what, what's actually going on? What it means for the customers. So border guard labs. You're looking at all the ransom where you see in the patterns Are you guys proactively looking? Is is that you guys were researching you Look at something pops on the radar. I mean, take us through What is what What goes on? And then how does that translate into a customer notification or impact? >>So So, yeah, if you look at a typical life cycle of these attacks, there's always proactive and reactive. That's just the way it is in the industry, right? So of course we try to be a wear Some of the solutions we talked about before. And if you look at an incoming threat, first of all, you need visibility. You can't protect or analyze anything that you can't see. So you got to get your hands on visibility. We call these I, O. C s indicators a compromise. So this is usually something like, um, actual execute herbal file, like the virus from the malware itself. It could be other things that are related to it, like websites that could be hosting the malware as an example. So once we have that seed, we call it a seed. We could do threat hunting from there, so we can analyze that right? If it's ah piece of malware or a botnet weaken do analysis on that and discover more malicious things that this is doing. Then we go investigate those malicious things and we really you know, it's similar to the world of C. S. I write have these different gods that they're connecting. We're doing that at hyper scale on DWI. Use that through these tools that Omar was talking. So it's really a life cycle of getting, you know, the malware incoming seeing it first, um, analyzing it on, then doing action on that. Right? So it's sort of a three step process, and the action comes down to what tomorrow is saying water following that to our customers so that they're protected. But then in tandem with that, we're also going further. And I'm sharing it, if if applicable to, say, law enforcement partners, other threat Intel sharing partners to And, um, there's not just humans doing that, right? So the proactive peace again, This is where it comes to artificial intelligence machine learning. Um, there's a lot of cases where we're automatically doing that analysis without humans. So we have a I systems that are analyzing and actually creating protection on its own. Two. So it Zack white interest technology. >>A decision. At the end of the day, you want to protect your customers. And so this renders out if I'm afford a net customer across the portfolio. The goal here is to protect them from ransomware. Right? That's the end of game. >>Yeah, And that's a very important thing when you start talking these big dollar amounts that were talking earlier comes Thio the damages that air down from estimates. >>E not only is a good insurance, it's just good to have that fortification. Alright, So dark. I gotta ask you about the term the last mile because, you know, we were before we came on camera. You know, I'm band with junkie, always want more bandwidth. So the last mile used to be a term for last mile to the home where there was telephone lines. Now it's fiber and by five. But what does that mean to you guys and security is that Does that mean something specific? >>Yeah, Yeah, absolutely. The easiest way to describe that is actionable, right? So one of the challenges in the industry is we live in a very noisy industry when it comes thio cybersecurity. What I mean by that is because of that growing attacks for fists on do you know, you have these different attack vectors. You have attacks not only coming in from email, but websites from, you know, DDOS attacks. There's there's a lot of volume that's just going to continue to grow is the world of I G N O T. S O. What ends up happening is when you look at a lot of security operation centers for customers as an example, um, there are it's very noisy. It's, um you can guarantee that every day you're going to see some sort of probe, some sort of attack activity that's happening. And so what that means is you get a lot of protection events, a lot of logs, and when you have this worldwide shortage of security professionals, you don't have enough people to process those logs and actually started to say, Hey, this looks like an attack. I'm gonna go investigate it and block it. So this is where the last mile comes in because ah, lot of the times that you know these logs, they light up like Christmas. And I mean, there's a lot of events that are happening. How do you prioritize that? How do you automatically add action? Because The reality is, if it's just humans, doing it on that last mile is often going back to your bandwidth terms. There's too much too much lately. See right, So how do you reduce that late and see? That's where the automation the AI machine learning comes in. Thio solve that last mile problem toe automatically either protection. Especially important because you have to be quicker than the attacker. It's an arms race like E. >>I think what you guys do with four to Guard Labs is super important. Not like the industry, but for society at large, as you have kind of all this, you know, shadow, cloak and dagger kind of attacks systems, whether it's National Security international or just for, you know, mafias and racketeering and the bad guys. Can you guys take a minute and explain the role of 40 guards specifically and and why you guys exist? I mean, obviously there's a commercial reason you both on the four net that you know trickles down into the products. That's all good for the customers. I get that, but there's more to the fore to guard than just that. You guys talk about this trend and security business because it is very clear that there's a you know, uh, collective sharing culture developing rapidly for societal benefit. Can you take them into something that, >>Yeah, sure, I'll get my thoughts. Are you gonna that? So I'm going to that Teoh from my point of view, I mean, there's various functions, So we've just talked about that last mile problem. That's the commercial aspect we create through 40 yard labs, 40 yards, services that are dynamic and updated to security products because you need intelligence products to be ableto protect against intelligence attacks. That's just the defense again, going back to How can we take that further? I mean, we're not law enforcement ourselves. We know a lot about the bad guys and the actors because of the intelligence work that you do. But we can't go in and prosecute. We can share knowledge and we can train prosecutors, right? This is a big challenge in the industry. A lot of prosecutors don't know how to take cybersecurity courses to court, and because of that, a lot of these cybercriminals rain free. That's been a big challenge in the industry. So, you know, this has been close to my heart over 10 years, I've been building a lot of these key relationships between private public sector as an example, but also private sector things like Cyber Threat Alliance, where a founding member of the Cyber Threat Alliance, if over 28 members and that alliance. And it's about sharing intelligence to level that playing field because Attackers room freely. What I mean by that is there's no jurisdictions for them. Cybercrime has no borders. Um, they could do a million things, uh, wrong and they don't care. We do a million things right. One thing wrong, and it's a challenge. So there's this big collaboration that's a big part of 40 guard. Why exists to is to make the industry better. Thio, you know, work on protocols and automation and and really fight fight this together. Well, remaining competitors. I mean, we have competitors out there, of course, on DSO it comes down to that last mile problem. John is like we can share intelligence within the industry, but it's on Lee. Intelligence is just intelligence. How do you make it useful and actionable? That's where it comes down to technology integration. And, >>um, are what's your take on this, uh, societal benefit because, you know, I've been saying since the Sony hack years ago that, you know, when you have nation states that if they put troops on our soil, the government would respond. Um, but yet virtually they're here, and the private sector's defend for themselves. No support. So I think this private public partnership thing is very relevant. I think is ground zero of the future build out of policy because, you know, we pay for freedom. Why don't we have cyber freedom is if we're gonna run a business. Where's our help from the government? Pay taxes. So again, if a military showed up, you're not gonna see, you know, cos fighting the foreign enemy, right? So, again, this is a whole new change over it >>really is. You have to remember that cyberattacks puts everyone on even playing field, right? I mean, you know, now don't have to have a country that has invested a lot in weapons development or nuclear weapons or anything like that, right? Anyone can basically come up to speed on cyber weapons as long as they have an Internet connection. So it evens the playing field, which makes it dangerous, I guess, for our enemies, you know, But absolutely that I think a lot of us, You know, from a personal standpoint, a lot of us have seen researchers have seen organizations fail through cyber attacks. We've seen the frustration we've seen. Like, you know, besides organization, we've seen people like, just like grandma's loser pictures of their, you know, other loved ones because they can being attacked by ransom, where I think we take it very personally when people like innocent people get attacked and we make it our mission to make sure we can do everything we can to protect them. But But I will add that the least here in the U. S. The federal government actually has a lot of partnerships and ah, lot of programs to help organizations with cyber attacks. Three us cert is always continuously updating, you know, organizations about the latest attacks. Infra Guard is another organization run by the FBI, and a lot of companies like Fortinet and even a lot of other security companies participate in these organizations so everyone can come up to speed and everyone share information. So we all have a fighting chance. >>It's a whole new wave paradigm. You guys on the cutting edge, Derek? Always great to see a mark. Great to meet you remotely looking forward to meeting in person when the world comes back to normal as usual. Thanks for the great insights. Appreciate it. >>All right. Thank God. Pleasure is always >>okay. Q conversation here. I'm John for a host of the Cube. Great insightful conversation around security Ransomware with a great demo. Check it out from Derek and, um, are from 14 guard labs. I'm John Ferrier. Thanks for watching.

>>from around the globe. It's the queue with digital coverage of AWS Public sector online brought to you by Amazon Web services. Everyone welcome back to the Cube's virtual coverage of AWS Public sector online summit, which is also virtual. I'm John Furrier, host of the Cube, with a great interview. He remotely Jennifer Cronus, who's the general manager with the D. O. D. Account for Amazon Web services. Jennifer, welcome to the Cube, and great to have you over the phone. I know we couldn't get the remote video cause location, but glad to have you via your voice. Thanks for joining us. >>Well, thank you very much, John. Thanks for the opportunity here >>to the Department of Defense. Big part of the conversation over the past couple of years, One of many examples of the agencies modernizing. And here at the public sector summit virtual on line. One of your customers, the Navy with their air p is featured. Yes, this is really kind of encapsulate. It's kind of this modernization of the public sector. So tell us about what they're doing and their journey. >>Sure, Absolutely. So ah, maybe er P, which is Navy enterprise resource planning is the department of the Navy's financial system of record. It's built on S AP, and it provides financial acquisition and my management information to maybe commands and Navy leadership. Essentially keep the Navy running and to increase the effectiveness and the efficiency of baby support warfighter. It handles about $70 billion in financial transactions each year and has over 72,000 users across six Navy commands. Um, and they checked the number of users to double over the next five years. So essentially, you know, this program was in a situation where their on premises infrastructure was end of life. They were facing an expensive tech upgrade in 2019. They had infrastructure that was hard to steal and prone to system outages. Data Analytics for too slow to enable decision making, and users actually referred to it as a fragile system. And so, uh, the Navy made the decision last year to migrate the Europe E system to AWS Cloud along with S AP and S two to s AP National Security Services. So it's a great use case for a government organization modernizing in the cloud, and we're really happy to have them speaking at something this year. >>Now, was this a new move for the Navy to move to the cloud? Actually, has a lot of people are end life in their data center? Certainly seeing in public sector from education to modernize. So is this a new move for them? And what kind of information does this effect? I mean, ASAP is kind of like, Is it, like just financial data as an operational data? What is some of the What's the move about it Was that new? And what kind of data is impacted? >>Sure. Yeah, well, the Navy actually issued a Cloud First Policy in November of 2017. So they've been at it for a while, moving lots of different systems of different sizes and shapes to the cloud. But this migration really marked the first significant enterprise business system for the Navy to move to the actually the largest business system. My migrate to the cloud across D o D. Today to date. And so, essentially, what maybe Air P does is it modernizes and standardizes Navy business operation. So everything think about from time keeping to ordering missile and radar components for Navy weapon system. So it's really a comprehensive system. And, as I said, the migration to AWS govcloud marks the Navy's largest cloud migration to date. And so this essentially puts the movement and documentation of some $70 billion worth of parts of goods into one accessible space so the information can be shared, analyzed and protected more uniformly. And what's really exciting about this and you'll hear from the Navy at Summit is that they were actually able to complete this migration in just under 10 months, which was nearly half the time it was originally expected to take different sizing complexity. So it's a really, really great spring. >>That's huge numbers. I mean, they used to be years. Well, that was the minicomputer. I'm old enough to remember like, Oh, it's gonna be a two year process. Um, 10 months, pretty spectacular. I got to ask, What is some of the benefits that they're seeing in the cloud? Is that it? Has it changed the roles and responsibilities? What's what's some of the impact that they're seeing expecting to see quickly? >>Yeah, I'd say, you know, there's been a really big impact to the Navy across probably four different areas. One is in decision making. Also better customer experience improves security and then disaster recovery. So we just kind of dive into each of those a little bit. So, you know, moving the system to the cloud has really allowed the Navy make more timely and informed decisions, as well as to conduct advanced analytics that they weren't able to do as efficiently in the past. So as an example, pulling financial reports and using advanced analytics on their own from system used to take them around 20 hours. And now ah, maybe your API is able to all these ports in less than four hours, obviously allowing them to run the reports for frequently and more efficiently. And so this is obviously lead to an overall better customer experience enhance decision making, and they've also been able to deploy their first self service business intelligence capabilities. So to put the hat, you know, the capability, Ah, using these advanced analytics in the hands of the actual users, they've also experienced improve security. You know, we talk a lot about the security benefits of migrating to the cloud, but it's given them of the opportunity to increase their data protection because now there's only one based as a. We have data to protect instead of multiple across a whole host of your traditional computing hardware. And then finally, they've implemented a really true disaster recovery system by implementing a dual strategy by putting data in both our AWS about East and govcloud West. They were the first to the Navy to do those to provide them with true disaster become >>so full govcloud edge piece. So that brings up the question around. And I love all this tactical edge military kind of D o d. Thinking the agility makes total sense. Been following that for a couple of years now, is this business side of it that the business operations Or is there a tactical edge military component here both. Or is that next ahead for the Navy? >>Yeah. You know, I think there will ultimately both You know that the Navy's big challenge right now is audit readiness. So what they're focusing on next is migrating all of these financial systems into one General ledger for audit readiness, which has never been done before. I think you know, audit readiness press. The the D has really been problematic. So the next thing that they're focusing on in their journey is not only consolidating to one financial ledger, but also to bring on new users from working capital fund commands across the Navy into this one platform that is secure and stable, more fragile system that was previously in place. So we expect over time, once all of the systems migrate, that maybe your API is going to double in size, have more users, and the infrastructure is already going to be in place. Um, we are seeing use of all of the tactical edge abilities in other parts of the Navy. Really exciting programs for the Navy is making use of our snowball and snowball edge capabilities. And, uh, maybe your key that that this follows part of their migration. >>I saw snow cones out. There was no theme there. So the news Jassy tweeted. You know, it's interesting to see the progression, and you mentioned the audit readiness. The pattern of cloud is implementing the business model infrastructure as a service platform as a service and sass, and on the business side, you've got to get that foundational infrastructure audit, readiness, monitoring and then the platform, and then ultimately, the application so a really, you know, indicator that this is happening much faster. So congratulations. But I want to bring that back to now. The d o d. Generally, because this is the big surge infrastructure platform sas. Um, other sessions at the Public sector summit here on the D. O. D is the cybersecurity maturity model, which gets into this notion of base lining at foundation and build on top. What is this all about? The CME EMC. What does it mean? >>Yeah, well, I'll tell you, you know, I think the most people know that are U S defense industrial base of what we call the Dev has experienced and continues to experience an increasing number of cyber attacks. So every year, the loss of sensitive information and an election property across the United States, billions each year. And really, it's our national security. And there's many examples for weapons systems and sensitive information has been compromised. The F 35 Joint Strike Fighter C 17 the Empty Nine Reaper. All of these programs have unfortunately, experience some some loss of sensitive information. So to address this, the d o. D. Has put in place, but they all see em and see which is the Cybersecurity Maturity Models certification framework. It's a mouthful, which is really designed to ensure that they did the defense industrial base. And all of the contractors that are part of the Defense Supply Chain network are protecting federal contract information and controlled unclassified information, and that they have the appropriate levels of cyber security in place to protect against advanced, persistent, persistent threats. So in CMC, there are essentially five levels with various processes and practices in each level. And this is a morton not only to us as a company but also to all of our partners and customers. Because with new programs the defense, investor base and supply take, companies will be required to achieve a certain see MNC certification level based on the sensitivity of the programs data. So it's really important initiative for the for the Deal E. And it's really a great way for us to help >>Jennifer. Thanks so much for taking the time to come on the phone. I really appreciate it. I know there's so much going on the D o d Space force Final question real quick for a minute. Take a minute to just share what trends within the d o. D you're watching around this modernization. >>Yeah, well, it has been a really exciting time to be serving our customers in the D. And I would say there's a couple of things that we're really excited about. One is the move to tactical edge that you've talked about using out at the tactical edge. We're really excited about capabilities like the AWS Snowball Edge, which helped Navy Ear Key hybrid. So the cloud more quickly but also, as you mentioned, our AWS cone, which isn't even smaller military grades for edge computing and data transfer device that was just under £5 kids fitness entered mailbox or even a small backpacks. It's a really cool capability for our diode, the warfighters. Another thing. That's what we're really watching. Mostly it's DRDs adoption of artificial intelligence and machine learning. So you know, Dear D has really shown that it's pursuing deeper integration of AI and ML into mission critical and business systems for organizations like the Joint Artificial Intelligence. Enter the J and the Army AI task force to help accelerate the use of cloud based AI really improved war fighting abilities And then finally, what I'd say we're really excited about is the fact that D o. D is starting Teoh Bill. New mission critical systems in the cloud born in the cloud, so to speak. Systems and capabilities like a BMS in the airports. Just the Air Force Advanced data management system is being constructed and created as a born in the cloud systems. So we're really, really excited about those things and think that continued adoption at scale of cloud computing The idea is going to ensure that our military and our nation maintain our technological advantages, really deliver on mission critical systems. >>Jennifer, Thanks so much for sharing that insight. General General manager at Amazon Web services handling the Department of Defense Super important transformation efforts going on across the government modernization. Certainly the d o d. Leading the effort. Thank you for your time. This is the Cube's coverage here. I'm John Furrier, your host for AWS Public sector Summit online. It's a cube. Virtual. We're doing the remote interviews and getting all the content and share that with you. Thank you for watching. Yeah, Yeah, yeah, yeah, yeah

>> Narrator: From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a cube conversation. >> Everyone welcome to this cube conversation here in the Palo Alto cube studios. I'm John Furrier your host of theCUBE, with a great guest here, Shanthi Vigneshwaran, who is with the Office of Strategic programs in the Center for Drug Evaluation and Research within the US Food and Drug Administration, FDA, is the Informatica Intelligent Disrupter of the Year award. Congratulations, Shanthi welcome to this cube conversation. Thanks for joining me. >> Thank you for having me. >> Congratulations on being the Informatica Intelligent Disrupter of the year award. Tell us more about the organization. I see FDA everyone's probably concerned these days making sure things going faster and faster, more complex, more things are happening. Tell us about your organization and what you work on. >> FDA is huge, our organization is Center for Drug Evaluation research. And its core mission is to promote public health by ensuring the availability of safety and effective drugs. For example any drugs you go and buy it in the pharmacy today, Our administration helps in trying to approve them and make sure it's so in term of quality and integrity of the marketed products in the industry. My office is specifically Office of strategic programs whose mission is to transform the drug regulatory operations with the customer focus through analytics and informatics. They work towards the advancement for the CDERs public health mission. >> What are some of the objectives that you guys have? What are some things you guys have as your core top objectives of the CDER, the drug research group? >> The core objectives is we wanted to make sure that we are promoting a safe use of the marketed drugs. We want to make sure there's the availability of the drugs that are going to the patients are effective. And also the quality of the drugs that are being marketed are able to protect public health. >> What are some of the challenges that you guys have to take in managing the pharmaceutical safety, because I can only imagine certainly now that supply chains, tracing, monitoring, drug efficacy, safety, all these things are happening. What are some of the challenges in doing all this? >> In our office there are challenges in three different areas. One is the drug regulation challenges because as drugs are being more advanced and as there are more increasingly complex products, and there are challenging in the development area of the drugs, we wanted to make sure here we have a regulation that supports any advancement in science and technology. The other thing is also Congress is actually given new authorities and roles for the FDA to act. For example the Drug Quality and Security Act, which means any drug that's they want to track and trace all the drugs that goes to the public is they know who are the distributors, who are the manufacturers. Then you have the 21st Century Cures Act, and also the CARES Act package which was recently assigned, which also has a lot of the OTC drug regulatory modernization. Then there's also the area of globalization because just as disease don't have any borders, Product safety and quality are no longer on one country. It's basically a lot of the drugs that are being manufactured are overseas and as a result we wanted to make sure there are 300 US ports. And we want to make sure the FDA regulated shipments are coming through correctly to proper venues and everything is done correctly. Those are some the challenges we have to deal with. >> So much going on a lot of moving purchase as people say, there's always drug shortages, always demand, knowing that and tracking it. I can only imagine the world you're living in because you got to be innovative, got to be fast, got to be cutting edge, got to get the quality right. Data is super critical. And can you share take a minute to explain some of the data challenges you have to address and how you did that. Because I mean I could almost just my mind's blown just thinking about how you live it every day. Can you just share some of those challenges that you had to address and how did you do? >> Some of the key challenges we actually see is we have roughly 170,000 regulatory submissions per year. There are roughly 88,000 firm registration and product listing that comes to us, and then there are more than 2 million adverse event reports. So with all these data submissions and organization as such as us we need it, we have multiple systems where this data is acquired and each has its own criteria for validating the data. Adding to it are internal and external stakeholders also want certain rules and the way the data is being identified. So we wanted to make sure there is a robust MDM framework to make sure to cleanse and enrich and standardize the data. So that it basically make sure the trust and the availability and the consistent of the data, is being supplied to published to the CDER regulatory data users. >> You guys are dealing with- >> Otherwise like it's almost to give them a 360 degree view of the drug development lifecycle. Through each of the different phases, both pre market which is before the drug hits the market, and then after it hits the market. We still want to make sure the data we receive still supports a regulatory review and decision making process. >> Yeah, and you got to deliver a consumer product to get people at the right time. All these things have to happen, and you can see it clearly the impacts everyday life. I got to ask you that the database question 'cause the database geek inside of me is just going okay. I can only imagine the silos and the different systems and the codes, because data silos is big document. We've been reporting on this on theCUBE for a long time around, making data available automation. All these things have to happen if there's data availability. Can you just take one more minute talk about some of the challenges there because you got to break down the silos at the same time you really can't replace them. >> That's true. What we did was we did leave it more of us I mean, step back like seven years ago, when we did the data management. We had like a lot of silo systems as well. And we wanted to look at we wanted to establish a, we knew we wanted to establish a master data management. So we took a little bit more of a strategic vision. And so what we ended up saying is identifying what are the key areas of the domain that will give us some kind of a relationship. What are the key areas that will give us the 360 degree lifecycle? So that's what we did. We identified the domains. And then we took a step back and said and then we looked at what is the first domain we wanted to tackle. Because we know what are these domains are going to be. And then we were like, okay, let's take a step back and say which is the domain we do it first that will give us the most return on investment, which will make people actually look at it and say, hey, this makes sense. This data is good. So that's what we ended up looking at. We looked at it as at both ends. One is from a end user perspective. Which is the one they get the benefit out of and also from a data silo perspective which is the one data domains that are common, where there's duplication that we can consolidate. >> So that's good. You did the work up front. That's critical knowing what you want to do and get out of it. What were some of the benefits you guys got out of it. From an IT standpoint, how does that translate to the business benefits? And what was achieved? >> I think the benefits we got from the IT standpoint was a lot of the deduplication was not theirs. Which basically means like a lot of the legacy systems and all of the manual data quality work we had to do we automated it. We had bots, we also had other automation process that we actually put into work with Informatica, that actually helped us to make sure it's the cost of it actually went for us considerably. For example it used to take us three days to process submissions. Now it takes us less than 24 hours to do it, for the users to see the data. So it was a little bit more, we saw the, we wanted to look at what are the low hanging fruits where it's labor intensive and how can we improve it. That's how we acted there. >> What are some of the things that you're experiencing? I mean, like, we look back at what it was before, where it is now? Is it more agility, you more responsive to the changes? Was it an aspirin? Was it a complete transformation? Was some pain reduced? Can you share just some color commentary on kind of before the way it was before and then what you're experiencing now? >> So for us, I think before, we didn't know where the for us, I mean, I wouldn't say we didn't know it, when we have the data, we looked at product and it was just product. We looked at manufactured they were all in separate silos. But when we did the MDM domain, we were able to look at the relationship. And it was very interesting to see the relationship because we now are able to say is. for example, if there is a drug shortage during due to hurricane, with the data we have, we can narrow down and say, Hey, this area is going to be affected which means these are the manufacturing facilities in that area , that are going to be not be able to function or impacted by it. We can get to the place where the hurricane tracks we use the National Weather Service data, but it helps us to narrow down some of the challenges and we can able to predict where the next risk is going to be. >> And then before the old model, there was either a blind spot or you were ad hoc, probably right? Probably didn't have that with you. >> Yeah, before you were either blind or you're doing in a more of a reactionary not proactively. Now we are able to do a little bit more proactively. And even with I mean drug shortages and drug supply chain are the biggest benefit we saw with this model. Because, for us the drug supply chain means linking the pre and post market phases that lets us know if there's a trigger and the adverse events, we actually can go back to the pre market side and see where the traceability is who's at that truck. What are all the different things that was going on. >> This is one of the common threats I see in innovation where people look at the business model and data and look at it as a competitive advantage, in this case proactivity on using data to make decisions before things happen, less reactivity. So that increases time. I mean, that would probably you're saying, and you get there faster, if you can see it, understand it, and impact the workflows involved. This is a major part of the data innovation that's going on and you starting to see new kinds of data whereas has come out. So again, starting to see a real new changeover to scaling up this kind of concept almost foundationally. What's your thoughts just as someone who's a practitioner in the industry as you start to get this kind of feelings and seeing the benefits? What's next, what do you see happening because you haven't success. How do you scale it? What how do you guys look at that? >> I think our next is we have the domains and we actually have the practices that we work. We look at it as it's basically data always just changes. So we look at is like what are some of the ways that we can improve the data? How can we take it to the next level. Because now they talk about power. They are also warehouse data lakes. So we want to see is how can we take these domains and get that relationship or get that linkages when there is a bigger set of data that's available for us. What can we use that and it actually we think there are other use cases we wanted to explore and see what is the benefit that we can get a little bit more on the predictability to do like post market surveillance or like to look at like safety signals and other things to see what are the quick things that we can use for the business operations. >> It's really a lot more fun. You're in there using the data. You're seeing the benefits and real. This is what clouds all about the data clouds here. It's scaling. Super fun to talk about and excited. When you see the impacts in real time, not waiting for later. So congratulations. You guys have been selected and you receive recognition from Informatica as the 2020, Intelligent Disrupter of the year. congratulations. What does that mean for your organization? >> I think we were super excited about it. But one thing I can say is when we embarked on this work, like seven years ago, or so, problem was like we were trying to identify and develop new scientific methods to improve the quality of our drugs to get that 360 degree view of the drug development lifecycle. The program today enables FDA CDER to capture all the granular details of data we need for the regulatory data. It helps us to support the informed decisions that we have to make in real time sometimes or and also to make sure when there's an emergency, we are able to respond with a quick look at the data to say like, hey this is what we need to do. It also helps the teams. It recognizes all the hard work. And the hours we put into establishing the program and it helped to build the awareness within FDA and also with the industry of our political master data management is. >> It's a great reward to see the fruits of the labor and good decision making I'm sure it was a lot of hard work. For folks out there watching, who are also kind of grinding away in some cases, some cases moving faster. You guys are epitome of a supply chain that's super critical. And speed is critical. Quality is critical. A lot of days critical. A lot of businesses are starting to feel this as part of an integrated data strategy. And I'm a big proponent. I think you guys have have a great example of this. What advice would you have for other practitioners because you got data scientists, but yet data engineers now who are trying to architect and create scale, and programmability, and automation, and you got the scientists in the the front lines coming together and they all feed into applications. So it's kind of a new things go on. Your advice to folks out there, on how to do this, how to do it right, the learnings, share. >> I think the key thing I, at least for my learning experience was, it's not within one year you're going to accomplish it, It's kind of we have to be very patient. And it's a long road. If you make mistakes, you will have to go back and reassess. Even with us, with all the work we did, we almost went back a couple of the domains because we thought like, hey, there are additional use cases how this can be helpful. There are additional, for example, we went with the supply chain, but then now we go back and look at it and say like, hy, there may be other things that we can use with the supply chain not just with this data, can we expand it? How can we look at the study data or other information so that's what we try to do. It's not like you're done with MDM and that is it. Your domain is complete. It's almost like you look at it and it creates a web and you need to look at each domain and you want to come back to it and see how it is you have to go. But the starting point is you need to establish what are your key domains. That will actually drive your vision for the next four or five years. You can't just do bottom up, it's more of like a top down approach. >> That's great. That's great the insight. And again, it's never done. I mean, it's data is coming. It's not going away. It's going to be integrated. It's going to be shared. You got to scale it up. A lot of hard work. >> Yeah. >> Shanthi thank you so much for the insight. Congratulations on your receiving the Disrupter of the Year Award winner for Informatica. congratulations. Intelligence >> Yeah, thank you very much for having me. Thank you. >> Thank you for sharing, Shanthi Vigneshswaran is here, Office of Strategic programs at the Center for Drug Evaluation and Research with the US FDA. Thanks for joining us, I'm John Furrier for theCUBE. Thanks for watching. (soft music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation hello and welcome to the cube conversation here in the Palo Alto studio I'm John four host of the cube we are here at the quarantine crew of the cube having the conversations that matter the most now and sharing that with you got a great guest here Phil Quaid was the chief information security officer of Fortinet also the author of book digital bing-bang which I just found out he wrote talking about the difference cybersecurity and the physical worlds coming together and we're living that now with kovat 19 crisis were all sheltering in place Phil thank you for joining me on this cube conversation so I want to get in this quickly that I think the main top thing is that we're all sheltering in place anxiety is high but people are now becoming mainstream aware of what we all in the industry have been known for a long time role of data cybersecurity access to remote tools and we're seeing the work at home the remote situation really putting a lot of pressure on as I've been reporting what I call at scale problems and one of them is security right one of them is bandwidth we're starting to see you know the throttling of the packets people are now living with the reality like wow this is really a different environment but it's been kind of a disruption and has created crimes of opportunity for bad guys so this has been a real thing everyone's aware of it across the world this is something that's now aware on everyone's mind what's your take on this because you guys are fighting the battle and providing solutions and we're doing for a long time around security this highlights a lot of the things in the surface area called the world with what's your take on this carbon 19 orton s been advocating for architectures and strategies that allow you to defend anywhere from the edge through the core all the way up to the cloud boom so with you know high speed and integration and so all the sudden what we're seeing not just you know in the US but the world as well is that that edge is being extended in places that we just hadn't thought about or our CV that people just hadn't planned for before so many people or telecommunication able to move that edge securely out to people's homes and more remote locations and do so providing the right type of security of privacy if those communications that are coming out of those delicate ears I noticed you have a flag in the background and for the folks that might not know you spent a lot of time at the NSA government agency doing a lot of cutting-edge work I mean going back to you know really you know post 9/11 - now you're in the private sector with Fortinet so you don't really speak with the agency but you did live through a time of major transformation around Homeland Security looking at data again different physical thing you know terrorist attacks but it did bring rise to large-scale data to bring to those things so I wanted to kind of point out I saw the flag there nice nice touch there but now that you're in the private sector it's another transformation it's not a transition we're seeing a transformation and people want to do it fast and they don't want to have disruption this is a big problem what's your reaction to that yeah I think what you're reporting out that sometimes sometimes there's catalysts that cause major changes in the way you do things I think we're in one of those right now that we're already in the midst of an evolutionary trend towards more distributed workforces and as I mentioned earlier doing so with the right type of security privacy but I would think what I think the global camp in debt endemic is showing is that we're all going to be accelerating that that thing is like it's gonna be a lot less evolutionary and a little bit more faster that's what happens when you have major world events like this being 911 fortunate tragedies it causes people to think outside the box or accelerate what they're already doing I think wearing that in that world today yeah it pulls forward a lot of things that are usually on the planning side and it makes them reality I want to get your thoughts because not only are CEOs and their employees all thinking about the new work environment but the chief information security officer is people in your role have to be more aware as more things happening what's on the minds of CISOs around the world these days obviously the pandemics there what are you seeing what are some of the conversations what are some of the thought processes what specifically is going on in the of the chief information security officer yeah I think there's probably a there's probably two different two different things there's the there's the emotional side and there's the analytic side on the emotional side you might say that some Caesars are saying finally I get to show how cyber security can be in an abler of business right I can allow you to to to maintain business continuity by allowing your workers to work from home and trying sustain business and allow you to keep paying their salary is very very important to society there's a very important time to step up as the seaso and do what's helpful to sustain mission in on the practical side you say oh my goodness my job's gotten a whole lot harder because I can rely less and less on someone's physical controls that use some of the physical benefits you get from people coming inside the headquarters facility through locked doors and there's personal congress's and personal identification authentication you need to move those those same security strategies and policies and you need to move it out to this broad eggs it's gotten a lot bigger and a lot more distributed so I want to ask you around some of the things they're on cyber screws that have been elevated to the top of the list obviously with the disruption of working at home it's not like an earthquake or a tornado or hurricane or flood you know this backup and recovery for that you know kind of disaster recovery this has been an unmitigated disaster in the sense of it's been unfor casted I was talking to an IT guy he was saying well we provisioned rvv lands to be your VPNs to be 30% and now they need a hundred percent so that disruption is causing I was an under forecast so in cyber as you guys are always planning in and protecting has there been some things that have emerged that are now top of mind that are 100 percent mindshare base or new solutions or new challenges why keep quite done what we're referring to earlier is that yep any good see so or company executive is going to prepare for unexpected things to a certain degree you need it whether it be spare capacity or the ability to recover from something an act of God as you mentioned maybe a flood or tornado or hurricane stuff like that what's different now is that we have a disruption who which doesn't have an end date meaning there's a new temporal component that's been introduced that most companies just can't plan for right even the best of companies that let's say Ronald very large data centers they have backup plans where they have spare fuel to run backup generators to provide electricity to their data centers but the amount of fuel they have might only be limited to 30 days or so it's stored on-site we might think well that's pretty that's a lot of for thinking by storing that much fuel on site for to allow you to sort of work your way through a hurricane or other natural disaster what we have now is a is a worldwide crisis that doesn't have a 30-day window on it right we don't know if it's gonna be 30 days or 120 days or or you know even worse than that so what's different now is that it's not just a matter of surging in doing something with band-aids and twine or an extra 30 days what we need to do is as a community is to prepare solutions that can be enduring solutions you know I have some things that if the absent I might like to provide a little color what those types of solutions are but that that would be my main message that this isn't just a surge for 30 days this is a surge or being agile with no end in sight take a minute explain some of those solutions what are you seeing whatever specific examples and solutions that you can go deeper on there yeah so I talked earlier about the the edge meaning the place where users interact with machines and company data that edge is no longer at the desktop down the hallway it could be 10 miles 450 miles away to where anyone where I'm telling you I'm commuting crumb that means we need to push the data confidentiality things out between the headquarters and the edge you do that with things like a secure secured tunnel it's called VPNs you also need to make sure that the user identification authentication this much is a very very secure very authentic and with high integrity so you do that with multi-factor authentication there's other things that we like that that are very very practical that you do to support this new architecture and the good news is that they're available today in the good news at least with some companies there already had one foot in that world but as I mentioned earlier not all companies had yet embraced the idea of where you're going to have a large percentage of your workforce - until a community so they're not quite so they're there they're reacting quickly to to make sure this edge is better protected by identification and authentication and begins I want to get to some of those edge issues that now translate to kind of physical digital virtualization of of life but first I want to ask you around operational technology and IT OT IT these are kind of examples where you're seeing at scale problem with the pandemic being highlighted so cloud providers etc are all kind of impacted and bring solutions to the table you guys at Foot are doing large scale security is there anything around the automation side of it then you've seen emerge because all the people that are taking care of being a supplier in this new normal or this crisis certainly not normal has leveraged automation and data so this has been a fundamental value proposition that highlights what we call the DevOps movement in the cloud world but automation has become hugely available and a benefit to this can you share your insights into how automation is changing with cyber I think you up a nice question for me is it allowed me to talk about not only automation but convergence so it's let's hit automation first right we all even even pre-crisis we need to be better at leveraging automation to do things that machines do best allow people to do higher-order things whether it's unique analysis or something else with a with a more distributed workforce and perhaps fewer resources automation is more important ever to automatically detect bad things that are about to happen automatically mitigating them before they get or they get to bad you know in the cybersecurity world you use things like agile segmentation and you use like techniques called soar it's a type of security orchestration and you want to eat leverage those things very very highly in order to leverage automation to have machines circum amount of human services but you also brought up on my favorite topics which is ot graceful technology though OTS you know are the things that are used to control for the past almost a hundred years now things in the physical world like electric generators and pipes and valves and things like that often used in our critical infrastructures in my company fort net we provide solutions that secure both the IT world the traditional cyber domain but also the OT systems of the world today where safety and reliability are about most important so what we're seeing with the co19 crisis is that supply chains transportation research things like that a lot of things that depend on OT solutions for safety and reliability are much more forefront of mine so from a cybersecurity strategy perspective what you want to do of course is make sure your solutions in the IT space are well integrated with you solutions in the OT space to the so an adversary or a mistake in cause a working to the crack in causing destruction that convergence is interesting you know we were talking before you came on camera around the fact that all these events are being canceled but that really highlights the fact that the physical spaces are no longer available the so-called ot operational technologies of events is the plumbing the face-to-face conversations but everyone's trying to move to digital or virtual eyes that it's not as easy as just saying we did it here we do it there there is a convergence and some sort of translation this new there's a new roles there's new responsibilities new kinds of behaviors and decision making that goes on in the physical and digital worlds that have to then come together and get reimagined and so what's your take on all this because this is not so much about events but although that's kind of prime time problem zooming it is not the answer that's a streaming video how do you replicate the value of physical into the business value in digital it's not a one-to-one so it's quite possible that that we might look back on this event to cover 19 experience we might look back at it in five or ten years and say that was simply a foreshadowing of our of the importance of making sure that our physical environment is appropriate in private what I mean is that with the with the rapid introduction of Internet of Things technologies into the physical world we're going to have a whole lot of dependencies on the thing inconveniences tendencies inconveniences on things an instrument our physical space our door locks or automobiles paths our temperatures color height lots of things to instrument the physical space and so there's gonna be a whole lot of data that's generated in that cyber in a physical domain increasingly in the future and we're going to become dependent upon it well what happens if for whatever reason in the in the future that's massively disruptive so all of a sudden we have a massive disruption in the physical space just like we're experiencing now with open 19 so again that's why it makes sense now to start your planning now with making sure that your safety and reliability controls in the physical domain are up to the same level security and privacy as the things in your IT delete and it highlights what's the where the value is to and it's a transformation I was just reading an article around spatial economics around distance not being together it's interesting on those points you wrote a book about this I want to get your thoughts because in this cyber internet or digital or virtualization of physical to digital whether it's events or actual equipment is causing people to rethink architectures you mentioned a few of them what's the state of the art thinking around someone who has the plan for this again is in its complex it's not just creating a gateway or a physical abstraction layer of software between two worlds there's almost a blending or convergence here what's your what's your thoughts on what's the state of the art thinking on this area yeah the book that I number of a very esteemed colleagues contribute to what we said is that it's time to start treating cybersecurity like a science let's not pretend it's a dark art that we have to relearn every couple years and what what we said in the in the digital Big Bang is that humankind started flourishing once we admitted our ignorance in ultimately our ignorance in the physical world and discovered or invented you can right word the disciplines of physics and chemistry and once we recognize that our physical world was driven by those scientific disciplines we started flourishing right the scientific age led to lots of things whether it would be transportation health care or lots of other things to improve our quality of life well if you fast forward 14 billion years after that cosmic Big Bang which was driven by physics 50 years ago or so we had a digital Big Bang where there was a massive explosion of bits with the invention of the internet and what we argue in the book is that let's start treating cybersecurity like a science or the scientific principle is that we ought to write down and follow a Rousseau's with you so we can thrive in the in the in a digital Big Bang in the digital age and one more point if you don't mind what we what we noted is that the internet was invented to do two things one connect more people or machines than ever imagined in to do so in speeds that were never imagined so the in the Internet is is optimized around speed in connectivity so if that's the case it may be a fundamental premise of cybersecurity science is make sure that your cyber security solutions are optimized around those same two things that the cyber domains are optimized around speed in integration continue from there you can you can build on more and more complex scientific principles if you focus on those fundamental things and speed and integration yeah that's awesome great insight they're awesome I wanted to throw in while you had the internet history lesson down there also was interesting was a very decentralization concept how does that factor in your opinion to some of the security paradigms is that helped or hurt or is it create opportunities for more secure or does it give the act as an advantage yeah I love your questions is your it's a very informed question and you're in a give me good segue to answer the way you know it should be answer yeah the by definition the distributed nature of the Internet means it's an inherently survivable system which is a wonderful thing to have for a critical infrastructure like that if one piece goes down the hole doesn't go down it's kind of like the power grid the u.s. the u.s. electrical power grid there's too many people who say the grid will go down well that's that's just not a practical thing it's not a reality thing the grades broken up into three major grades and there's AB ulis strategies and implementations of diversification to allow the grid to fail safely so it's not catastrophic Internet's the same thing so like my nipple like I was saying before we ought to de cyber security around a similar principle that a catastrophic failure in one partner to start cybersecurity architecture should result in cascading across your whole architecture so again we need to borrow some lessons from history and I think he bring up a good one that the internet was built on survivability so our cybersecurity strategies need to be the same one of the ways you do that so that's all great theory but one of the ways you do that of course is by making your cybersecurity solutions so that they're very well integrated they connect with each other so that you know speaking in cartoon language you know if one unit can say I'm about to fail help me out and another part of your architecture can pick up a slack and give you some more robust security in that that's what a connected the integrated cyber security architecture do for you yeah it's really fascinating insight and I think resiliency and scale are two things I think are going to be a big wave is going to be added into the transformations that going on now it's it's very interesting you know Phil great conversation I could do a whole hour with you and do a fish lead a virtual panel virtualize that our own event here keynote speech thanks so much for your insight one of things I want to get your thoughts on is something that I've been really thinking a lot lately and gathering perspectives and that is on biosecurity and I say biosecurity I'm referring to covet 19 as a virus because biology involves starting a lab or some people debate all that whether it's true or not but but that's what people work on in the biology world but it spreads virally like malware and has a similar metaphor to cybersecurity so we're seeing conversation starting to happen in Washington DC in Silicon Valley and some of my circles around if biology weapon or it's a tool like open-source software could be a tool for spreading cybersecurity Trojans or other things and techniques like malware spear phishing phishing all these things are techniques that could be deployed metaphorically to viral distribution a biohazard or bio warfare if you will will it look the same and how do you defend against the next covet 19 this is what you know average Americans are seeing the impact of the economy with the shelter in place is that what happens again and how do we prevent it and so a lot of people are thinking about this what is your thoughts because it kind of feels the same way as cybersecurity you got to see it early you got to know what's going on you got to identify it you got to respond to it time to close your contain similar concepts what's your thoughts on with BIOS we don't look with all due respect to the the the bio community let me make a quick analogy to the cyber security strategy right cyber security strategy starts with we start as an attacker so I parts of my previous career I'm an authorized had the opportunity to help develop tools that are very very precisely targeted against foreign adversaries and that's a harder job than you think I mean I think the same is true of anyone of a natural-born or a custom a buyer buyer is that not just any virus has the capability to do a lot of harm to a lot of people selling it so it's it's if that doesn't mean though you can sit back and say since it's hard it'll never happen you need to take proactive measures to look for evidence of a compromise of something whether it's a cyber cyber virus or otherwise you have to actively look for that you have to harm yourself to make sure you're not susceptible to it and once you detect one you need to make sure you have a the ability to do segmentation or quarantine very rapidly very very effectively right so in the cyber security community of course the fundamental strategy is about segmentation you keep different types of things separate that don't need to interact and then if you do have a compromise not everything is compromised and then lastly if you want to gradually say bring things back up to recover you can do some with small chunks I think it's a great analogy segmentation is a good analogy to I think what the nation is trying to do right now by warranty kneeing and gradually reopening up things in in segments in actually mention earlier that some of the other techniques are very very similar you want to have good visibility of where you're at risk and then you can automatically detect and then implement some some mitigations based on that good visibility so I agree with you that it turns out that the cyber security strategies might have a whole lot in common with biohazard I address it's interesting site reliability engineers which is a term that Google coined when they built out their large-scale cloud has become a practice that kind of mindset combined with some of the things that you're saying the cyber security mindset seemed to fit this at scale problem space and I might be an alarmist but I personally believe that we've been having a digital war for many many years now and I think that you know troops aren't landing but it's certainly digital troops and I think that we as a country and a global state and global society have to start thinking about you know these kinds of things where a virus could impact the United States shut down the economy devastating impact so I think Wars can be digital and so I may be an alarmist and a conspirators but I think that you know thinking about it and talking about it might be a good thing so appreciate your insights there Phil appreciated what one other point that might be interesting a few years back I was doing some research with the National Lab and we're looking for novel of cybersecurity analytics and we hired some folks who worked in the biology the bio the biomedical community who were studying a biome fires at the time and it was in recognition that there's a lot of commonality between those who are doing cybersecurity analytics and those reviewing bio biology or biomedical type analytics in you know there was a lot of good cross fertilization between our teams and it kind of helps you bring up one more there's one more point which is what we need to do in cybersecurity in general is have more diversity of workforces right now I don't mean just the traditional but important diversities of sex or color but diversity of experiences right some of the best people I've worked with in the cyber analytics field weren't computer science trained people and that's because they came in problems differently with a different background so one of the things that's really important to our field at large and of course the company my company fort net is to massively increase the amount of cyber security training that's available to people not just the computer scientists the world and the engineers but people in other areas as well the other degree to non-greek people and with that a you know higher level of cyber security training available to a more diverse community not only can we solve the problem of numbers we don't have enough cybersecurity people but we can actually increase our ability to defend against these things I have more greater diversity of thought experience you know that's such a great point I think I just put an exclamation point on that I get that question all the time and the skills gap is should I study computer science and like actually if you can solve problems that's a good thing but really diversity about diversity is a wonderful thing in the age of unlimited compute power because traditionally diversity whether it was protocol diversity or technical diversity or you know human you know makeup that's tend to slow things down but you get higher quality so that's a generalization but you get the point diversity does bring quality and if you're doing a data science you don't want have a blind spot I'm not have enough data so yeah I think a good diverse data set is a wonderful thing you're going to a whole nother level saying bringing diversely skill sets to the table because the problems are diverse is that what you're getting at it is it's one of our I'll say our platforms that we're talking about during the during the covered nineteen crisis which is perhaps there's perhaps we could all make ourselves a little bit better by taking some time out since we're not competing taking some time out and doing a little bit more online training where you can where you can either improve your current set of cybersecurity skills of knowledge or be introduced to them for the first time and so there's one or some wonderful Fortinet training available that can allow both the brand-new folks the field or or the the intermediate level folks with you become higher level experts it's an opportunity for all of us to get better rather than spending that extra hour on the road every day why don't we take at least you know 30 of those 60 minutes or former commute time and usually do some online soccer security treaty feel final question for you great insight great conversation as the world and your friends my friends people we don't know other members of society as they start to realize that the virtualization of life is happening just in your section it's convergence what general advice would you have for someone just from a mental model or mindset standpoint to alleviate any anxiety or change it certainly will be happening so how they can better themselves in their life was it is it thinking more about the the the experiences is it more learning how would you give advice to folks out there who are gonna come out of this post pandemic certainly it's gonna be a different world we're gonna be heightened to digital and virtual but as things become virtualized how can someone take this and make a positive outcome out of all this I I think that the future the future remains bright earlier we talked about sci-fi the integration of the cyber world in the physical world that's gonna provide great opportunities to make us more efficient gives us more free time detect bad things from happening earlier and hopefully mitigating those bad things from happening earlier so a lot of things that some people might use as scare tactics right convergence and Skynet in in robotics and things like that I believe these are things that will make our lives better not worse our responsibilities though is talking about those things making sure people understand that they're coming why they're important and make sure we're putting the right security and privacy to those things as these worlds this physical world and the soccer worlds converged I think the future is bright but we still have some work to do in terms of um making sure we're doing things at very high speeds there's no delay in the cybersecurity we put on top of these applications and make sure we have very very well integrated solutions that don't cause things to become more complex make make things easier to do certainly the winds of change in the big waves with the transformations happening I guess just summarize by saying just make it a head win I mean tailwind not a headwind make it work for you at the time not against it Phil thank you so much for your insights I really appreciate this cube conversation remote interview I'm John Ford with the cube talking about cybersecurity and the fundamentals of understanding what's going on in this new virtual world that we're living in to being virtualized as we get back to work and as things start to to evolve further back to normal the at scale problems and opportunities are there and of course the key was bringing it to you here remotely from our studio I'm John Ferrier thanks for watching [Music]