>> Voiceover: From around the globe, it's theCUBE, covering Space and Cybersecurity Symposium 2020 hosted by Cal Poly. >> Hello everyone? Welcome to the Space and Cybersecurity Symposium 2020 hosted by Cal Poly and theCUBE. I'm John Furrier, your host. We have a great session here. Space cybersecurity, the Department of Defense perspective. We have Bong Gumahad, Director of C4ISR, Directorate Office of the Under Secretary of Defense for Acquisition and Sustainment for the DOD. And Chris Henson, Technical Director Space and Weapons, Cybersecurity Solutions for the National Security Agency. Gentlemen, thank you for taking the time for this awesome session. >> Thank you, John. >> Thank you. >> So we're going to talk about the perspective of the DOD relative to space cybersecurity. A lot going on, congestion, contention, freedom, evolution, innovation. So Bong, I'd like to have you start with your opening statement on how you see the space cybersecurity perspective. >> John, thanks for the intro, really appreciate it. First, let me give my thanks to Cal Poly for convening the Space and Cybersecurity Symposium this year. And despite the pandemic, the organization and the content delivery is pretty impressive. I really foot stomping what can possibly be done with a number of these virtual platforms. This has been awesome, thanks for the opportunity. I also want to recognize my colleague, Chris Henson from NSA, who is actually assigned to our staff at the OUSD, but he brings both policy and technical perspective in this whole area. So I think you'll find his commentary and positions on things very refreshing for today's seminar. Now space cybersecurity is a pretty interesting terminology for us all. Cybersecurity means protecting against cyber threats. And it's really more than just computers here on earth. Space is the newest war fighting domain and cybersecurity is perhaps even more of a challenge in this domain than others. I'm sure Lieutenant General Thompson and Major John Shaw discuss the criticality of this new Space Force. It's the newest military service in the earlier sessions and they're at the risk of repeating what they already addressed. Let me start by talking about what space means to DOD and what we're doing directly from my advantage point as part of the Acquisition and Sustainment arm of the Pentagon. Well, what I want to share with you today is how the current space strategy ties into the National Defense strategy and supports the department's operational objectives. As the director of C4ISR, I have come to understand how the integration of C4ISR capability is a powerful asset to enhance the lethality of the joint war fighter. Secretary Lord, our boss, the Under Secretary for Acquisition and Sustainment is diligent in her pursuit to adapt and modernize acquisition processes, to influence the strategy and to focus our efforts to make our objectives a reality. I think first and foremost, we are building a more lethal force. This joint force will project lethality in contested environments and across all domains through an operationally integrated and resiliency 4ISR infrastructure. We are also cultivating our alliances, deepening interoperability, which is very important in a future fight and collaboratively planning with those who partner with us in the fight. Most significantly for our work in acquisition and sustainment, we continue to optimize the department for greater performance and affordability through reform of the acquisition process. Now space is our newest fighting domain. And while it is indeed unique, it shares many common traits with the others, land, air and sea. All are important to the defense of the US. In conflict, no doubt about this, they will be contested and they must be defended. One domain will not win future conflicts and in a joint operation in a future fight and the future conflict they must all succeed. I see three areas being key toward DOD strategic success in space. One, developing our whole of government approach in close partnership with the private sector and our allies. Two, prioritizing our investments in resiliency, innovation and adaptive operations. And third, responding rapidly and effectively to leverage emerging technologies and seize opportunities to advance US strengths, partnerships and alliances. Let me emphasize that space is increasingly congested and tested and demanded as essential to lethality operational effectiveness and the security of our nation. Now the commercialization space offers a broad set of investments in satellite technology, potential opportunities to leverage those investments and pathways to develop cost efficient space architecture, for the department and the nation. It's funny, there's a new race, a race for space, if you will, between commercial companies buying for dominance of space. Now the joint staff within DOD is currently building an operational construct to employ and engage as a unified force coordinated across all domains. We call it the Joint All Domain Command and Control, JADC2. It is the framework that is under development to allow us to conduct integrated operations in the future. The objective of JADC2 is to provide the war fighter access to the decision making information while providing mission assurance of the information and resilience of the underlying terrestrial air in space networks that support them. Operationally, JADC2 seeks to maintain seamless integration, adaptation, and employment of our capability to sense signal, connect, transmit, process control, direct, and deliver lethal capabilities against the enemy. We gain a strategic advantage through the integration of these capabilities across all the domains, by providing balance space awareness, horse protection, and weapons controlled and deployment capabilities. Now successfully any ratings in these systems and capabilities will provide our war fighters overwhelming superiority on the battlefield in an environment challenged by near peer adversaries, as well as non state actors. In space, the character of its employment is changing, driven by increasing demands, not just by DOD, but by the commercial sector as well. You know, more and more we see greater use of small satellite systems to address a myriad of emerging questions, ubiquitous communications, awareness, sensory diversity, and many more. As I said before, the commercial world is pioneering high rate production of small satellites in their efforts to deploy hundreds, if not thousands of nodes. SpaceX Starlink Constellation is one example. Another one is Amazon's Kuiper. Kuiper just received FCC approval to deploy like over 3000 of these different nodes. While a number of these companies continue to grow, some have struggled. Case in point is OneWeb. Nevertheless, the appetite remains strong and DOD is taken advantage of these advances to support our missions. We are currently exploring how to better integrate the DOD activities involving small satellites under the small satellite coordinating activity, scholarly call it. We want to ensure collaboration and interoperability to maximize efficiency in acquisition and operation. When we started this activity on over a year and a half ago, we documented over 70 plus separate small sat programs within DOD. And now we've developed a very vibrant community of interest surrounding our small satellites. Now, part of the work we have identified nine focus areas for further development. These are common areas to all systems and by continuing to expand on these, our plan is to enable a standard of practice that can be applied across all of the domains. This includes lawn services, ground processing distribution, and of course, a topic of interest to the symposium space security and Chris will talk more about that, being that he's the expert in this area. One challenge that we can definitely start working on today is workforce development. Cybersecurity is unique as it straddles STEM and security and policy. The trade craft is different. And unfortunately I've seen estimates recently suggesting a workforce gap in the next several years, much like the STEM fields. During the next session, I am a part of a panel with president Armstrong at Cal Poly, and Steve Jacques, the founder of the National Security Space Association to address workforce development. But for this panel, I'll look forward to having this dialogue surrounding space cybersecurity with Chris and John. Thank you, John. >> Bong, thank you for that opening statement and yes, workforce gaps, we need the new skill space is here. Thank you very much. Chris Henson's Technical Director of Space and Weapons, Cybersecurity Solutions for the National Security Agency. Your opening statement. >> Thank you for having me. I'm one of several technical leaders in space at the National Security Agency. And I'm currently on a joint duty assignment at the office of Under Secretary of Defense for Acquisition and Sustainment. I work under Mr. Gumahad in the C4ISR area. But almost 63 years ago, on the 4th of October, 1957, Sputnik was the first artificial satellite launched by the Soviet Union and space history was made. And each of you can continue to write future space history in your careers. And just like in 1957, the US isn't alone in space to include our close partnerships and longterm activities with organizations like the Japanese Space Agency, the European Space Agency and the Canadian Space Agency, just to name a few. And when we tackle cybersecurity per space, we have to address the idea that the communications command and control and those mission datas will transverse networks owned and operated by a variety of partners, not only .go, .mil, .com, .edu, et cetera. We need to have all the partners address the cyber effects of those systems because the risk accepted by one is shared by all. And sharing cyber best practices, lessons learned, data vulnerabilities, threat data mitigation procedures, all our valuable takeaways in expanding the space community, improving overall conditions for healthy environment. So thank you for having me, and I appreciate the opportunity to speak to you and your audience. And I look forward to the discussion questions, thank you. >> Thank you, Chris, thank you, Bong. Okay, I mean, open innovation, the internet, you see plenty of examples. The theme here is partners, commercial, government. It's going to take a lot of people and tech companies and technologies to make space work. So we asked my first question, Bong, we'll start with you is what do you see as the DOD's role in addressing cybersecurity in space? It's real, it's a new frontier. It's not going away, it's only going to get more innovative, more open, more contested. It seems like a lot to do there. What's your role in addressing cyber security in space? >> I think our role is to be the leader in developing not only is it the strategy, but the implementation plans to ensure a full of cybersecurity. If you look at the National Cyber Strategy, I think published in 2018, calls for like-minded countries, industry academia, and civil society. Once you mentioned John, the support technology development, digital safety policy, advocacy, and research. You here today, and those listening are fulfilling their strategy. When you develop, enable use cyber hygiene products as examples and capabilities, you're pushing the goal to provision. When you know what's on your network, patch network, backup and encrypt your network, you're hardening and preventing cyber attacks. And we in government academia, in the case of Cal Poly, civil networks and in commercial companies, we all benefit from doing that. Cyber security, and I think Chris will definitely back me up on this, more than passwords encryption or firewall. It's truly a mindset and a culture of enabling mission to succeed in assured and in a resilient fashion. >> Chris, you're take and reaction to the cybersecurity challenge involved here. >> It's starting really at the highest level of governments. We have, you know, the recent security policy Directive-5 that just came out just a couple of days ago, recognize all the factors of cybersecurity that need to come into play. And probably the most important outcome of that as Mr. Gumahad said, is the leadership role. And that leadership blends out very well into partnership. So partnership with industry, partnership with academia, partnership with other people that are exploring space. And those partnerships blend itself very naturally to sharing cybersecurity issues, topics, as we come up with best practices, as we come up with mitigation strategies, and as we come up with vulnerabilities and share that information. We're not going to go alone in space, just like we're probably not going to go alone in many other industries or areas. That the DOD has to be involved in many spectrums of deploying to space. And that deployment involves, as Mr. Gumahad said, encryption, authentication, knowing what's on the network, knowing the fabric of that network, and if nothing else, this internet of things and work from home environment that we've partaken of these last few months has even explored and expanded that notion even more dramatically as we have people dial in from all over the different locations. Well, space will be that natural node, that natural next network in measure involvement that we'll have to protect and explore on, not just from a terrestrial involvement, but all segments of it. The calm segment, the space vehicle, and the ground portion. >> You know, Bong, we talked about this in our other segment around with the president of Cal Poly, but the operating models of the Space Force and of the DOD and getting to space. But it's a software defined world, right? So cybersecurity is a real big issue 'cause you have an operating model that's requiring software to power these low hanging satellites. That's just an extension to the network. It's distributed computing, we know what this is. If you understand what technology we do in space, it's no different, it's just a different environment so it's software defined. That just lends itself well to hacking. I mean, if I'm a hacker I'm going, "Hey, why not just take out a satellite and crash it down "or make the GPS do something different?" I mean, it's definitely an attack vector. This is a big deal. It's not just like getting credentials that are cashed on a server, you got to really protect. >> Right, because in one hand it space will carry not only focal national security information, but if you look at the economic wellbeing, the financial state of a lot of countries, institutions, you know, more and more John, they'll be using space assets to make all that happen. So, and if you look at the, you mentioned the attack vectors in space. It's not just the computers in the ground, but if you look at the whole life cycle for satellite systems in space, the tasking that you need to do, the command and controlling of the vehicle, the data that comes down in the ground, even when you launch the birds, the satellites, you know, they all need to be protected because they're all somewhat vulnerable to hacking, to cyber attacks. Especially as we grow into commercialization space, it's going to be a lot more people out there playing in this world. It's going to be a lot more companies out there. And, you know, it's hard to track, the potential of foreign influences as an example, and therefore the potential of being vulnerable in terms of the cyber threat. >> Gentlemen, like you guys said to move on to this leadership role, Bong, you mentioned it. You want to be a leader, I get it, the DOD is Department of Defense, it's a new frontier to defend war time zone, you mentioned war time opportunity potentially. But how do you guys assist that's term hat to getting done? Because there's public and private space operations happening, there's security challenge. What does being a leader mean? And how does the DOD, Department of Defense assist driving the public and private? Do you lead from a project standpoint? Do you lead from a funding standpoint? Is it architectural? I mean, you're talking about now a new end-to-end architecture. It's not just cloud it's on premise, it's in devices, it's offloaded with new AI technology and nix and devices. It's IOT, it's all this and all new. This is all new. What does it mean for the DOD to be a leader and how do you assist others to get involved? And what does that mean? >> Yeah, I think the one hand, you know, DOD used to lead in terms of being the only source of funding for a lot of highly developmental efforts. We're seeing a different story in space. Again, I keep going back to the commercialization of space. We're seeing a lot more players, right? So in many ways allies commercial companies are actually leading the R&D of a lot different technology. So we certainly want to take advantage of that. So from a leadership standpoint, I think leadership can come in, by partnering a lot more with the commercial companies. In 2020, the DOD released the Defense Space Strategy, as an example, that highlights the threats, the challenges and opportunities the United States has faced by setting example of how we counter the threats that are out there, not just the DOD, but the civilian and the commercial sector as well. Our current conditions are strong, but we want to use four lines of effort to meet our challenges and capitalize on our desire to state space. Our lines of effort include building a comprehensive military badges space, integrating space into a national joint and combined operations, like I mentioned before. Shaping that strategic environment and cooperating with allies, partners in industry and other US governmental departments and agencies to advance the cost of space. To take full advantage of what space can provide us in DOD and the nation. >> Chris as a domain now, what's your take on all of this? Because again, it's going to take more people, more diverse, potentially more security hauls. What's your view on this? >> Well, let's look at how innovation and new technologies can help us in these areas. So, and mentioned it a couple of topics that you hit on already. One of the areas that we can improve on is certainly in the architecture. Where we look at a zero trust architecture, one of the NIST standards that's come about. Where it talks about the authentication, the need to know a granular approach, this idea of being able to protect, not just data, but the resources and how people can get access to those, whether they're coming in through an identification, authentication credential, or other aspects of the idea of not just anybody should be able to have access to data or anybody should have access once they're on the inside of the network. So that zero trust architecture is one approach where we can show some leadership and guidance. Another area is in a topic that you touched on as well, was in the software area. So some innovations are coming on very rapidly and strong in this artificial intelligence and machine learning. So if we can take this AI and ML and apply it to our software development areas, they can parse so much information very quickly. And you know, this vast array of software code that's going into system nowadays. And then that frees up our human exquisite talent and developers that can then look at other areas and not focus on minor vulnerability, fix a vulnerability. They can really use their unique skills and talents to come up with a better process, a better way, and let the artificial intelligence and machine learning, find those common problems, those unknown hidden lines of code that get put into a software library and then pull down over and over again from system to system. So I think between an architecture leadership role and employee innovation are two areas that we can show some benefits and process improvement to this whole system. >> That's a great point, Chris, and you think about just the architectural computer architecture network attached storage is an advantage software defined there. You could have flash, all flash arrays for storage. You could have multiple cores on a device. And this new architecture, offloads things, and it's a whole new way to gain efficiencies. I mean, you got Intel, you got Nvidia, you've got armed, all the processors all built in. So there's definitely been commercial best practices and benefits to a new kind of architecture that takes advantage of these new things. It's just efficiencies. But this brings up the whole supply chain conversation. I want to get your thoughts on this because there is talk about predatory investments and access and tactics to gain supply chain access to space systems, your thoughts? >> Yeah, it's a serious threat and not just for the US space supply chain, if you will, is the supply chain you access with large, I think it's a threat that's this real we're seeing today. I just saw an example recently involving, I think our law and services, where there was a foreign threat that was trying to get into a troop through with predatory investments. So it is something that we need to be aware of, it's happening and will continue to happen. It's an easy way to gain access to do our IP. And so it's something that we are serious about in terms of awareness and countering. >> Chris, your thoughts? I mean, I'm an open source guy. We've seen it when I grew up in the industry in the '80s open source became a revolution. But with that, it enabled new tactics for state sponsored attacks and that became a domain in of itself. That's well-documented and people talk about that all the time in cyber. Now you have open innovation with hardware, software connected systems. This is going to bring a supply chain nightmare. How do you track it all? (chuckles) Who's got what software and what device... Where the chip from? Who made it? Just the potential is everywhere. How do you see these tactics? Whether it's a VC firm from another country or this, that, and the other thing, startup, big company-- >> Yeah, so when we see coal companies being purchased by foreign investors, and, you know, we can get blocked out of those, whether it's in the food industry, or if it's in a microchip. Then that microchip could be used in a cell phone or a satellite or an automobile. So all of our are industries that have these companies that are being purchased or a large born investment influx into those, they can be suspect. And we have to be very careful with those and do the tracking of those, especially when those, some of those parts and mechanisms are coming from off shore. And again, going back to the Space Policy Directive-5, it calls out for better supply chain, resource management, the tracking, the knowing the pedigree and the quantitative ability of knowing where those software libraries came from, where the parts came from, and the tracking and delivery of that from an end-to-end system. And typically when we have a really large vendor, they can do that really well. But when we have a subcontractor to a subcontractor, to a subcontractor, their resources may not be such that they can do that tracking in mitigation for counterfeits or fraudulent materials going into our systems. So it's a very difficult challenge, and we want to ensure as best we can that as we ingest those parts, as we ingest those software libraries and technologies into the system, that before we employ them, we have to do some robust testing. And I don't want to say that's the last line of defense, but that certainly is a mechanism for finding out do the systems perform as they stated on a test bench or a flat set, whatever the case may be, before we actually deploy it. And then we're relying on the output or the data that comes from that system that may have some corrupt or suspect parts in it. >> Great point, this federal views-- >> The problem with space systems is kind of, you know, is once you launch the bird or the satellite, your access to it is diminished significantly, right? Unless you go up there and take it down. So, you know, kind of to Chris's point, we need to be able to test all the different parts to ensure that is performing as described there, as specified with good knowledge that it's trustworthy. And so we do that all on the ground before we take it up to launch it. >> It's funny, you want agility, you want speed, and you security, and you want reliability, and risk management. All aggressive, and it's a technical problem, it's a business model problem. Love to get real quick before we jump into some of the more workforce and gap issues on the personnel side, have you guys to just take a minute to explain quickly what's the federal view? If you had to kind of summarize the federal view of the DOD and the role with it wants to take, so all the people out there on the commercial side or students out there who are wanting to jump in, what is the current modern federal view of space cybersecurity? >> Chris, why don't you take that on and I'll follow up. >> Okay, I don't know that I can give you the federal view, but I can certainly give you the Department of Defense that cyber security is extremely important. And as our vendors and our suppliers take on a very, very large and important role, one area that we're looking at improving on is a cyber certification maturity model, where we look at the vendors and how they implement and employee cyber hygiene. So that guidance in and of itself shows the emphasis of cyber security. That when we want to write a contract or a vendor for a purchase that's going to go into a space system, we'd like to know from a third party audit capability, can that vendor protect and defend to some extent the amount that that part or piece or software system is going to have a cyber protection already built into it from that vendor, from the ground floor up, before it even gets put into a larger system. So that shows a level of the CMMC process that we've thought about and started to employ beginning in 2021 and will be further built on in the out years. How important the DOD takes that. And other parts of the government are looking at this. In fact, other nations are looking at the CMMC model. So I think it shows a concern in very many areas, not just in the Department of Defense, that they're going to adopt an approach like this. So it shows the pluses and the benefits of a cybersecurity model that all can build on. >> Bong, your reaction. >> Yeah, I'll just add to that. John, you asked earlier about, you know, how do we track commercial entities or people into the space and cyber security domains? I can tell you that at least my view of it, space and cybersecurity are new. It's exciting, it's challenging, a lot of technical challenges there. So I think in terms of attracting the right people and personnel to work those areas, I think it's not only intellectually challenging, but it's important for the defensing and near States. And it's important for economic security at large for us as well. So I think in terms of a workforce and trying to get people interested in those domains, I hope that they see the same thing we do in terms of the challenges and the opportunities it presents itself in the future. >> Awesome, I loved your talk on intro track there. Bong, you mentioned the three key areas of DOD success, developing a whole government approach to partnership with the private sector. I think that's critical, and the allies. Prioritizing the right investments on resilience, innovation, adaptive operations, and responding to rapidly to effectively emerging technology seem to be fast. I think all those things are relevant. So given that, I want to get your thoughts on the Defense Space Strategy. In 2020, the DOD released dispense Defense Space Strategy, highlighting threats, and challenges and opportunities. How would you summarize those threats and those challenges and opportunities? What are those things that you're watching in the defense space area? >> Right, well, I think as I said before, Chris as well, you know, we're seeing that space will be highly contested because it's a critical element in our war fighting construct. To win our future conflict, I think we need to win space as well. So when you look at our near peer adversaries, there's a lot of efforts in China to take that advantage away from the United States. So the threat is real, and I think it's going to continue to evolve and grow. And the more we use space, for both commercial and government, I think you're going to see a lot more when these threats, some AFAs itself in forms of cyber attacks, or even kinetic attacks in some cases as needed. So, yeah, so the threat is indeed growing, space is congested, as we talked about, it will continually be contested in the future as well. So we need to have, like we do now in all the other domains, a way to defend it. And that's what we're working on within DOD. How do we protect our assets in space, and how do we make sure that the data information that traverses through space assets are trustworthy and free of any interference. >> Chris, exciting time, I'm mean, if you're in technology, this is crossing many lines here, tech, society, war time defense, new areas, new tech. I mean, it's security, it's intoxicating at many levels because if you think about it, it's not one thing. It's not one thing anymore. It spans a broader spectrum, these opportunities. >> Yeah and I think that expansion is a natural outgrowth from, as our microprocessors and chips and technology continue to shrink smaller and smaller. You know, we think of our cell phones and our handheld devices and tablets and so on that have just continued to get embedded in our everyday society, our everyday way of life. And that's a natural extension when we start applying those to space systems, when we think of smallsats and cube sets and the technology that's can be repurposed into a small vehicle, and the cost has come down so dramatically that, you know, we can afford to get rapid experiments, rapid exploitations and different approaches in space and learn from those and repeat them very quickly and very rapidly. And that applies itself very well to an agile development process, DevSecOps, and this notion of spins and cycles and refreshing and re-addressing priorities very quickly so that when we do put a new technology up, that the technology is very lean and cutting edge, and hasn't been years and years in the making, but it's relevant and new. And the cybersecurity and the vulnerabilities of that have to be addressed and allow that DevSecOps process to take place so that we can look at those vulnerabilities and get that new technology and those new experiments and demonstrations in space and get lessons learned from them over and over again. >> Well, that brings us to the next big topic. I want to spend the remainder of our time on, that is workforce, this next generation. If I wasn't so old, I would quit my job and I would join immediately. It's so much fun, it's exciting, and it's important. And this is what I think is a key point is that cybersecurity in and of itself has got a big gap of shortage of workers, nevermind adding space to it. So this is the intersection of space and cybersecurity. There is a workforce opportunity for this next generation, young person to person re-skilling, this is a big deal. Bong, you have thoughts on this? It's not just STEM, it's everything. >> Yeah, it's everything, you know, the opportunities we have in space, it's significant and tremendous. And I think if I were young again, as you pointed out, John, you know, I'm lucky that I'm in this domain in this world and I started years ago, but it continues to be exciting, lots of opportunities, you know. When you look at some of the commercial space systems are being put up, if you look at, I mentioned Starlink before and Amazon's Kuiper Constellation. These guys are talking about couple of thousand satellites in space to provide ubiquitous communications for internet globally, and that sort of thing. And they're not the only ones that are out there producing capability. We're seeing a lot more commercial imagery products being developed by companies, both within the US and foreign elements as well. So I think it's an exciting time to be in space. Certainly lots of opportunities. There's technical challenges galore in terms of not only the overcoming the physics of space, but being able to operate flexibly and get the most you can out of the capabilities we have operating up in space. >> Besides being cool, I mean, everyone looks at launch of space gets millions of views on live streams, the On-Demand reruns get millions and millions of views. There's a lot of things there. So, Chris, what specifically could you share are things that people would work on? Jobs, skills, what's the aperture? What's it look like if you zoom out and look at all the opportunities from a scale standpoint, what's out there? >> I'll talk to the aperture, but I want to give a shout out to our Space Force. And I mean, their job is to train and equip each air space and that space talent. And I think that's going to be a huge plus up to have a Space Force that's dedicated to training, equipping, an acquisition and a deployment model that will benefit not just the other services, but all of our national defense and our strategic way of how this company, country employees space altogether. So having a Space Force, I think, is a huge issue. And then to get to that aperture aspect of what you're asking and that addresses a larger workforce, we need so many different talents in this area. We can employ a variety of people from technical writers, to people who write and develop software to those who bending metal and actually working in a hardware environment. And those that do planning and launch operations and all of those spectrums and issues of jobs, are directly related to a workforce that can contribute to space. And then once that data gets to the ground and employed out to a user, whether it's a weather data, or we're looking at from a sensor, recent events on shipping lanes, those types of things. So space has such a wide and diverse swath that the aperture's really wide open for a variety of backgrounds. And those that really just want to take an opportunity, take a technical degree, or a degree that can apply itself to a tough problem, because they certainly exist in space. And we can use that mindset of problem solving, whether you come at it from a hacker mindset, an ethical, white hat approach to testing and vulnerability exploration. Or somebody who knows how to actually make operations safer, better through space situation awareness. So there's a huge swath of opportunity for us. >> Bong, talk about the cybersecurity enabled environment, the use cases that are possible when you have cybersecurity in play with space systems, which is in and of itself, a huge range of jobs, codings, supply chain, we just talked about a bunch of them. There's still more connected use cases that go beyond that, that are enabled by it, if you think about it. And this is what the students at Cal Poly and every other college and university, community college, you name it, who are watching videos on YouTube. Anyone with a brain can jump in if they see the future. It's all net news. Space Force is driving awareness, but there's a whole slew of these new use cases that I call space enabled by cyber secure systems. Your thoughts? >> Absolutely, I was had planned on attending the Cyber Challenge that's Cal Poly had planned in June. Of course, the pandemic took care of that plan, but I was intrigued by the approach that the Cal Poly was taking with middle school and high school kids of exposing him to a problem set. Here, you have a satellite that came down from space and part of the challenge was to do forensic analysis on the debris, the remaining pieces of the satellite to figure out what happened. It had a cyber cybersecurity connotation. It was hacked, it was attacked by cyber threat nation, took it down. And the beauty of having these kids kind of play with the remaining parts of the satellite, figure out what happened. So it was pretty exciting. I was really looking forward to participating in that, but again, the pandemic kind of blew that up, but I look forward to future events like that, to get our young people intrigued and interested in this new field of space. Now, Chris was talking earlier about opportunities, there're opportunities that you talk about, while I would like to have people come to the government, to help us out, it's not just focused on government. There's lots of opportunities in commercial space, if you will, for a lot of talent to participate in. So the challenge is immense, both government and the commercial sector, John. >> I mean, you get the hardcore, you know, I want to work for the DOD, I want to work for NSA, I want to work for the government. You clearly got people who want to have that kind of mission. But for the folks out there, Chris and Bong that are like, "Do I qualify?" It's like the black box of the DOD, it's like a secret thing, you got to get clearance, you've got to get all these certifications. And you got to take all kinds of tests and background checks. Is it like that, and will that continue? 'Cause some people might say, "Hey, can I even get involved? "What do I do?" So I know there's some private partnerships going on with companies out there in the private sector. So this is now a new, you guys seem to be partnering and going outside the comfort zone of the old kind of tactical things. What are some of those opportunities that people could get involved in that they might not know about? >> For NSA, there's a variety of workforce initiatives that for anybody from a high school work study can take advantage of to those that would like have to have internships. And those that are in a traditional academic environment, there's several NSA schools across the country that have academic and cyber sites of excellence that participate in projects that are shepherded and mentored by those at NSA that can get those tough problems that don't have maybe a classified or super sensitive nature that can be worked in and in an academia environment. So those are two or three examples of how somebody can break into an intelligence organization. And the other agencies have those opportunities as well across the intelligence community. And the partnership between and collaboration between private industry and the agencies and the Department of Defense just continue to grow over and over again. And even myself being able to take advantage of a joint duty assignment between my home organization and the Pentagon, just shows another venue of somebody that's in one organization can partner and leverage with another organization as well. So I'm an example of that partnering that's going on today. >> So there's some innovation. Bong, nontraditional pathways to find talent, what are out there, what are new? What are these new nontraditional ways? >> I was going to add to what Chris was mentioning, John. Even within DOD and under the purview of our chief information officer, back in 2013, the Deputy Secretary Defense signed the, what we call the DOD Cyberspace Workforce Strategy into effect. And that included a program called the Cyber Information Technology Exchange Program. It's an exchange program in which a private sector employee can work for the DOD in cyber security positions span across multiple mission critical areas. So this is one opportunity to learn, inside the DOD what's happening as a private sector person, if you will. Going back to what we talked about, kind of opportunities within the government for somebody who might be interested. You don't have to be super smart, dork in space, there's a lot of, like Chris pointed out, there's a lot of different areas that we need to have people, talented people to conduct the mission in space. So you don't have to be mathematician. You don't have to be an engineer to succeed in this business. I think there's plenty of opportunities for any types of talent, any type of academic disciplines that are out there. >> All right, thank you, and Chris's shout out to the Space Force is really worth calling out again, because I think to me, that's a big deal. It's a huge deal. It's going to change the face of our nation and society. So super, super important. And that's going to rise the tide. I think it's going to create some activation for a younger generation, certainly, and kind of new opportunities, new problems to solve, new threats to take on, and move it on. So really super conversation, space and cybersecurity, the Department of Defense perspective. Bong and Chris, thank you for taking the time. I'd love you guys just to close out. We'll start with you Bong and then Chris. Summarize for the folks watching, whether it's a student at Cal Poly or other university or someone in industry and government, what is the Department of Defense perspective for space cybersecurity? >> Chris, want to go and take that on? >> That's right, thank you. Cybersecurity applies to much more than just the launch and download of mission data or human led exploration. And the planning, testing, and experiments in the lab prior to launch require that cyber protection, just as much as any other space link, ground segment, trust rail network, or user data, and any of that loss of intellectual property or proprietary data is an extremely valuable and important, and really warrants cyber security safeguards. In any economic espionage, your data exfiltration, or denied access to that data, i.e. ransomware or some other attack, that can cripple any business or government endeavor, no matter how small or large, if it's left unprotected. And our economic backbone clearly depends on space. And GPS is more than just a direction finding, banking needs that T and timing from P and T or whether it just systems that protect our shipping and airline industry of whether they can navigate and go through a particular storm or not. Even fighting forest fires picked up by a remote sensor. All those space space assets require protection from spoofing date, data denial, or total asset loss. An example would be if a satellite sensitive optics or intentionally pointed at the sun and damaged, or if a command to avoid collision with another space vehicle was delayed or disrupted or a ground termination command as we just saw just a few days ago at T minus three seconds prior to liftoff, if those all don't go as planned, those losses are real and can be catastrophic. So the threat to space is pervasive, real and genuine, and your active work across all those platforms is necessary and appreciated. And your work in this area is critical going forward. Thank you for this opportunity to speak with you and talking on this important topic. Thank you, Chris Henson. Bong Gumahad, closing remarks? >> Yeah, likewise, John, again, as Chris said, thank you for the opportunity to discuss this very important around space cybersecurity, as well as addressing at the end there, we were talking about workforce development and the need to have people in the mix for future. (indistinct) We discussed, we need to start that recruiting early as we're doing to address the STEM gap today, we need to apply the same thing for cybersecurity. We absolutely need smart and innovative people to protect both our economic wellbeing as a nation, as well as our national defense. So this is the right conversation to have at this time, John. And again, thank you and Cal Poly host for having this symposium and having this opportunity to have this dialogue. Thank you. >> Gentlemen, thank you for your time and great insights. We couldn't be there in person. We're here virtual for the Space and Cybersecurity Symposium 2020, the Cal Poly. I'm John Furrier with SiliconANGLE and theCUBE, your host. Thank you for watching. (soft music)

>> Narrator: Live from San Francisco. It's the theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconAngle Media. >> Alright, welcome to theCUBE coverage here at RSA Conference in San Francisco and Moscone Halls, theCUBE. I'm John Furrier, the host of theCUBE, in a cyber security is all about encryption data and also security. We have a very hot startup here, that amazing guest, Dr. Ellison Anne Williams, CEO and Founder of Enveil just recently secured a $10 million Series A Funding really attacking a real problem around encryption and use. Again, data ,security, analytics, making it all secure is great. Allison, and thanks for coming on. Appreciate your time. >> Thanks for having me. >> So congratulations on the funding before we get started into the interview talking about the hard news, you guys that are around the funding. How long have you guys been around? What's the funding going to do? What are you guys doing? >> Yeah, so we're about three and a half years old as a company. We just announced our Series A close last week. So that was led by C5. And their new US Funds The Impact Fund and participating. Other partners included folks like MasterCard, Capital One Ventures, Bloomberg, Beta 1843, etc. >> So some names jumped in C5 led the round. >> For sure. >> How did this get started? What was the idea behind this three years you've been actually doing some work? Are you going to production? Is it R&D? Is it in market? Give us a quick update on the status of product and solution? >> Yeah, so full production. For production of the product. We're in fact in 2.0 of the release. And so we got our start inside of the National Security Agency, where I spent the majority of my career. And we developed some breakthroughs in an area of technology called homomorphic encryption, that allows you to perform computations into the encrypted domain as if they were in the unencrypted world. So the tech had never existed in a practical capacity. So we knew that bringing seeds of that technology out of the intelligence community and using it to seed really and start the company, we would be creating a new commercial market. >> So look at this, right? So you're at the NSA, >> Correct >> Your practitioner, they're doing a lot of work in this area, pioneering a new capability. And did the NSA spin it out did they fund it was the seed capital there or did you guys bootstrap it >> No. So our seed round was done by an entity called Data Tribe. So designed to take teams in technologies that were coming out of the IC that wanted to commercialize to do so. So we took seed funding from them. And then we were actually one of the youngest company ever to be in the RSA Innovation Sandbox here in 2017, to be one of the winners and that's where the conversation really started to change around this technology called homomorphic encryption, the market category space called securing data in use and what that meant. And so from there, we started running the initial version of a product out in the commercial world and we encountered two universal reaction. One that we were expecting and one that we weren't. And the one that we were expecting is that people said, "holy cow, this actually works". Because what we say we do keeping everything encrypted during processing. Sounds pretty impossible. It's not just the math. And then the second reaction that we encountered that we weren't expecting is those initial early adopters turned around and said to us, "can we strategically invest in you?" So our second round of funding was actually a Strategic Round where folks like Bloomberg beta,Thomson Reuters, USA and Incue Towel came into the company. >> That's Pre Series A >> Pre Series A >> So you still moving along, if a sandbox, you get some visibility >> Correct. >> Then were the products working on my god is you know, working. That's great. So I want to get into before I get into some of the overhead involved in traditionally its encryption there always has been that overhead tax. And you guys seem to solve that. But can you describe first data-at-rest versus data-in-motion and data-in-user. data at rest, as means not doing anything but >> Yeah, >> In flight or in you so they the same, is there a difference? Can you just tell us the difference of someone this can be kind of confusing. >> So it's helpful to think of data security in three parts that we call the triad. So securing data at rest on the file system and the database, etc. This would be your more traditional in database encryption, or file based encryption also includes things like access control. The second area, the data security triad is securing data- in- transit when it's moving around through the network. So securing data at rest and in transit. Very well solution. A lot of big name companies do that today, folks like Talus and we partner with them, Talus, Gemalto, etc. Now, the third portion of the data security triad is what happens to that data when you go use or process it in some way when it becomes most valuable. And that's where we focus. So as a company, we secure data-in-use when it's being used or processed. So what does that mean? It means we can do things like take searches or analytics encrypt them, and then go run them without ever decrypting them at any point during processing. So like I said, this represents a new commercial market, where we're seeing it manifest most often right now are in things like enabling secure data sharing, and collaboration, or enabling secure data monetization, because its privacy preserving and privacy enabling as a capability. >> And so that I get this right, the problem that you solved is that during the end use parts of the triad, it had to be decrypted first and then encrypted again, and that was the vulnerability area. Look, can you describe kind of like, the main problem that you guys saw was that-- >> So think more about, if you've got data and you want to give me access to it, I'm a completely different entity. And the way that you're going to give me access to it is allowing me to run a search over your data holdings. We see this quite a bit in between two banks in the areas of anti-money laundering or financial crime. So if I'm going to go run a search in your environment, say I'm going to look for someone that's an EU resident. Well, their personal information is covered under GDPR. Right? So if I go run that search in your environment, just because I'm coming to look for a certain individual doesn't mean you actually know anything about that. And so if you don't, and you have no data on them whatsoever, I've just introduced a new variable into your environment that you now have to account for, From a risk and liability perspective under something like GDPR. Whereas if you use us, we could take that search encrypt it within our walls, send it out to you and you could process it in its encrypted state. And because it's never decrypted during processing, there's no risk to you of any increased liability because that PII or that EU resident identifier is never introduced into your space. >> So the operating side of the business where there's compliance and risk management are going to love this, >> For sure. >> Is that really where the action is? >> Yes, compliance risk privacy. >> Alright, so get a little nerdy action on this one. So encryption has always been an awesome thing depending on who you talk to you, obviously, but he's always been a tax associate with the overhead processing power. He said, there's math involved. How does homeomorphic work? Does it have problems with performance? Is that a problem? Or if not, how do you address that? Where does it? I might say, well, I get it. But what's the tax for me? Or is your tax? >> Encryption is never free. I always tell people that. So there always is a little bit of latency associated with being able to do anything in an encrypted capacity, whether that's at rest at in transit or in use. Now, specifically with homomorphic encryption. It's not a new area of encryption. It's been around 30 or so years, and it had often been considered to be the holy grail of encryption for exactly the reasons we've already talked about. Doing things like taking searches or analytics and encrypting them, running them without ever decrypting anything opens up a world of different types of use cases across verticals and-- >> Give those use case examples. What would be some that would be low hanging fruit. And it would be much more higher level. >> Some of the things that we're seeing today under that umbrella of secure data sharing and collaboration, specifically inside of financial services, for use cases around anti-money laundering and financial crimes so, allowing two banks to be able to securely collaborate with with each other, along the lines of the example that I gave you just a second ago, and then also for large multinational banks to do so across jurisdictions in which they operate that have different privacy and secrecy regulations associated with them. >> Awesome. Well, Ellison, and I want to ask you about your experience at the NSA. And now as an entrepreneur, obviously, you have some, you know, pedigree at the NSA, really, you know, congratulations. It's going to be smart to work there, I guess. Secrets, you know, >> You absolutely do. >> Brains brain surgeon rocket scientist, so you get a lot of good stuff. But now that you're on the commercial space, it's been a conversation around how public and commercial are really trying to work together a lot as innovations are happening on both sides of the fence there. >> Yeah. >> Then the ICC and the Intelligence Community as well as commercial. Yeah, you're an entrepreneur, you got to go make money, you got shareholders down, you got investors? What's the collaboration look like? How does the world does it change for you? Is it the same? What's the vibe in DC these days around the balance between collaboration or is there? >> Well, we've seen a great example of this recently in that anti-money laundering financial crime use case. So the FCA and the Financial Conduct Authority out of the UK, so public entity sponsored a whole event called a tech spread in which they brought the banks together the private entities together with the startup companies, so your early emerging innovative capabilities, along with the public entities, like your privacy regulators, etc, and had us all work together to develop really innovative solutions to real problems within the banks. In the in the context of this text spread. We ended up winning the know your customer customer due diligence side of the text brand and then at the same time that us held an equivalent event in DC, where FinCEN took the lead, bringing in again, the banks, the private companies, etc, to all collaborate around this one problem. So I think that's a great example of when your public and your private and your private small and your private big is in the financial services institutions start to work together, we can really make breakthroughs-- >> So you see a lot happening >> We see a lot happening. >> The encryption solution actually helped that because it makes sense. Now you have the sharing the encryption. >> Yeah. >> Does that help with some of the privacy and interactions? >> It breaks through those barriers? Because if we were two banks, we can't necessarily openly, freely share all the information. But if I can ask you a question and do so in a secure and private capacity, still respecting all the access controls that you've put in place over your own data, then it allows that collaboration to occur, whereas otherwise I really couldn't in an efficient capacity. >> Okay, so here's the curveball question for you. So anybody Startup Series today, but you really got advanced Series A, you got a lot of funding multiple years of operation. If I asked you what's the impact that you're going to have on the world? What would you say to that, >> Over creating a whole new market, completely changing the paradigm about where and how you can use data for business purposes. And in terms of how much funding we have, we have, we've had a few rounds, but we only have 15 million into the company. So to be three and a half years old to see this new market emerging and being created with with only $15 million. It's really pretty impressive. >> Yeah, it's got a lot of growth and keep the ownership with the employees and the founders. >> It's always good, but being bootstrap is harder than it looks, isn't it? >> Yeah. >> Or how about society at large impact. You know, we're living global society these days and get all kinds of challenges. You see anything else in the future for your vision of impact. >> So securing data and your supplies horizontally across verticals. So far we've been focused mainly on financial services. But I think healthcare is a great vertical to move out in. And I think there are a lot of global challenges with healthcare and the more collaborative that we could be from a healthcare standpoint with our data. And I think our capabilities enable that to be possible. And still respecting all the privacy regulations and restrictions. I think that's a whole new world of possibility as well. >> And your secret sauce is what math? What's that? What's the secret sauce, >> Math, Math and grit. >> Alright, so thanks for sharing the insights. Give a quick plug for the company. What are you guys looking to do? Honestly, $10 million in funding priorities for you and the team? What do you guys live in to do? >> So priorities for us? privacy is a global issue now. So we are expanding globally. And you'll be hearing more about that very shortly. We also have new product lines that are going to be coming out enabling people to do more advanced decisioning in a completely secure and private capacity. >> And hiring office locations DC. >> Yes. So our headquarters is in DC, but we're based on over the world, so we're hiring, check out our web page. We're hiring for all kinds of roles from engineering to business functionality >> And virtual is okay virtual hires school >> Virtual hires is great. We're looking for awesome people no matter where they are. >> You know, DC but primary. Okay, so great to have you gone. Congratulations for one, the financing and then three years of bootstrapping and making it happen. Awesome. >> Thank you. >> Thank you for coming ,appreciate it. So keep coming to your RSA conference in Moscone. I'm John Furrier. Thanks for watching more after this short break (pop music playing)

>> Live from Stanford University. It's the Cube covering global Women in Data Science conference brought to you by Silicon Angle media. >> Welcome back to the Cubes. Continuing coverage of the fourth annual Women and Data Science Conference with Hashtag with twenty nineteen to join the conversation. Lisa Martin joined by one of the speakers on the career panel today at Stanford. Natalie Evans Harris, the cofounder and head of strategic initiatives at right hive. Natalie. It's a pleasure to have you on the program so excited to be here. Thank you. So you have, which I can't believe twenty years experience advancing the public sectors. Strategic use of data. Nearly twenty. I got more. Is your career at the National Security Agency in eighteen months with the Obama administration? You clearly were a child prodigy, of course. Of course, I was born in nineteen ninety two s. So tell me a little bit about how you got involved with was. This is such an interesting movement because that's exactly what it is in such a short time period. They of a mask. You know, they're expecting about twenty thousand people watching the live stream today here from Stanford. But there's also fifty plus countries participating with one hundred fifty plus a regional events. You're here on the career panel. Tell me a little bit about what attracted you to wits and some of the advice and learnings that you're going to deliver this afternoon. Sure, >> absolutely So Wits and the Women and Data Science Program and Conference on what it's evolved to are the exact type of community collective impact initiatives we want to say. When we think about where we want data science to grow, we need to have diversity in the space. There's already been studies that have come out to talk about the majority of innovations and products that come out are built by white men and built by white men. And from that lens you often lose out on the African American experience or divers racial or demographic experiences. So you want communities like women and data science to come together and show we are a part of this community. We do have a voice and a seat at the table, and we can be a part of the conversation and innovation, and that's what we want, right? So to come together and see thousands of people talking and walking into a room of diverse age and diverse experience, it feels good, and it makes me hopeful about the future because people is what the greatest challenge to data science is going to be in the future. >> Let's talk about that because a lot of the topics around data science relate to data privacy and ethics. Cyber security. But if we look at the amount of data that's generated every day, two point five quintillion pieces of data, tremendous amount of impact for the good. You think of cancer research and machine learning in cancer research. But we also think, Wow, we're at this data revolution. I read this block that you co authored it about a year ago called It's time to Talk About Data Ethics, and I found it so interesting because how how do we get control around this when we all know that? Yes, there is so many great applications for data that were that we benefit from every day. But there's also been a lack of transparency on a growing scale. In your perspective, how do what's the human capital element and how does that become influenced to really manage data in a responsible way? I think that >> we're recognizing that data can solve all of these really hard problems and where we're collecting these quintillion bytes of data on a daily basis. So there's acknowledgment that there's things that humans just can't d'oh so a I and machine learning our great ways to increase access to that data so we can use it to start to solve problems. But we also need to recognize is that no matter how good A I gets, there's still humans that need to be a part of that context because the the algorithms air on Lee as strong as the people that have developed them. So we need data scientist. We need women with diverse experiences. We need people with diverse thoughts because they're the ones we're going to create, those algorithms that make the machine learning and the and the algorithms in the technology more powerful, more diverse and more equal. So we need to see more growth and experiences and people and learning the things that I talk about. When I when others asked me and what I'll mention on the career panel is when you think about data science. It's not just about teaching the technical skills. There's this empathy that needs to be a part of it. There's this skill of being able to ask questions in really interesting ways of the data. When I worked at National Security Agency and helped build the data science program there, every data scientist that came into the building, we, of course taught them about working in our vitamins. But we also made every single one of them take a class on asking questions. The same class that we had our intelligence analyst take so the same ways of the history and the foreign language experts needed to learn how to ask questions of data we needed, Our data scientist told. Learn that as well. That's how you start to look beyond just the ones and zeros and start to really think about not just data but the people that are impacted by the use of the data. >> Well, it's really one of the things I find interesting about data. Science is how diverse on I use that word, specifically because we talked about thought diversity. But it's not just the technical skills as you mentioned. It's empathy. It's communication. It's collaboration on DH those air. So it's such a like I said, Diverse opportunity. One of the things I think I read about in your blawg. If we look at okay, we need to not just train the people on how to analyze the data but howto be confident enough to raise their hand and ask questions. How do you also train the people? >> Two. >> Handle data responsibly. You kind of mentioned there's this notion of sort of like a Hippocratic oath that medical doctors take for data scientist. And I thought that was really intriguing. Tell me a little bit more about that. And how do you think that data scientists in training and those that are working now can be trained? Yeah, influenced to actually take something like that in terms of really individualizing that responsibility for ethical treatment of data. So, towards the >> end of my time at the White House, we it was myself deejay Patil and a number of experts and thought leaders in the space of of news and ethics and data science came together and had this conversation about the future of data ethics. And what does it look like? Especially with the rise of fake news and misinformation and all of these things? And born out of that conversation was just this. This realization that if you believe that, inherently people want to do the good thing, want to do the right thing? How do they do that? What does that look like? So I worked with Data for Democracy and Bloomberg to Teo issue a study and just say, Look, data scientist, what keeps you up at night? What are the things that as you as you build these algorithms and you're doing this? Data sharing keeps you up at night. And the things that came out of those conversations and the working groups and the community of practice. Now we're just what you're talking about. How do we communicate responsibly around this? How do we What does it look like to know that we've done enough to protect the data, to secure the data, to, to use the data in the most appropriate ways? And when we >> see a problem, what do >> we do to communicate that problem and address it >> out of >> that community of practice? And those principles really came the starts of what an ethics. Oh, the Hippocratic oath could look like it's a set of principles. It's not the answer, but it's a framework to help guide you down. Your own definition of what ethical behaviour looks like when you use data. Also, it became a starting point for many companies to create their own manifestos and their own goals to say as a company, these are the values that we're going to hold true to as we use data. And then they can create the environments that allow for data scientists to be able to communicate how they feel about what is happening around them and effect change. It's a form of empowerment. Amazing. I love >> that in the last thirty seconds, I just want to get your perspective on. Here we are spring of twenty nineteen. Where are we as a society? Mon data equaling trust? >> Oh, I love that we're having the conversation. And so we're at that point of just recognizing that data's more than ones and zeroes. And it's become such an integral part of who people are. And so we need some rules to this game. We need to recognize that privacy is more than just virus protection, that there is a trust that needs to be built between the individuals, the communities and the companies that are using this data. What the answers are is what we're still figuring out. I argue that a large part of it is just human capital. It's just making sure that you have a diverse set of voices, almost a brain trust as a part of the conversation. So you're not just going to the same three people and saying, What should we d'Oh But you're growing and each one teach one and building this community around collectively solving these problems. Well, >> Natalie's been such a pleasure talking with you today. Thank you so much for spending some time and joining us on the Cuban. Have a great time in the career panel this afternoon. Atwood's. >> Thank you so much. This is a lot of fun. >> Good. My pleasure. We want to thank you. You're watching the Cube from the fourth annual Women and Data Science Conference alive from Stanford University. I'm Lisa Martin. I'll be back with my next guest after a short break