from around the globe it's thecube covering space and cyber security symposium 2020 hosted by cal poly hello everyone welcome to the space and cyber security symposium 2020 hosted by cal poly where the intersection of space and security are coming together i'm john furrier your host with thecube here in california i want to welcome our featured guest lieutenant general john f thompson with the united states space force approach to cyber security that's the topic of this session and of course he's the commander of the space and missile system center in los angeles air force base also heading up space force general thank you for coming on really appreciate you kicking this off welcome to the symposium hey so uh thank you very much john for that very kind introduction also uh very much thank you to cal poly uh for this opportunity to speak to this audience today also a special shout out to one of the organizers uh dustin brun for all of his work uh helping uh get us uh to this point uh ladies and gentlemen as uh as uh john mentioned uh i'm jt thompson uh i lead the 6 000 men and women of the united states space forces space and missile system center which is headquartered here at los angeles air force base in el segundo if you're not quite sure where that's at it's about a mile and a half from lax this is our main operating location but we do have a number of other operating locations around the country with about 500 people at kirtland air force base in albuquerque new mexico uh and about another 500 people on the front range of the rockies uh between colorado springs and uh and denver plus a smattering of other much smaller operating locations nationwide uh we're responsible for uh acquiring developing and sustaining the united states space force's critical space assets that includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites and we also are in charge of procuring launch services for the u.s space force and a number of our critical mission partners across the uh department of defense and the intelligence community um just as a couple of examples of some of the things we do if you're unfamiliar with our work we developed and currently sustained the 31 satellite gps constellation that satellite constellation while originally intended to help with global navigation those gps signals have provided trillions of dollars in unanticipated value to the global economy uh over the past three decades i mean gps is everywhere i think everybody realizes that agriculture banking the stock market the airline industry uh separate and distinct navigation systems it's really pervasive across both the capabilities for our department of defense and capabilities for our economy and and individuals billions of individuals across our country and the planet some of the other work we do for instance in the communications sector uh secure communications satellites that we design and build that link america's sons and daughters serving in the military around the world and really enable real-time support and comms for our deployed forces and those of our allies we also acquire uh infrared missile warning satellites uh that monitor the planet for missile launches and provide advanced warning uh to the u.s homeland and to our allies uh in case some of those missile launches are uh nefarious um on a note that's probably a lot closer to home maybe a lot closer to home than many of us want to think about here in the state of california in 2018 smc jumped through a bunch of red tape and bureaucracy uh to partner with the u.s forest service during the two of the largest wildfires in the state's history the camp and woolsey fires in northern california as those fires spread out of control we created processes on the fly to share data from our missile warning satellites those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet and we collaborated with the us forest service so that firefighters on the ground uh could track those fires more in real time and better forecast fires and where they were spreading thereby saving lives and and property by identifying hot spots and flare-ups for firefighters that data that we were able to working with our contractors pass to the u.s forest service and authorities here in california was passed in less than an hour as it was collected to get it into the hands of the emergency responders the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters it was really instrumental in fighting those fires and stopping their spread we've continued uh that involvement in recent years using multiple systems to support firefighters across the western u.s this fall as they battled numerous wildfires that unfortunately continue working together with the u.s forest service and with other partners uh we like to make uh we like to think that we made a difference here but there's still a lot more work to go and i think that we should always be asking ourselves uh what else can space data be used for and how can we more rapidly get that space data to uh stakeholders so that they can use it for for purposes of good if you will how else can we protect our nation how else can we protect our friends and allies um i think a major component of the of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly um just over the past few years uh john and i were talking before we went live here and 80 nations now have uh space programs 80 nearly 80 space faring nations on the planet um if you just look at one mission area that uh the department of defense is interested in and that's small launch there are currently over a hundred different small launch companies uh within the u.s industrial base vying for commercial dod and civil uh payload capabilities uh mostly to low earth orbit it's it's just truly a remarkable time if you factor in those things like artificial intelligence and machine learning um where we're revolutionary revolutionizing really uh the ways that we generate process and use data i mean it's really remarkable in 2016 so if you think about this four years ago uh nasa estimated that there were 28 terabytes of information transiting their space network each day and that was four years ago um uh obviously we've got a lot of desire to work with a lot of the people in the audience of this congress or in this conference uh we need to work with big thinkers like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data we need new generations of thinkers to help apply cutting edge edge theories of data mining cyber behaviorism and internet of things 2.0 it's just truly a remarkable time uh to be in the space business and the cyber aspects of the states of the space business are truly truly daunting and important to uh to all of us um integrating cyber security into our space systems both commercial and government is a mandate um it's no longer just a nice to have as the us space force and department of the air force leadership has said many times over the past couple of years space is becoming congested and contested and that contested aspect means that we've got to focus on cyber security uh in the same way that the banking industry and cyber commerce focus on uh cyber security day in and day out the value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer from the ground control segments associated with it and this value is not just military it's also economic and it's not just american it's also a value for the entire world particularly particularly our allies as we all depend upon space and space systems your neighbors and friends here in california that are employed at the space and missile system center uh work with network defenders we work with our commercial contractors and our systems developers um our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global commons of space free and open for exploration and for commerce um as john and i were talking earlier before we came online there's an aspect of cyber security for space systems especially for some of our legacy systems that's more how do we bolt this on because we fielded those space systems a number of years ago and the the challenges of cyber security in the space domain have grown so we have a part that we have to worry about bolting it on but then we have to worry about building it in as we as we field new systems and build in a flexibility that that realizes that the cyber threat or the cyber security landscape will evolve over time it's not just going to be stagnant there will always be new vulnerabilities and new threat vectors that we always have to look at look uh as secretary barrett who is our secretary of the air force likes to say most americans use space before they have their first cup of coffee in the morning the american way of life really depends on space and as part of the united states space force we work with defense leaders our congress joint and international military teammates and industry to ensure american leadership in space i really thank you for this opportunity to address the audience today john and thanks so much to cal poly for letting me be one of the speakers at this event i really look forward to this for uh several months and so with that i look forward to your questions as we kind of move along here general thank you very much for the awesome uh introductory statement uh for the folks watching on the stream brigadier general carthan is going to be in the chat answering any questions feel free to chat away he's the vice commander of space and missile systems center he'll be available um a couple comments from your keynote before i get to my questions because it just jumped in my head you mentioned the benefits of say space but the fires in california we're living that here that's really real time that's a benefit you also mentioned the ability for more people launching payloads into space and i only imagine moore's law smaller faster cheaper applies to rockets too so i'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned so you know is it going to be more rules around that i mean this is an interesting question because it's exciting space force but for all the good there is potentially bad out there yeah so i i john i think the uh i think the basics of your question is as space becomes more congested and contested is there a need for more international norms of how satellites fly in space what kind of basic features satellites have to perhaps deorbit themselves what kind of basic protections does do all satellites should all satellites be afforded as part of a peaceful global commons of space i think those are all fantastic questions and i know that u.s and many uh allied policy makers are looking very very hard at those kinds of questions in terms of what are the norms of behavior and how we uh you know how how we field and field is the military term but you know how we uh populate uh using civil or uh commercial terms uh that space layer at different altitudes uh low earth orbit mid mid-earth orbit geosynchronous earth orbit different kinds of orbits uh what the kind of mission areas we accomplish from space that's all things that need to be definitely taken into account as uh as the place gets a little bit not a little bit as the place gets increasingly more popular day in and day out well i'm super excited for space force i know that a new generation of young folks are really interested in it's an emerging changing great space the focus here at this conference is space and cyber security intersection i'd like to get your thoughts on the approach that space force is taking to cyber security and how it impacts our national goals here in the united states yeah yeah so that's a that's a great question john let me let me talk about in two uh two basic ways but number one is and and i know um some people in the audience this might make them a little bit uncomfortable but i have to talk about the threat right um and then relative to that threat i really have to talk about the importance of uh of cyber and specifically cyber security as it relates to that threat um the threats that we face um really represent a new era of warfare and that new era of warfare involves both space and cyber uh we've seen a lot of action in recent months uh from certain countries notably china and russia uh that have threatened what i referred to earlier as the peaceful global commons of space for example uh it through many unclassified sources and media sources everybody should understand that um uh the russians have been testing on orbit uh anti-satellite capabilities it's been very clear if you were following just the week before last the department of defense released its uh 2020 military and security developments involving the people's republic of china um uh and uh it was very clear that china is developing asats electronic jammers directed energy weapons and most relevant to today's discussion offensive cyber uh capabilities there are kinetic threats uh that are very very easy to see but a cyber attack against a critical uh command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of gps and important to note that that gps system also impacts many civilians who are dependent upon those systems from a first response perspective and emergency services a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to a system to mislead operators so that they send emergency services personnel to the to the wrong address right attacks on spacecraft on orbit whether directly via a network of intrusion or enabled through malware introduced during the systems production uh while we're building the satellite can [ __ ] or corrupt the data denial of service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control i mean if gps went down i you know i hesitate to say it this way because we might elicit some screams from the audience but if gps went down a starbucks wouldn't be able to handle your mobile order uber drivers wouldn't be able to find you and domino's certainly certainly wouldn't be able to get there in 30 minutes or less right so with a little bit of tongue-in-cheek there from a military operations perspective it's dead serious um uh we have become accustomed in the commercial world to threats like lance ransomware and malware and those things have unfortunately become commonplace in commercial terrestrial networks and computer systems however what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled if you will to use against our national security space systems uh day in and day out um as i said during my opening remarks on the importance of cyber the value of these systems is directly tied to their integrity if commanders in the field uh firefighters in california or baristas in in starbucks can't trust the data they see they're receiving then that really harms their decision-making capabilities one of the big trends we've recently seen is the mood move towards proliferated leo uh uh constellations obviously uh spacex's uh starlink uh on the commercial side and on the military side the work that darpa and my organization smc are doing on blackjack and casino as well as some space transport layer constellation work that the space development agency is designing are all really really important types of mesh network systems that will revolutionize how we plan and field warfighting systems and commercial communications and internet providing systems but they're also heavily reliant on cyber security uh we've got to make sure that they are secured to avoid an accident or international damage uh loss of control of these constellations really could be catastrophic from both a mission perspective or from uh you know satellites tumbling out of low earth orbit perspective another trend is introductions in artificial intelligence and machine learning on board spacecraft or at the edge our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector they're basically flying boxes full of software right and we need to ensure the data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms govern governing the right actions and that those uh that those systems are impervious to the extent possible uh to nefarious uh modifications so in summation a cyber security is vital element of everything in our national security space goals and i would argue for our national uh goals uh writ large including uh economic and information uh uh dimensions uh the space force leadership at all levels uh from uh some of the brand new second lieutenants that general raymond uh swore into the space force this morning uh ceremonially from the uh air force association's air space and cyberspace conference uh to the various highest levels general raymond uh general d t thompson myself and a number of other senior leaders in this enterprise we've got to make sure that we're all working together to keep cyber security at the forefront of our space systems because it they absolutely depend on it you know you mentioned uh hardware software threats opportunities challenges i want to ask you because you you got me thinking of the minute there around infrastructure i mean we've heard critical infrastructure you know grids here on on earth you're talking about critical infrastructure a redefinition of what critical infrastructure is an extension of what we have so i'd love to get your thoughts about space force's view of that critical infrastructure vis-a-vis the threat vectors because you know the term threat vectors has been kicked around in the cyber space oh yeah threat vectors they're always increasing the surface area well if the surface area is from space it's an unlimited surface area so you got different vectors so you got new critical infrastructure developing real time really fast and you got an expanded threat vector landscape putting that in perspective for the folks that aren't really inside the ropes on these critical issues how would you explain this and how would you talk about those two things well so i tell you um i just like um uh just like uh i'm sure people in the security side or the cyber security side of the business in the banking industry feel they feel like it's uh all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system to the financial sector on the department of defense side we've got to have sort of the same mindset um that threat vector from to and through space against critical space systems ground segments the launch enterprise or transportation uh to orbit and the various different uh domains within uh within space itself like i mentioned before uh leo mio and geo-based satellites with different orbits all of the different mission areas that are accomplished from space that i mentioned earlier some that i didn't mention like weather tactical or wide band communications uh various new features of space control all of those are things that we have to worry about from a cyber security uh threat perspective and it's a it's a daunting challenge right now right yeah it's awesome and one of the things we've been following on the hardware side here in the on the ground is the supply chain we've seen you know malware being you know really put into really obscure hardware who manufactures it as being outsourced obviously government has restrictions but with the private sector uh you mentioned china and and the us kind of working together across these these peaceful areas but you got to look at the supply chain how does the supply chain the security aspect impact the mission of the u.s space force yeah yeah so so um how about another um just in terms of an example another kind of california-based historical example right um the very first u.s satellite uh explorer one was built by uh the jet propulsion uh laboratory folks uh not far from here in el segundo up in uh up in pasadena um that satellite when it was first built in the late 50s uh weighed a little bit over 30 pounds and i'm sure that each and every part was custom made and definitely made by u.s companies fast forward to today the global supply chain is so tightly coupled and frankly many industries are so specialized almost specialized regionally around the planet we focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them but it becomes more difficult and more difficult to understand the the heritage if you will of some of the parts that are used the thousands of parts that are used in some of our satellites that are literally school bus sized right the space industry especially uh national security space sector um uh is relatively small compared to other commercial industries and we're moving to towards using more and more parts uh from non-us companies uh cyber security and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily um understand 100 percent like an explorer one uh the the lineage of that particular part the environmental difficulties in space are well known the radiation environment the temperature extremes the vacuum those require specialized component and the us military is not the only uh customer in that space in fact we're definitely not the dominant customer uh in space anymore all those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains from a quality perspective a security perspective and availability um there's open source reporting on supply training intrusions from um many different breaches of commercial retailers to the infectious spread of uh you know compromised patches if you will and our adversaries are aware of these techniques as i mentioned earlier with other forms of attack considering our supply chains and development networks really becomes fair game for our adversaries so we have to uh take that threat seriously um between the government and industry sectors here in the u.s we're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities last fall we completed an extensive review of all of our major contracts here at space and missile system center to determine the levels of cyber security requirements we've implemented across our portfolio and it sounds really kind of you know businessy geeky if you will you know hey we looked at our contracts to make sure that we had the right clauses in our contracts to address cyber security as dynamically as we possibly could and so we found ourselves having to add new language to our contracts to require system developers to implement some more advanced uh protective measures in this evolving cyber security environment so that data handling and supply chain perspective uh protections um from contract inception to launch and operations were taken into account uh cyber security really is a key performance parameter for us now it's as important as the the mission performance of the system it's as important as cost it's as important as schedule because if we deliver the perfect system on time and on cost uh it can perform that missile warning or that communications mis mission perfectly but it's not cyber secure if it doesn't have cyber protections built into it or the ability to implement mitigations against cyber uh threats then we've essentially fielded a shoe box in space that doesn't do the k the the war fighter or the nation uh any good um supply chain risk management is a is a major challenge for us uh we're doing a lot to coordinate with our industry partners uh we're all facing it head on uh to try and build secure and trusted components uh that keep our confidence as leaders firefighters and baristas uh as the case may be uh but it is a challenge and we're trying to rise to that challenge you know this so exciting this new area because it really touches everything you know talk about geeking out on on the tech the hardware the systems but also you put your kind of mba hat on you go what's the roi of the extra development and how you how things get built because the always the exciting thing for space geeks is like you're building cool stuff people love it's it's exciting but you still have to build and cyber security has proven that security has to be baked in from the beginning and be thought as a system architecture so you're still building things which means you've got to acquire things you got to acquire parts you got to acquire build software and and sustain it how is security impacting the acquisition and the sustainment of these systems for space yeah from initial development uh through planning for the acquisition design development fielding or production fielding and sustainment it impacts all aspects of of the life cycle john uh we simply especially from the concept of baking in cyber security uh we can't wait until something is built and then try and figure out how to make it cyber secure so we've moved way further uh towards working side by side with our system developers to strengthen cyber security from the very beginning of a system's development cyber security and the resilience associated with it really have to be treated as a key system attribute as i mentioned earlier equivalent with data rates or other metrics of performance we like to talk in uh in the space world about uh mission assurance and mission assurance has always you know sort of taken us as we as we technically geek out right mission assurance has always taken us to the will this system work in space right can it work in a vacuum can it work in you know as it as it uh you know transfers through uh the van allen radiation belt or through the the um the southern hemisphere's electromagnetic anomaly right will it work out in space and now from a resiliency perspective yeah it has to work in space it's got to be functional in space but it's also got to be resistant to these cyber security threats it's it's not just i think uh general dt thompson quoted this term it's not just widget assurance anymore it's mission assurance um uh how does that satellite uh operator that ground control segment operate while under attack so let me break your question a little bit uh just for purposes of discussion into into really two parts uh cyber uh for cyber security for systems that are new and cyber security uh for systems that are in sustainment or kind of old and legacy um obviously there's cyber vulnerabilities that threaten both and we really have to employ different strategies for for defense of of each one for new systems uh we're desperately trying to implement across the department of defense in particular in the space world a kind of a devsecops methodology and practice to delivering software faster and with greater security for our space systems here at smc we have a program called enterprise ground services which is a tool kit basically a collection of tools for common command and control of different satellite systems egs as we call it has an integrated suite for defensive cyber capabilities network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of of bad behavior malicious behavior if you will um uh it's rudimentary at this point but because we're using devsecops and that incremental development approach as we scale it it just becomes more and more capable you know every every product increment that we field here at uh at uh la air force base uh uh we have the united space space forces west coast software factory which we've dubbed kobayashi maru they're using those agile devops uh software development practices uh to deliver uh space awareness software uh to the combined space operations center uh affectionately called the csp that c-spock is just down the road uh from cal poly uh there in san luis obispo at vandenberg air force base they've securely linked the c-spock with other space operation centers around the planet our allies australia canada and the uk uh we're partnering with all of them to enable secure and enhanced combined space operations so lots of new stuff going on as we bake in new development uh capabilities for our our space systems but as i mentioned earlier we've got large constellations on satellite of satellites on orbit right now some of them are well in excess of a decade or more old on orbit and so the design aspects of those satellites are several decades old and so but we still have to worry about them because they're critical to our space capabilities um we've been working with an air force materiel command organization uh called crows which stands for the cyber resiliency office for uh weapon systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to to live through this increasingly cyber security uh concerned era that we currently live in our industry partners have been critical to to both of those different avenues both new systems and legacy systems we're working closely with them to defend and upgrade uh national assets and develop the capabilities to do similar with uh with new national assets coming online the vulnerabilities of our space systems really kind of threaten the way we've done business in the past both militarily and in the case of gps economically the impacts of that cyber security risk are clear in our acquisition and sustainment processes but i've got to tell you it that as the threat vectors change as the vulnerabilities change we've got to be nimble enough agile enough to be able to bounce back and forth we can't just say uh many people in the audience are probably familiar with the rmf or the risk management framework approach to um to reviewing uh the cyber security of a system we can't have program managers and engineers just accomplish an rmf on a system and then hey high five we're all good uh it's a journey not a destination that's cyber security and it's a constant battle rhythm throughout a weapon systems life cycle not just a single event i want to get to this commercial business needs and your needs on the next question but before i go there you mentioned the agile and i see that clearly because when you have accelerated innovation cycles you've got to be faster and we saw this in the computer industry mainframes mini computers and then when you started getting beyond me when the internet hit and pcs came out you saw the big enterprises the banks and and government start to work with startups it used to be a joke in the entrepreneurial circles is that you know there's no way if you're a startup you're ever going to get a contract with a big business enterprise now that used to be for public sector and certainly uh for you guys so as you see startups out there and there's acquisition involved i'm sure would love to love to have a contract with space force there's an roi calculation where if it's in space and you have a sustainment view edit software you might have a new kind of business model that could be attractive to startups could you share your thoughts on the folks who want to be a supplier to you uh whether they're a startup or an existing business that wants to be agile but they might not be that big company we are john that's a fantastic question we are desperately trying to reach out to to those new space advocates to those startups to those um what we sometimes refer to within the department of defense those non-traditional uh defense contractors a couple of things just for uh thinking purposes on some of the things that we're trying to highlight um uh three years ago we created here at uh space and missile system center uh the space enterprise consortium uh to provide a platform uh a contractual vehicle really to enable us to rapidly prototype uh development of space systems and to collaborate uh between the u.s space force uh traditional defense contractors non-traditional vendors like startups and even some academic institutions uh spec as we call it space enterprise consortium uses a specialized contracting tool to get contracts uh awarded quickly many in the audience may be familiar with other transaction agreements and that's what spec is based on and so far in just three years spec has awarded 75 different uh prototyping contracts worth over 800 million dollars with a 36 reduction in time to award and because it's a consortium based competition for um for these kinds of prototyping efforts the barrier to entry for small and non-traditional for startups even for academic institutions to be able to compete for these kinds of prototypings is really lowered right um uh these types of partnerships uh that we've been working through on spec uh have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security uh for their systems both their developmental systems and the systems that they're designing and trying to build we want to provide ways for companies large and small to partner together and support um uh kind of mutually beneficial uh relationships between all um recently uh at the annual air force association uh conference that i mentioned earlier i moderated a panel with several space industry leaders uh all from big traditional defense contractors by the way and they all stressed the importance of building bridges and partnerships uh between major contractors in the defense industry and new entrants uh and that helps us capture the benefits of speed and agility that come with small companies and startups as well as the expertise and specialized skill sets of some of those uh larger contractors uh that we rely on day in and day out advanced cyber security protections and utilization of secure facilities are just a couple of things that i think we could be prioritizing more so in those collaborations as i mentioned earlier the spec has been very successful in awarding a number of different prototyping contracts and large dollar values and it's just going to get better right there's over 400 members of the space enterprise consortium 80 of them are non-traditional kinds of vendors and we just love working with them another thing that many people in the audience may be familiar with in terms of our outreach to innovators uh if you will and innovators that include uh cyber security experts is our space pitch day events right so we held our first event last november in san francisco uh where we awarded over a two-day period about 46 million dollars to 30 different companies um that had potentially game-changing ideas these were phase two small business innovative research efforts uh that we awarded with cash on the spot uh we're planning on holding our second space pitch day in the spring of 2021. uh we're planning on doing it right here in los angeles uh covent 19 environment permitting um and we think that these are you know fantastic uh uh venues for identifying and working with high-speed startups startups and small businesses who are interested in uh really truly partnering with the us air force it's a as i said before it's a really exciting time to be a part of this business uh and working with the innovation economy uh is something that the department of defense uh really needs to do in that um the innovation that we used to think was ours you know that 80 percent of the industrial-based innovation that came from the department of defense uh the the script has been flipped there and so now more than 70 percent uh particularly in space innovation uh comes from the commercial sector not from uh not from the defense business itself and so um that's a tsunami of uh investment and a tsunami of uh capability and i need to figure out how to get my surfboard out and ride it you know what i mean yeah i mean it's one of those things where the flip the script has been flipped but it's exciting because it's impacting everything are you talking about systems architecture you're talking about software you're talking about a business model you talk about devsecops from a technical perspective but now you have a business model innovation all the theaters of uh are exploding in innovation technical business personnel this brings up the workforce challenge you've got the cyber needs for the u.s space force there's probably a great roi model for new kinds of software development that could be priced into contracts that's a entrepreneurial innovation you got the the business model theater you've got the personnel how does the industry adopt and change you guys are clearly driving this how does the industry adjust to you yeah so um i think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the u.s space force from a from an acquisition perspective and in this particular case from a from a cyber security perspective as i mentioned earlier it's the most exciting time to be in space programs uh really since the days of apollo um uh you know just to put it in terms that you know maybe have an impact with the audience uh from 1957 until today approximately 9 000 satellites uh have been launched from the various space faring countries around the planet uh less than two thousand of those nine thousand are still up on orbit and operational and yet in the new space regime um players like spacex have plans to launch you know 12 000 satellites for some of their constellations alone it really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities whether they're commercial civil or defense are going to require appropriate cyber security uh protections it's just a really exciting time uh to be working in stuff like this and so uh folks like the folks in this audience who have a passion about space and a passion about cyber security are just the kind of people that we want to work with because we need to make sure our systems are are secure and resilient we need folks that have technical and computing expertise engineering skills to be able to design cybersecure systems that can detect and mitigate attacks uh but we also as you alluded to we need people that have that business and um you know business acumen human networking background so that we can launch the startups and work with the non-traditional businesses uh help to bring them on board help to secure both their data and our data and uh and and make sure our processes and systems are are free as much as possible from uh uh from attack um for preparation for for audience members who are young and maybe thinking about getting into this uh trade space um you gotta be smart on digital networking uh you gotta understand basic internet protocols concepts uh programming languages uh database design uh learn what you can from penetration or vulnerability testing and and uh risk assessment i will tell you this and i don't think he will i know he will not mind me telling you this but you've got to be a lifelong learner and so two years ago i'm at home one evening and i get a phone call on my cell phone and it's my boss the commander of air force space command uh general j raymond who is now currently the chief of space operations and he is on temporary duty flying overseas he lands where he's going and he first thing he does when he lands is he calls me and he goes jt um while i was traveling um i noticed that there were e-books available on the commercial airliner i was traveling on and there was an e-book on something called scrumming and agile devsecops and i read it have you read it um and i said no sir but if you tell me what the title of the book is i will read it and so i got to go to my staff meeting um you know the very next week the next time we had a staff meeting and tell everybody in the stab meeting hey if the four star and the three star can read the book about scrumming then i'm pretty sure all of you around this table and all our lieutenants and our captains our gs13s all of our government employees can get smart on uh the scrumming development process and interestingly as another side i had a telephone call with him last year during the holidays where he was trying to take some leave and i said sir what are you up to today are you are you you know making eggnog for the event tonight or whatever and the chief of space operations told me no i'm trying to teach myself python i'm at lesson two and it's not going so well but i'm i'm gonna figure this out and so that kind of thing if the chief of staff or the you know the the the chief of space operations can prioritize scrumming and python language and innovation in his daily schedule then we're definitely looking for other people who can do that and we'll just say lower levels of rank uh throughout our entire space force enterprise um look i i we don't need to need people that can code a satellite from scratch but we need to know we need to have people that have a basic grasp of the programming basics and cyber security requirements and that can turn those things into into meaningful actions obviously in the space domain things like basic physics and orbital mechanics are also important uh space is not an intuitive uh domain so under understanding how things survive uh on orbit is really critical to making the right design and operational decisions and you know i know there's probably a lot because of this conference i know there's a probably a whole lot of high-speed cyber security experts out in the audience and i need those people in the u.s space force the the country is counting on it but i wouldn't discount having people that are just cyber aware or cyber savvy right i have contracting officers and logisticians and program managers and they don't have to be high-end cyber security experts but they have to be aware enough about it to be able to implement cyber security protections um into our space system so the skill set is is really really broad um our adversaries are pouring billions of dollars into uh define designing uh and fielding offensive and destructive space cyber security weapons right they've repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit and the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that as i mentioned before peaceful uh global commons of space we really need all hands on deck if you're interested in helping in uniform if you're interested in helping uh not in uniform uh but as a government employee a commercial or civil employee to help us make cyber security more important uh or more cape more able to be developed for our space systems then we'd really love to uh to work with you or have you on the team to build that safe and secure future for our space systems lieutenant general john thompson great insight thank you for sharing all that awesome stories too and motivation for the young next generation the united states space force approach of cyber security really amazing talk thank you for your time final parting question is as you look out and you had your magic wand what's your view for the next few years in terms of things that we could accomplish it's a super exciting time what do you hope for so um um first of all john thanks to you and and thanks to cal poly uh for the invitation and and thanks to everybody for uh for their interest in cyber security especially as it relates to space systems that's here at the conference um uh there's a quote and i'll read it here uh from uh bernard schriever who was the uh the founder if you will uh a legend in uh dod space the founder of the western development division which was a predecessor organization to space and missile systems center general shrever i think captures the essence of what how we see the next couple of years the world has an ample supply of people who can always come up with a dozen good reasons why new ideas will not work and should not be tried but the people who produce progress are breed apart they have the imagination the courage and the persistence to find solutions and so i think if you're hoping that the next few years of space innovation and cyber security innovation are going to be a pony ride at the county fair then perhaps you should look for another line of work because i think the next few years in space and cyber security innovation are going to be more like a rodeo um and a very dynamic rodeo as it goes it is a an awesome privilege to be part of this ecosystem it's really an honor for me to um to be able to play some small role uh in the space ecosystem and trying to improve it uh while i'm trying to improve the chances of uh of the united states of america in a uh in a space war fighting uh uh environment um and so i thank all of you for uh participating today and for this little bit of time that you've allowed me to share with you thank you sir thank you for your leadership and thank you for the for the time for this awesome event space and cyber security symposium 2020 i'm john furrier on behalf of cal poly thanks for watching [Music]

>> Narrator: From around the globe. It's theCUBE covering space in cybersecurity symposium 2020 hosted by Cal Poly. >> Hello, everyone. Welcome to the space and cybersecurity symposium, 2020 hosted by Cal Poly where the intersection of space and security are coming together. I'm John Furrier, your host with theCUBE here in California. I want to welcome our featured guest, Lieutenant General, John F. Thompson with the United States Space Force approach to cybersecurity. That's the topic of this session. And of course he's the commander of the space and missile system center in Los Angeles Air Force Base. Also heading up Space Force. General, thank you for coming on. I really appreciate to you kicking this off. Welcome to the symposium. >> Hey, so thank you very much, John, for that very kind introduction. Also very much thank you to Cal Poly for this opportunity to speak to this audience today. Also a special shout out to one of the organizers, Dustin Debrun, for all of his work, helping get us to this point. Ladies and gentlemen as a John mentioned, I'm JT Thompson. I lead the 6,000 men and women of the United States Space Force's Space and Missile System Center, which is headquartered here at Los Angeles Air Force Base and El Segundo. If you're not quite sure where that's at, it's about a mile and a half from LAX. This is our main operating location, but we do have a number of other operating locations around the country. We're about 500 people at Kirtland Air Force Base in Albuquerque, New Mexico, and an about another 500 people on the front range of the Rockies between Colorado Springs and Denver plus a smattering of other much smaller operating locations nationwide. We're responsible for acquiring, developing and sustaining the United States Space Force's, critical space assets. That includes the satellites in the space layer and also on the ground layer our ground segments to operate those satellites. And we also are in charge of procuring launch services for the US Space Force and a number of our critical mission partners across the Department of Defense and the intelligence community. Just as a couple of examples of some of the things we do, if you're unfamiliar with our work we developed and currently sustain the 31 satellite GPS constellation that satellite constellation, while originally intended to help with global navigation, those GPS signals have provided trillions of dollars in unanticipated value to the global economy over the past three decades. GPS is everywhere. I think everybody realizes that. Agriculture, banking, the stock market, the airline industry, separate and distinct navigation systems. It's really pervasive across both capabilities for our Department of Defense and capabilities for our economy and individuals, billions of individuals across our country and the planet. Some of the other work we do for instance, in the communications sector, secure communications satellites that we designed and build that link America's sons and daughters serving in the military around the world and really enable real time support and comms for our deployed forces. And those of our allies. We also acquire infrared missile warning satellites that monitor the planet for missile launches that provide advanced warning to the US Homeland and to our allies in case some of those missile launches are nefarious. On a note, that's probably a lot closer to home, maybe a lot closer to home than many of us want to think about here in the state of California. In 2018, SMC jumped through a bunch of red tape and bureaucracy to partner with the US Forest Service during two of the largest wildfires in the state's history, the Camp and Woolsey fires in Northern California. As those fires spread out of control, we created processes on the fly to share data from our missile warning satellites. Those are satellites that are systems that are purpose built to see heat sources from thousands of miles above the planet. And we collaborated with the US Forest Service so that firefighters on the ground could track those fires more in real time and better forecast fires and where they were spreading, thereby saving lives and property by identifying hotspots and flareups for firefighters. That data that we were able to working with our contractors pass to the US Forest Service and authorities here in California, was passed in less than an hour as it was collected to get it into the hands of the emergency responders, the first responders as quickly as possible and doing that in an hour greatly surpassed what was available from some of the other assets in the airborne and ground-based fire spotters. It was really instrumental in fighting those fires and stopping their spread. We've continued that involvement in recent years, using multiple systems to support firefighters across the Western US this fall, as they battled numerous wildfires that unfortunately continue. Working together with the US Forest Service and with other partners we'd like to think that we've made a difference here, but there's still a lot more work to go. And I think that we should always be asking ourselves what else can space data be used for and how can we more rapidly get that space data to stakeholders so that they can use it for purposes of good, if you will. How else can we protect our nation? How else can we protect our friends and allies? I think a major component of the discussion that we will have throughout this conference is that the space landscape has changed rapidly and continues to change rapidly. Just over the past few years, John and I were talking before we went live here and 80 nations now have space programs. Nearly 80 space faring nations on the planet. If you just look at one mission area that the Department of Defense is interested in, and that's small launch, there are currently over 100 different small launch companies within the US industrial base vying for commercial DoD and civil payload capabilities, mostly to lower earth orbit. It's truly a remarkable time. If you factor in those things like artificial intelligence and machine learning, where we're revolutionizing really, the ways that we generate process and use data. It's really remarkable. In 2016, so if you think about this four years ago, NASA estimated that there were 28 terabytes of information transiting their space network each day. And that was four years ago. Obviously we've got a lot of desire to work with a lot of the people in the audience in this conference, we need to work with big thinkers, like many of you to answer questions on how best we apply data analytics to extract value and meaning from that data. We need new generations of thinkers to help apply cutting edge theories of data mining, cyber behaviorism, and Internet of Things 2.0, it's just truly a remarkable time to be in the space business and the cyber aspects of the space business are truly, truly daunting and important to all of us. Integrating cyber security into our space systems, both commercial and government is a mandate. it's no longer just a nice to have as the US Space Force and Department of the Air Force leadership has said many times over the past couple of years, space is becoming congested and contested. And that contested aspect means that we've got to focus on cyber security in the same way that the banking industry and cyber commerce focus on cybersecurity day in and day out. The value of the data and services provided is really directly tied to the integrity and availability of that data and services from the space layer, from the ground control segments associated with it. And this value is not just military, it's also economic and it's not just American, it's also a value for the entire world, particularly our allies, as we all depend upon space and space systems. Your neighbors and friends here in California that are employed at the space and missile system center work with network defenders. We work with our commercial contractors and our systems developers, our international allies and partners to try and build as secure and resilient systems as we can from the ground up that keep the global comments of space free and open for exploration and for commerce as John and I were talking earlier, before we came online, there's an aspect of cybersecurity for space systems, especially for some of our legacy systems, that's more, how do we bolt this on? Cause we fielded those space systems a number of years ago, and the challenges of cybersecurity in the space domain have grown. So we have a part that we have to worry about, bolting it on, but then we have to worry about building it in as we field new systems and build in a flexibility that realizes that the cyber threat or the cybersecurity landscape will evolve over time. It's not just going to be stagnant. There will always be new vulnerabilities and new threat vectors that we all have to look at. Look, as Secretary Barrett, who is our secretary of the air force likes to say most Americans use space before they have their first cup of coffee in the morning. The American way of life really depends on space. And as part of the United States Space Force, we work with defense leaders, our Congress joint, and international military teammates and industry to ensure American leadership in space. I really thank you for this opportunity to address the audience today, John, and thanks so much to Cal Poly for letting me be one of the speakers at this event. I've really looked forward to this for several months. And so with that, I look forward to your questions as we kind of move along here. >> General, thank you very much for those awesome introductory statement. For the folks watching on the stream, Brigadier General Carthan's going to be in the chat, answering any questions, feel free to chat away. He's the vice commander of Space and Missile System Center, he'll be available. A couple of comments from your keynote before I get to my questions. Cause it just jumped into my head. You mentioned the benefits of say space with the fires in California. We're living that here. That's really realtime. That's a benefit. You also mentioned the ability for more people launching payloads into space. I'm only imagined Moore's law smaller, faster, cheaper applies to rockets too. So I'm imagining you have the benefits of space and you have now more potential objects flying out sanctioned and maybe unsanctioned. So is it going to be more rules around that? This is an interesting question cause it's exciting Space Force, but for all the good there is potentially bad out there. >> Yeah. So John, I think the basics of your question is as space becomes more congested and contested, is there a need for more international norms of how satellites fly in space? What kind of basic features satellites have to perhaps de orbit themselves? What kind of basic protections should all satellites be afforded as part of a peaceful global commons of space? I think those are all fantastic questions. And I know that US and many allied policy makers are looking very, very hard at those kinds of questions in terms of what are the norms of behavior and how we field, and field as the military term. But how we populate using civil or commercial terms that space layer at different altitudes, lower earth orbit, mid earth orbit, geosynchronous earth orbit, different kinds of orbits, what the kind of mission areas we accomplished from space. That's all things that need to be definitely taken into account as the place gets a little bit, not a little bit as the place gets increasingly more popular day in and day out. >> I'm super excited for Space Force. I know that a new generation of young folks are really interested in it's an emerging, changing great space. The focus here at this conference is space and cybersecurity, the intersection. I'd like to get your thoughts on the approach that a space force is taking to cybersecurity and how it impacts our national goals here in the United States. >> Yeah. So that's a great question John, let me talk about it in two basic ways. At number one is an and I know some people in the audience, this might make them a little bit uncomfortable, but I have to talk about the threat. And then relative to that threat, I really have to talk about the importance of cyber and specifically cyber security, as it relates to that threat. The threats that we face really represented a new era of warfare and that new era of warfare involves both space and cyber. We've seen a lot of action in recent months from certain countries, notably China and Russia that have threatened what I referred to earlier as the peaceful global commons of space. For example, it threw many unclassified sources and media sources. Everybody should understand that the Russians have been testing on orbit anti-satellite capabilities. It's been very clear if you were following just the week before last, the Department of Defense released its 2020 military and security developments involving the People's Republic of China. And it was very clear that China is developing ASATs, electronic jammers, directed energy weapons, and most relevant to today's discussion, offensive cyber capabilities. There are kinetic threats that are very, very easy to see, but a cyber attack against a critical command and control site or against a particular spacecraft could be just as devastating to the system and our war fighters in the case of GPS and important to note that that GPS system also impacts many civilians who are dependent on those systems from a first response perspective and emergency services, a cyber attack against a ground control site could cause operators to lose control of a spacecraft or an attacker could feed spoofed data to assist them to mislead operators so that they sent emergency services personnel to the wrong address. Attacks on spacecraft on orbit, whether directly via a network intrusion or enabled through malware introduced during the system's production while we're building the satellite can cripple or corrupt the data. Denial-of-service type attacks on our global networks obviously would disrupt our data flow and interfere with ongoing operations and satellite control. If GPS went down, I hesitate to say it this way, cause we might elicit some screams from the audience. But if GPS went down a Starbucks, wouldn't be able to handle your mobile order, Uber drivers wouldn't be able to find you. And Domino's certainly wouldn't be able to get there in 30 minutes or less. So with a little bit of tongue in cheek there from a military operations perspective, it's dead serious. We have become accustomed in the commercial world to threats like ransomware and malware. And those things have unfortunately become commonplace in commercial terrestrial networks and computer systems. However, what we're seeing is that our adversaries with the increased competition in space these same techniques are being retooled, if you will, to use against our national security space systems day in and day out. As I said, during my opening remarks on the importance of cyber, the value of these systems is directly tied to their integrity. If commanders in the field, firefighters in California or baristas in Starbucks, can't trust the data they're receiving, then that really harms their decision making capabilities. One of the big trends we've recently seen is the move towards proliferated LEO constellations, obviously Space X's Starlink on the commercial side and on the military side, the work that DARPA and my organization SMC are doing on Blackjack and Casino, as well as some space transport layer constellation work that the space development agency is designing are all really, really important types of mesh network systems that will revolutionaries how we plan and field war fighting systems and commercial communications and internet providing systems. But they're also heavily reliant on cybersecurity. We've got to make sure that they are secured to avoid an accident or international damage. Loss of control of these constellations really could be catastrophic from both a mission perspective or from a satellites tumbling out of low earth orbit perspective. Another trend is introductions in artificial intelligence and machine learning, onboard spacecraft are at the edge. Our satellites are really not so much hardware systems with a little software anymore in the commercial sector and in the defense sector, they're basically flying boxes full of software. And we need to ensure that data that we're getting out of those flying boxes full of software are helping us base our decisions on accurate data and algorithms, governing the right actions and that those systems are impervious to the extent possible to nefarious modifications. So in summation, cybersecurity is a vital element of everything in our national security space goals. And I would argue for our national goals, writ large, including economic and information dimensions, the Space Force leadership at all levels from some of the brand new second lieutenants that general Raymond swore in to the space force this morning, ceremonially from the air force associations, airspace and cyberspace conference to the various highest levels, General Raymond, General DT Thompson, myself, and a number of other senior leaders in this enterprise. We've got to make sure that we're all working together to keep cyber security at the forefront of our space systems cause they absolutely depend on it. >> You mentioned hardware, software threats, opportunities, challenges. I want to ask you because you got me thinking of the minute they're around infrastructure. We've heard critical infrastructure, grids here on earth. You're talking about critical infrastructure, a redefinition of what critical infrastructure is, an extension of what we have. So I'd love to get your thoughts about Space Force's view of that critical infrastructure vis-a-vis the threat vectors, because the term threat vectors has been kicked around in the cyberspace. Oh you have threat vectors. They're always increasing the surface area. If the surface area is from space, it's an unlimited service area. So you got different vectors. So you've got new critical infrastructure developing real time, really fast. And you got an expanded threat vector landscape. Putting that in perspective for the folks that aren't really inside the ropes on these critical issues. How would you explain this and how would you talk about those two things? >> So I tell you, just like, I'm sure people in the security side or the cybersecurity side of the business in the banking industry feel, they feel like it's all possible threat vectors represent a dramatic and protect potentially existential threat to all of the dollars that they have in the banking system, to the financial sector. On the Department of Defense side, we've got to have sort of the same mindset. That threat vector from, to, and through space against critical space systems, ground segments, the launch enterprise, or transportation to orbit and the various different domains within space itself. Like I mentioned before, LEO, MEO and GEO based satellites with different orbits, all of the different mission areas that are accomplished from space that I mentioned earlier, some that I did mention like a weather tactical or wide band communications, various new features of space control. All of those are things that we have to worry about from a cyber security threat perspective. And it's a daunting challenge right now. >> Yeah, that's awesome. And one of the things we've been falling on the hardware side on the ground is the supply chain. We've seen, malware being, really put in a really obscure hardware. Who manufactures it? Is it being outsourced? Obviously government has restrictions, but with the private sector, you mentioned China and the US kind of working together across these peaceful areas. But you got to look at the supply chain. How does the supply chain in the security aspect impact the mission of the US space Force? >> Yeah. Yeah. So how about another, just in terms of an example, another kind of California based historical example. The very first US Satellite, Explorer 1, was built by the jet propulsion laboratory folks, not far from here in El Segundo, up in Pasadena, that satellite, when it was first built in the late 50s weighing a little bit, over 30 pounds. And I'm sure that each and every part was custom made and definitely made by US companies. Fast forward to today. The global supply chain is so tightly coupled, and frankly many industries are so specialized, almost specialized regionally around the planet. We focus every day to guarantee the integrity of every component that we put in our space systems is absolutely critical to the operations of those satellites and we're dependent upon them, but it becomes more difficult and more difficult to understand the heritage, if you will, of some of the parts that are used, the thousands of parts that are used in some of our satellites that are literally school bus sized. The space industry, especially national security space sector is relatively small compared to other commercial industries. And we're moving towards using more and more parts from non US companies. Cybersecurity and cyber awareness have to be baked in from the beginning if we're going to be using parts that maybe we don't necessarily understand 100% like an Explorer one, the lineage of that particular part. The environmental difficulties in space are well known. The radiation environment, the temperature extremes, the vacuum, those require specialized component. And the US military is not the only customer in that space. In fact, we're definitely not the dominant customer in space anymore. All those factors require us along with our other government partners and many different commercial space organizations to keep a very close eye on our supply chains, from a quality perspective, a security perspective and availability. There's open source reporting on supply training intrusions from many different breaches of commercial retailers to the infectious spread of compromised patches, if you will. And our adversaries are aware of these techniques. As I mentioned earlier, with other forms of attack, considering our supply chains and development networks really becomes fair game for our adversaries. So we have to take that threat seriously. Between the government and industry sectors here in the US. We're also working with our industry partners to enact stronger defenses and assess our own vulnerabilities. Last fall, we completed an extensive review of all of our major contracts here at Space and Missile System Center to determine the levels of cyber security requirements we've implemented across our portfolio. And it sounds really kind of businessy geeky, if you will. Hey, we looked at our contracts to make sure that we had the right clauses in our contracts to address cybersecurity as dynamically as we possibly could. And so we found ourselves having to add new language to our contracts, to require system developers, to implement some more advanced protective measures in this evolving cyber security environment. So that data handling and supply chain protections from contract inception to launch and operations were taken into account. Cyber security really is a key performance parameter for us now. Performance of the system, It's as important as cost, it's as important as schedule, because if we deliver the perfect system on time and on cost, it can perform that missile warning or that communications mission perfectly, but it's not cyber secure. If it's doesn't have cyber protections built into it, or the ability to implement mitigations against cyber threats, then we've essentially fielded a shoe box in space that doesn't do the CA the war fighter or the nation any good. Supply chain risk management is a major challenge for us. We're doing a lot to coordinate with our industry partners. We're all facing it head on to try and build secure and trusted components that keep our confidence as leaders, firefighters, and baristas as the case may be. But it is a challenge. And we're trying to rise to that challenge. >> This is so exciting this new area, because it really touches everything. Talk about geeking out on the tech, the hardware, the systems but also you put your kind of MBA hat on you go, what's the ROI of extra development and how things get built. Because the always the exciting thing for space geeks is like, if you're building cool stuff, it's exciting, but you still have to build. And cybersecurity has proven that security has to be baked in from the beginning and be thought as a system architecture. So you're still building things, which means you got to acquire things, you got to acquire parts, you got acquire build software and sustain it. How is security impacting the acquisition and the sustainment of these systems for space? >> Yeah. From initial development, through planning for the acquisition, design, development, our production fielding and sustainment, it impacts all aspects of the life cycle, John. We simply, especially from the concept of baking in cybersecurity, we can't wait until something is built and then try and figure out how to make it cyber secure. So we've moved way further towards working side by side with our system developers to strengthen cybersecurity from the very beginning of a systems development, cyber security, and the resilience associated with it really have to be treated as a key system attribute. As I mentioned earlier, equivalent with data rates or other metrics of performance. We like to talk in the space world about mission assurance and mission assurance has always sort of taken us as we technically geek out. Mission assurance has always taken us to the will this system work in space. Can it work in a vacuum? Can it work in as it transfers through the Van Allen radiation belt or through the Southern hemisphere's electromagnetic anomaly? Will it work out in space? And now from a resiliency perspective, yeah, it has to work in space. It's got to be functional in space, but it's also got to be resistant to these cybersecurity threats. It's not just, I think a General D.T Thompson quoted this term. It's not just widget assurance anymore. It's mission assurance. How does that satellite operator that ground control segment operate while under attack? So let me break your question a little bit, just for purposes of discussion into really two parts, cybersecurity, for systems that are new and cybersecurity for systems that are in sustainment are kind of old and legacy. Obviously there's cyber vulnerabilities that threatened both, and we really have to employ different strategies for defensive of each one. For new systems. We're desperately trying to implement across the Department of Defense and particularly in the space world, a kind of a dev sec ops methodology and practice to delivering software faster and with greater security for our space systems. Here at SMC, we have a program called enterprise ground services, which is a toolkit, basically a collection of tools for common command and control of different satellite systems, EGS as we call it has an integrated suite for defensive cyber capabilities. Network operators can use these tools to gain unprecedented insight to data flows and to monitor space network traffic for anomalies or other potential indicators of a bad behavior, malicious behavior, if you will, it's rudimentary at this point, but because we're using DevSecOps and that incremental development approach, as we scale it, it just becomes more and more capable. Every product increment that we feel. Here at LA Air Force Base, we have the United Space Force's West Coast Software Factory, which we've dubbed the Kobayashi Maru. They're using those agile DevOps software development practices to deliver a space awareness software to the combined space operations center. Affectionately called the CSpock that CSpock is just on the road from Cal Poly there in San Luis Obispo at Vandenberg Air Force Base. They've so securely linked the sea Spock with other space operation centers around the planet, our allies, Australia, Canada, and the UK. We're partnering with all of them to enable secure and enhanced combined space operations. So lots of new stuff going on as we bake in new development capabilities for our space systems. But as I mentioned earlier, we've got large constellations of satellites on orbit right now. Some of them are well in excess of a decade or more or old on orbit. And so the design aspects of those satellites are several decades old. But we still have to worry about them cause they're critical to our space capabilities. We've been working with an air force material command organization called CROWS, which stands for the Cyber Resiliency Office for Weapon Systems to assess all of those legacy platforms from a cyber security perspective and develop defensive strategies and potential hardware and software upgrades to those systems to better enable them to live through this increasingly cybersecurity concerned era that we currently live in. Our industry partners have been critical to both of those different avenues. Both new systems and legacy systems. We're working closely with them to defend and upgrade national assets and develop the capabilities to do similar with new national assets coming online. The vulnerabilities of our space systems really kind of threatened the way we've done business in the past, both militarily and in the case of GPS economically. The impacts of that cybersecurity risk are clear in our acquisition and sustainment processes, but I've got to tell you, as the threat vectors change, as the vulnerabilities change, we've got to be nimble enough, agile enough, to be able to bounce back and forth. We can't just say, many people in the audience are probably familiar with the RMF or the Risk Management Framework approach to reviewing the cyber security of a system. We can't have program managers and engineers just accomplish an RMF on a system. And then, hey, high five, we're all good. It's a journey, not a destination, that's cybersecurity. And it's a constant battle rhythm through our weapon systems lifecycle, not just a single event. >> I want to get to this commercial business needs and your needs on the next question. But before I go there, you mentioned agile. And I see that clearly because when you have accelerated innovation cycles, you've got to be faster. And we saw this in the computer industry, mainframes, mini computers, and then we started getting beyond maybe when the internet hit and PCs came out, you saw the big enterprises, the banks and government start to work with startups. And it used to be a joke in the entrepreneurial circles is that, there's no way if you are a startup you're ever going to get a contract with a big business enterprise. Now that used to be for public sector and certainly for you guys. So as you see startups out there and there's acquisition involved, I'm sure would love to have a contract with Space Force. There's an ROI calculation where if it's in space and you have a sustainment view and it's software, you might have a new kind of business model that could be attractive to startups. Could you share your thoughts on the folks who want to be a supplier to you, whether they're a startup or an existing business that wants to be agile, but they might not be that big company. >> John, that's a fantastic question. We're desperately trying to reach out to those new space advocates, to those startups, to those what we sometimes refer to, within the Department of Defense, those non traditional defense contractors. A couple of things just for thinking purposes on some of the things that we're trying to highlight. Three years ago, we created here at Space and Missile System Center, the Space Enterprise Consortium to provide a platform, a contractual vehicle, really to enable us to rapidly prototype, development of space systems and to collaborate between the US Space Force, traditional defense contractors, non traditional vendors like startups, and even some academic institutions. SPEC, as we call it, Space Enterprise Consortium uses a specialized contracting tool to get contracts awarded quickly. Many in the audience may be familiar with other transaction agreements. And that's what SPEC is based on. And so far in just three years, SPEC has awarded 75 different prototyping contracts worth over $800 million with a 36% reduction in time to award. And because it's a consortium based competition for these kinds of prototyping efforts, the barrier to entry for small and nontraditional, for startups, even for academic institutions to be able to compete for these kinds of prototyping has really lowered. These types of partnerships that we've been working through on spec have really helped us work with smaller companies who might not have the background or expertise in dealing with the government or in working with cyber security for their systems, both our developmental systems and the systems that they're designing and trying to build. We want to provide ways for companies large and small to partner together in support kind of mutually beneficial relationships between all. Recently at the Annual Air Force Association conference that I mentioned earlier, I moderated a panel with several space industry leaders, all from big traditional defense contractors, by the way. And they all stressed the importance of building bridges and partnerships between major contractors in the defense industry and new entrance. And that helps us capture the benefits of speed and agility that come with small companies and startups, as well as the expertise and specialized skill sets of some of those larger contractors that we rely on day in and day out. Advanced cyber security protections and utilization of secure facilities are just a couple of things that I think we could be prioritizing more so in those collaborations. As I mentioned earlier, the SPEC has been very successful in awarding a number of different prototyping contracts and large dollar values. And it's just going to get better. There's over 400 members of the space enterprise consortium, 80% of them are non traditional kinds of vendors. And we just love working with them. Another thing that many people in the audience may be familiar with in terms of our outreach to innovators, if you will, and innovators that include cyber security experts is our space pitch day events. So we held our first event last November in San Francisco, where we awarded over a two day period about $46 million to 30 different companies that had potentially game changing ideas. These were phase two small business innovative research efforts that we awarded with cash on the spot. We're planning on holding our second space pitch day in the spring of 2021. We're planning on doing it right here in Los Angeles, COVID-19 environment permitting. And we think that these are fantastic venues for identifying and working with high-speed startups, and small businesses who are interested in really, truly partnering with the US Air Force. It's, as I said before, it's a really exciting time to be a part of this business. And working with the innovation economy is something that the Department of Defense really needs to do in that the innovation that we used to think was ours. That 80% of the industrial base innovation that came from the Department of Defense, the script has been flipped there. And so now more than 70%, particularly in space innovation comes from the commercial sector, not from the defense business itself. And so that's a tsunami of investment and a tsunami of a capability. And I need to figure out how to get my surfboard out and ride it, you know what I mean? >> Yeah, It's one of those things where the script has been flipped, but it's exciting because it's impacting everything. When you're talking about systems architecture? You're talking about software, you're talking about a business model. You're talking about dev sec opsx from a technical perspective, but now you have a business model innovation. All the theaters are exploding in innovation, technical, business, personnel. This brings up the workforce challenge. You've got the cyber needs for the US Space Force, It's probably great ROI model for new kinds of software development that could be priced into contracts. That's a entrepreneurial innovation, you've got the business model theater, you've got the personnel. How does the industry adopt and change? You guys are clearly driving this. How does the industry adjust to you? >> Yeah. So I think a great way to answer that question is to just talk about the kind of people that we're trying to prioritize in the US Space Force from an acquisition perspective, and in this particular case from a cybersecurity perspective. As I mentioned earlier, it's the most exciting time to be in space programs, really since the days of Apollo. Just to put it in terms that maybe have an impact with the audience. From 1957 until today, approximately 9,000 satellites have been launched from the various space varying countries around the planet. Less than 2000 of those 9,000 are still up on orbit and operational. And yet in the new space regime players like Space X have plans to launch, 12,000 satellites for some of their constellations alone. It really is a remarkable time in terms of innovation and fielding of space capabilities and all of those space capabilities, whether they're commercial, civil, or defense are going to require appropriate cybersecurity protections. It's just a really exciting time to be working in stuff like this. And so folks like the folks in this audience who have a passion about space and a passion about cybersecurity are just the kind of people that we want to work with. Cause we need to make sure our systems are secure and resilient. We need folks that have technical and computing expertise, engineering skills to be able to design cyber secure systems that can detect and mitigate attacks. But we also, as you alluded to, we need people that have that business and business acumen, human networking background, so that we can launch the startups and work with the non traditional businesses. Help to bring them on board help, to secure both their data and our data and make sure our processes and systems are free as much as possible from attack. For preparation, for audience members who are young and maybe thinking about getting into this trade space, you got to be smart on digital networking. You got to understand basic internet protocols, concepts, programming languages, database design. Learn what you can for penetration or vulnerability testing and a risk assessment. I will tell you this, and I don't think he will, I know he will not mind me telling you this, but you got to be a lifelong learner and so two years ago, I'm at home evening and I get a phone call on my cell phone and it's my boss, the commander of Air Force Space command, General, J. Raymond, who is now currently the Chief of Space Operations. And he is on temporary duty, flying overseas. He lands where he's going and first thing he does when he lands is he calls me and he goes JT, while I was traveling, I noticed that there were eBooks available on the commercial airliner I was traveling on and there was an ebook on something called scrumming and agile DevSecOps. And I read it, have you read it? And I said, no, sir. But if you tell me what the title of the book is, I will read it. And so I got to go to my staff meeting, the very next week, the next time we had a staff meeting and tell everybody in the staff meeting, hey, if the four star and the three star can read the book about scrumming, then I'm pretty sure all of you around this table and all our lieutenants and our captains our GS13s, All of our government employees can get smart on the scrumming development process. And interestingly as another side, I had a telephone call with him last year during the holidays, where he was trying to take some leave. And I said, sir, what are you up to today? Are you making eggnog for the event tonight or whatever. And the Chief of Space Operations told me no, I'm trying to teach myself Python. I'm at lesson two, and it's not going so well, but I'm going to figure this out. And so that kind of thing, if the chief of staff or the Chief of Space Operations can prioritize scrumming and Python language and innovation in his daily schedule, then we're definitely looking for other people who can do that. And we'll just say, lower levels of rank throughout our entire space force enterprise. Look, we don't need people that can code a satellite from scratch, but we need to know, we need to have people that have a basic grasp of the programming basics and cybersecurity requirements. And that can turn those things into meaningful actions, obviously in the space domain, things like basic physics and orbital mechanics are also important spaces, not an intuitive domain. So under understanding how things survive on orbit is really critical to making the right design and operational decisions. And I know there's probably a lot, because of this conference. I know there's probably a whole lot of high speed cybersecurity experts out in the audience. And I need those people in the US Space Force. The country is counting on it, but I wouldn't discount having people that are just cyber aware or cyber savvy. I have contracting officers and logisticians and program managers, and they don't have to be high end cybersecurity experts, but they have to be aware enough about it to be able to implement cyber security protections into our space systems. So the skill set is really, really broad. Our adversaries are pouring billions of dollars into designing and fielding offensive and destructive space, cybersecurity weapons. They repeatedly shown really a blatant disregard of safety and international norms for good behavior on orbit. And the cyber security aspects of our space systems is really a key battleground going forward so that we can maintain that. As I mentioned before, peaceful global comments of space, we really need all hands on deck. If you're interested in helping in uniform, if you're interested in helping, not in uniform, but as a government employee, a commercial or civil employee to help us make cyber security more important or more able to be developed for our space systems. And we'd really love to work with you or have you on the team to build that safe and secure future for our space systems. >> Lieutenant General John Thompson, great insight. Thank you for sharing all that awesome stories too, and motivation for the young next generation. The United States Space Force approach to cybersecurity. Really amazing talk, thank you for your time. Final parting question is, as you look out and you have your magic wand, what's your view for the next few years in terms of things that we could accomplish? It's a super exciting time. What do you hope for? >> So first of all, John, thanks to you and thanks to Cal Poly for the invitation and thanks to everybody for their interest in cybersecurity, especially as it relates to space systems, that's here at the conference. There's a quote, and I'll read it here from Bernard Schriever, who was the founder, if you will, a legend in a DoD space, the founder of the Western development division, which was a predecessor organization to Space and Missile System Center, General Schriever, I think captures the essence of how we see the next couple of years. "The world has an ample supply of people "who can always come up with a dozen good reasons "why new ideas will not work and should not be tried, "but the people who produce progress are breed apart. "They have the imagination, "the courage and the persistence to find solutions." And so I think if you're hoping that the next few years of space innovation and cybersecurity innovation are going to be upon a pony ride at the County fair, then perhaps you should look for another line of work, because I think the next few years in space and cybersecurity innovation are going to be more like a rodeo and a very dynamic rodeo as it goes. It is an awesome privilege to be part of this ecosystem. It's really an honor for me to be able to play some small role in the space ecosystem and trying to improve it while I'm trying to improve the chances of the United States of America in a space war fighting environment. And so I thank all of you for participating today and for this little bit of time that you've allowed me to share with you. Thank you. >> Sir, thank you for your leadership and thank you for the time for this awesome event, Space and Cyber Cybersecurity Symposium 2020, I'm John Furrier on behalf of Cal Poly, thanks for watching. (mellow music)

>> Live from London, England, it's The Cube covering .NEXT conference Europe 2018. Brought to you by Nutanix. >> Welcome back to London, England. This is The Cube's coverage of Nutanix .NEXT 2018. 3,500 people gathered to listen to Sunil Potti. >> Thanks, Stu. >> For the keynote this morning, Sunil's the chief product and development officer with Nutanix. Glad we moved things around, Sunil, 'cause we know events, lots of things move, keynotes sometimes go long, but happy to have you back on the program. >> No, likewise, anytime. >> All right, so, I've been to a few of these and one of the things I hope you walk us through a little bit. So Nutanix, simplicity is always at its core. I have to say, it's taken me two or three times hearing the new, the broad portfolio, the spectrum, and then I've got the core, I've got essentials, I've got enterprise. I think it's starting to sink in for me, but it'll probably take people a little bit of time, so maybe let's start there. >> I mean, I think one of the biggest things that happened with mechanics is that we went from a few products just twelve months ago to over ten products within the span of a year. And both internally as well as externally, while the product values are obviously obvious, so it's more the consumption within our own sales teams, channel teams, as well as our customer base, needed to be codified into something that could be a journey of adoption. So we took it customer inwards, in about a journey that a customer goes through in adopting services in a world of multi-cloud, and before that, before you get to multi-cloud, you have to build a private cloud that is genuine, as we know. And before we do that, we have to re-platform your data center using HCI, so that's really if you work backwards to that, you start with core, which is your HCI platform for modernizing your data center and then you expand to a cloud platform for every workload, and then you can be in a position to actually leverage your multi-cloud services. >> Yeah, and I like that. I mean, start with the customer first, is where you have and I mean the challenge is, you know, every customer is a little bit different. You know, one of the biggest critiques of, you know, you say, okay, what is a private cloud? because they tend to be snowflakes. Every one's a little bit different and we have a little bit of trouble understanding where it is, or did it melt all over the floor. So give us a little bit of insight into that and help us through those stages, the dirty, the crawl-walk-run. >> Yeah, I think the biggest thing everyone has to understand here is that these are not discrete moving parts. Core is obviously your starting point of leveraging computer storage in a software defined way. The way that Amazon launched with EC2 and S3, right. But then, every service that you consume on top of public cloud still leverages computer storage. So in that sense, essentials is a bunch of additional services such as self-service, files, and so forth, but you still need the core to build on essential, to build a private cloud And then from there onwards, you can choose other services, but you're still leveraging the core constructs. So in that sense, I think, both architecturally as well as from a product perspective, as well as architecturally from a packaging perspective, that's why they're synergistic in the way that things have rolled out. >> Okay, so looking at that portfolio. A lot of the customers I work with now, they don't start out in a data center, they've already moved past that, right? So they are leveraging a partner, the public cloud, they might not even be running virtual machines at all anymore. How does that fit into your portfolio? >> Yeah, I mean, increasingly what we are realizing, and you know, we've done this over the last couple of years, is for example, with Calm, you can only use Calm to manage your public clouds without even managing your private cloud of Nutanix. Increasingly with every new service that we're building out, we're doing it so that people don't have to pay the strategy tax off the stack. It needs to be done by a desire of I want to do it versus I need to do it. So, with Frame, you can get going on AWS in any region in an instant or Azure. You don't need to use any Nutanix software. Same thing with Epoch, with Beam. So I think as a company, what we're essentially all about is about saying let us give you a cloud, service-like experience, maybe workload-centric. If it is desktops and so forth. Or if you are going to be at some point reaching a stage where you have to re-platform your data center to look like a public cloud, then we have the core, try and call it platform itself that'll help you get there as well. >> So, looking at re-platforming that data center. If I were to do that now for a customer I wouldn't be looking at virtual machines, storage, networking, I'd be looking at containers or serverless or you know, the new stuff. Again, what is Nutanix's answer to that? >> Yeah, I mean, I think what we've found is that there's quite a bit of an option, obviously, of cloud-native ads, but when it comes to mainstream budget allocation, it's still a relative silo in terms of mainstream enterprise consumption. So what we're finding out is that if you could leverage your well-known cloud platform to not create another silo for Kubernetes, don't create another silo for Edge or whatever the new use-cases are, but treat them as an extension of your core platform. At least from a manageability perspective and an operations perspective, then the chances of you adopting or your enterprise adopting these new technologies becomes higher. So, for example, in Calm, we have this pseudonym called Kalm with a K, right. Which essentially allows Kubernetes containers to run natively inside a Calm blueprint, but coexist with your databases inside of EM because that's how we see the next-generation enterprise apps morphing, right. Nobody's going to rewrite my whole app. They're going to maybe start with the web tier and the app tier as containers, but my database tier, my message queue tier, is going to be as VMs. So, how does Calm help you abstract the combination of containers and VMs into a common blueprint is what we believe is the first step towards what we call a hybrid app. And when you get to hybrid apps, is when you can actually then get to eventually all of your time to native cloud apps. >> You know, one of the questions I was hearing from customers is, they were looking for some clarity as to the hybrid environments. You know, the last couple of shows, there was a big presence of Google at the show and while I didn't see Google here on the show floor, I know there was an update from kind of, GCP and AHV. Is Google less strategic now, or is it just taking a while to, you know, incubate? How do you feel about that? >> So the way that you'll see us evolve as we navigate the cloud partnerships is to actually find the sweet spot of product-market fit, with respect to where the product is ready and where the market really wants that. And some of it is going to be us doing, you know, a partnership by intent first and then as we execute, we try to land it with honest products. So, where we started off with Google, as you guys know, is to actually leverage the cloud platform side, core locator with Google data centers and then what we we've evolved to is the fact that our data centers can quote-unquote integrate with their data centers to have a common management interface, a common security interface and all, but we can still run as core-located ones. Where the real integration that has taken some time for us to get to is the fact that, look, in addition to Calm, in addition to GKE kind of things, is rather than run as some kind of power sucking alien on top of some Google hardware, true integration comes with us actually innovating on a stack that lands AH3 natively inside GCP and that's where nested virtualization comes in and we have to take that crawl-walk-run approach there because we didn't want to expose it to public customers what we didn't consume internally. So what we have with the new offering that now is called Test Drive is, essentially that. We've proven that AH3 can run a nested virtualization mode on GCP natively, you can core locate with the rest of GCP services, and we use it currently in our R&D environment for running thousands of nodes for pretty much everyday testing on a daily basis, right. And so, once customer interview expose that now as an environment for our end customers to actually test-drive Nutanix as a fully compatible stack though, on purpose, so you have Prism Central, the full CDP stack and so forth, then as that gets hardened over a period of time, we expose that into production and so forth. >> So there's one category of cloud I haven't heard yet, and that's the service providers. So Nutanix used to be a really good partner for service providers, you know, enabling them to deliver services locally to local geography, stuff like that, so what's the sense of Nutanix regarding these service providers currently? >> Yeah, I think that frankly, that's probably a 2019 material change to our roadmap. It's your, the analogy that I have is that when we first launched our operating system, we fist had to do it with an opinionated stack using Supermicro. Most importantly, from an end-customer perspective, they got a single throat to choke, but also equally importantly, it kept the engineering team honest because we knew what it means to do one pick-up page for the full stack. Similarly, when we launched Xi, we needed to make sure we knew what SREs do, right. That scale, and so that's why we started with our version of SMC on, you know, as you guys know with Additional Reality as well as partners like Xterra. But very soon you're going to see is, once we have cleared that opinionated stack, software-wise we're able to leverage it, just like we went from Supermicro to Dell and Lenovo and seven other partners, you're going to see us create a Xi partner network. Which essentially allows us to federate Xi as an OS into the service providers. And that's more a 2019 plus timeframe. >> Yeah, speaking along those lines, the keynote this morning, Karbon with a k talked about Kubernetti's. Talk about that, that's the substrate for Nutanix's push toward cloud natives, so-- >> Yeah, I mean, I think you're going to hear that in the day two keynote as well, is basically, customer's want, as I said, an operating system for containers that is based on well-known APIs like Kube Cattle from Kubernetes and all that, but at the same time, it is curated to support all of the enterprise services such as volumes, storage, security policies from Flow, and you know, the operational policies of containers shouldn't be any different from Vms. So think about it as the developers still a Kubernetes-like interface, they can still port their containers from Neutanix to any other environment, but from an IT ops side, it looks like Kubernetes, containers, and VMs are co-residing as a first-class option. >> Yeah, I feel like there had been a misperception about what Kubernetes is and how it fits, you know. My take has been, it's part of the platform so there's not going to be a battle for a distribution of Kubernetes because I'm going to choose a platform and it should have Kubernetes and it should be compatible with other Kubernetes out there. >> Yeah, I mean, it's going to be like a feature of Linux. See, in that sense, there's lots of Linux distros but the core capabilities of Linux are the same, right. So in that sense, Kubernetes is going to become a feature of Linux, or the cloud operating system, so that those least-common denominator features are going to be there in every cloud OS. >> Alright, so Kubernetes not differentiating just expand the platform >> Enabling >> Enabling peace. So, tell us what is differentiating today? You know, what are the areas where Nutanix stands alone as different from some of the other platform providers of today? >> I think that, I mean obviously, whatever we do, we are trying to do it thoughtfully from the operational, you know, simplicity as a first-class citizen. Like how many new screens do we add when we use new features? A simple example of that is when we did micro-segmentation. The part was to make sure you could go from choosing ten VMs to grouping them and putting a policy as soon as possible as little friction of adopting a new product. So, we didn't have to "virtualize" the network, you didn't need to have VX LANs to actually micro-segment, just like in public cloud, right. So I think we're taking the same thing into services up the stack. A good one to talk about is Error. Which is essentially looking at databases as the next complex beast of operational complexity, besides. Especially, Oracle Rack. And it's easier to manage postcrest and so forth, but what if you could simplify not just the open source management, but also the database side of it? So I would say that Error would be a good example of a strategic value proposition or what does it mean to create a one plus one equals three value proposition to database administrators? Just like we did that for VIR vetted administrators, we're now going after DBS. >> Alright, well, Sunil thank you so much. Wish we had another hour to go through it, but give you the final word, as people leave London this year, you know, what should they be taking away when they think about Nutanix? >> I think the platform continues to evolve, but the key takeaway is that it's a platform company. Not a product company. And with that comes the burden, as well as the promise of being an iconic company for the next, hopefully, decade or so. All right, thanks a lot. >> Well, it's been a pleasure to watch the continued progress, always a pleasure to chat. >> Thank you >> All right, for you Piskar, I'm Stu Miniman, back with more coverage here from Nutanix's .NEXT 2018 in London, England. Thanks for watching the CUBE. (light electronic music)

>> From the Amazon Meeting Center in downtown Seattle, it's theCUBE. Covering Imagine A Better World. A global education conference sponsored by Amazon Web Services. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in downtown Seattle at the AWS Imagine Educate Show. It's a public sector show. It's the first time they've ever done it really focusing just on education as opposed to the regular public sector show or the AWS Summits and re:Invent that you're very familiar with. We're excited to be here. One of the big themes here is colleges partnering with high schools. And we're excited to have our next guest really talk about how that's working in this program. We have Howard Stahl. He's a professor at Santa Monica College. Howard, great to see you. >> Thank you. >> And with him is Koda Kol. He's a teacher at Roosevelt High in East L.A. and also an adjunct professor at Santa Monica College. Welcome. >> Thank you. >> So, let's just jump into it. There's a big conversation about training people for the next generation of cloud skills. It's good for the kids, it's also good for the employers, it's good for Amazon, it's good for their customers and their partners. How are the kids feeling about this? How is this program being accepted by kids? Is it cool, is it something they want to do? How hard of a sell is it? >> The students are engaged. They're learning something that is immediately relevant to societal's demand. Our students, they're setting up, spinning up web servers, file servers, even VPN, and the VPN servers is going to disrupt the way schools strategize and implement security, because now when they go back to the high schools they're bypassing all these web securities using VPN. >> Right. >> But they really do love it. The students seem to really drink it up. >> They get it. >> Yeah, they do. >> So is there a particular classification of app or of all the different things that you're teaching 'em, database, security, this or that, that resonates more than others or what is it that connects to what they do every day that makes them think, "Hey, this is cool, I engage "these things every day. "What a great career to get into." >> Yeah, I think, they see Amazon in their daily life every day. Delivering them stuff, making them buy stuff, having them deliver things. And they can see as they peel apart the layers and see behind the scenes how Amazon actually gets that done. >> Right. >> And it seems immediately relevant to them. >> Right. >> And so the student interest has been fantastic. >> Been fantastic. And Koda too, I think it's always the thing too with, especially the kids when they're in high school, 15, 16 right, they're starting to get a little bit of attitude. "Why should I read 400-year English novels Dad, "how's that going to help me in my job?" or "Why am I taking chemistry, I don't want to be a doctor? "I get it I got to take it to get into college "but I don't really want to take Chemistry." This is probably something a little bit different in terms of direct visibility into the application. I mean, those other things have applications too, you just don't see it when you're 15. But this they can see, right? They can see how it's going to directly impact them in a positive way. >> Yes, and it also puts everyone at the same playing field. Students that normally fail their English classes, Math classes, now they're in the same classroom and learning content where everyone is on the same page. So, you got your high performing students also with your students that are failing a class, trying to discover what they want to do in life. >> Right. >> They're together, they're working together. Find a common interest and excelling, engaged and asking for more. "Where can we take more classes? "This is what I want to do, "this is where I want to be." >> That's great. Another thing, we were just at a high school competition called Technovation earlier this week where mainly girl's teams from all over the world building applications. Same kind of a thing. Get 'em involved in an application that they can really see a difference and they get it. And I wonder if some of your kids talk about, everybody wants to be mission driven today, and kids want to do stuff that has a higher impact on society, right? We've got four different garbage cans we have to sort our stuff in 'cause we want to be renewable and take care of the environment. Do they see that software is the easiest way to make a huge impact globally, do they get that? >> They get that, they see it. They're instantly creating servers in 5-10 minutes. Going on their servers, setting up websites. They see the relevance. They're taking advantage of the technology. >> Yeah, that's great. So Howard, I wonder if you could speak a little bit about how a partnership with AWS enables you to do things that you wouldn't be able to do if they weren't helping in this whole process? >> At SMC we've been working with AWS for about four years now to spin up this program. The partnership has been fantastic. AWS has been really giving and helpful. They helped train faculty. So we got professional development from them. Now, as part of this program students get credits on the platforms. Faculty get credits on the platform. They've been helping us with advertising and all kinds of other great things and it's really been a wonderful, wonderful partnership, really fantastic. And that industry connection really makes a big difference in making the program succeed. >> You mentioned something I want to follow up on in terms of the staff. We talk a lot about the kids here and the impact on the kids and their education, but I'm curious to get your take on how this has impacted the staff. This new classification of learning if you will, around cloud computing specifically. This subset of computer science which has had a hard time squeezing in between science and math, especially at the high school level. But how are the staff, the teachers taking to this? Do they see this as a great new opportunity? A bunch of new skills to learn? That's got to be kind of invigorating for them, I imagine as well. >> I think so. I think it's really invigorated people who've been around. It keeps us on our toes, makes us learn new things. It's very exciting for many of us and it has been great. And the wonderful thing about computer science is that it changes a lot. As I often say in math, "They haven't invented any new numbers." But in computer science, what I learned when I was in school. Oh my gosh, things have changed a great deal. And so there's a commitment to keep current. And in the community colleges definitely we try to keep our curriculum current with what industry needs. >> Right, I think it's a really great statement on the role of community colleges, in a very specific role to help match skills with needs in jobs. I mean just really concrete, really straightforward, really kind of a simple mission. >> Yeah, and Amazon actually has connected us with local employers near SMC that have helped us validate our curriculum and actually are very interested in hiring the graduates out of our program right away, 'cause there is such a dearth of industry talent in this particular field. >> Which is great, just to close that loop, right. And if I recall, your certificate program is the model now that's been rolled out to all 19 of the L.A. community colleges. >> Yeah, so this program has really spun up, and become much, much bigger than just one particular college. So we developed a number of classes at SMC and a certificate, and we're using that now as a model throughout L.A. county to bootstrap AWS skills in all the local community colleges. 19 other colleges are working with us. >> Right, right. Agreeing to run the same classes at their institutions. And that's very exciting as well. They've also agreed to find local partner high schools to work with as well. So we're really trying to build a hub of AWS experience down in L.A. in what we call "Silicon Beach". >> Right, right. And then the goal ultimately is to get an associate program, right, over some period of time when you get whatever the certification is, or that process. >> Yeah, so we're working on building an AA Degree in cloud computing as well. >> That's great. Koda, you look like you had something to jump in there. All good? >> All good. >> Okay, good. So I want to give you the last word in terms of what would you say to educators that are not in L.A. about what this type of program has brought to you, and more importantly your students in your everyday life at Roosevelt High? >> It has changed the lives of many students. It's changed my perspective on how I see education because in fact it was a little difficult getting the students to be engaged initially, but ever since we launched this cloud computing every student, we can't get enough classes, sections, open. We open one section up and it gets filled. The students are in class. They want to learn the material. It's a good time to be in education. I love it. >> Well good. Well thanks for sharing the passion, it comes through. >> Well the passion starts with our department chair, Howard Stahl here. He's very passionate and it resonates with all the staff members, which resonates with the students. So now we have the synergy that's happening that we hope to eventually distribute to all the other campuses, and make a model. Use Santa Monica as a model. >> Great. Well Koda, Howard, thanks for taking a few minutes. And, really enjoy this story. I look forward to the follow up next year. >> Thank you. >> Alright he's Koda, he's Howard, I'm Jeff! You're watching theCUBE from downtown Seattle at AWS Imagine Education. Thanks for watching. (upbeat music)

>> Voiceover: Live from Washington, D.C., it's The Cube covering .NEXT Conference. Brought to you by Nutanix. >> Welcome back to Nutanix .NEXT Con, this is The Cube, the leader in live tech coverage, and we're here just outside of Washington, D.C. John Walton is here, he's the CIO of San Mateo County, Cube alum, good to see you again, thanks for coming back on. >> Great to be here, thanks for having me. You're very welcome, so it was good show. You been to .NEXT Con before, or-- >> This is my second one. >> Second one, okay. It's good little meet-ups, still kind of intimate, but they're growing, good buzz, what's your sense so far? >> I think it's good, I like to see the partners here. I've been wandering around, talking to some of my fellow CIOs on the floor here. It seems like people are really starting to understand better where Nutanix is going. I think there's a little bit of, you know, concern in the CIO community when they went public what that would mean, would they going to get bought out? And I think people are just happy to see status quo, heading in the right direction, being stable. You know, we all feel like our money's well invested and they are going to be around for the long run. >> I wonder if we could talk, sort of about the CIO role specifically at the county. And, you know, CIO, a lot of jokes, career is over, and keeping the lights on, that's all you do, and kind of thankless jobs, etc. But times are changing, everybody's talking about digital disruption, everybody's talking about being data driven. The whole big data thing is actually starting to feel real. And a lot of CIOs tell us that, in fact the last guest was saying we were sort of able to shift our attention from doing just nitty gritty infrastructure management to doing fun stuff. Is that what you're seeing in your environment? What are some of the drivers, and what's the environment like for you? >> Yeah, it is that way in San Mateo County. I mean, San Mateo County is interesting 'cause we are kind of the forgotten county between San Jose and San Francisco, right? Everybody commutes through San Mateo to one place or the other. But it's an exciting county to work in because you have so many of the thought leaders who actually live in the county. They run the companies and things. So, you have a community that's a very embracing of technology, and as the CIO for the county, I have the opportunity to play a multiple number of roles. I think what you alluded to, sort of the traditional view of the CIO role was keep the lights on, make sure everybody's got a new PC, don't let anything go down. And in our county certainly there was an aspect of that when I first joined them. And that's how we met Nutanix, was really refreshing our infrastructure, getting our uptime up, getting compute up. But that's all invisible now. That is a thing that technologies like Nutanix have afforded a CIO like myself is after you go through that initial big lift of getting up into the 21st century, and getting your infrastructure modernized in government, then you're able to be that chief innovation officer, chief disruption person, and really say, "What can I do for the community?", "What can I do on a regional scale?", "What can I do through partnerships?", so... You know, I really feel like infrastructure really has to become invisible. Nobody cares what switch is transmitting their data, nobody care what WAP they're connecting to. I mean, the end users don't really care what hyper-convert solution we use to provide the solution. I care, 'cause I'm a geek, and I care about the budget, and I care that my staff are happy, but really at the end of the day, the people who I'm most worried about are, you know, that departments that provide services to the public I'm trying to show relevance to, the elected officials who want to see us heading in the right direction and really adding value as government to the public that pays a lot of taxes, frankly. They want to see benefits. So, I'm really excited about the coming, we just got out of our budget cycle, and sort of really setting that vision for what do we want to do in the coming years. Nutanix powers that, but I don't have to worry about it anymore. >> John, what are some of those drivers that are helping you to innovate or provide more services, what are some of the big things you can share? >> Well I think you have to look at it from a, when you have infrastructure that's robust and it's up and it's cost-affordable, then you don't spend 80% of your time worrying about that. That's not what's keeping you awake at night. I get asked that a lot, "What's keeping you awake at night?" It's no longer that hard work on a crash or fail, or become the thing that delays all of my projects. So now the value-adds we look for is connectivity. You know, we talk about SMC Connect, San Mateo County Connect. It's now that we've created the infrastructure, put all of the services online, how do we get people better to connect to those? Do we need to market them more, or do we need to help understand the value they add to the community more? Do we need more wireless connectivity, do we need fiber connectivity? It's more connecting the public to the backend solution, whether they live in my data center or the cloud, what I care about are, are the applications and data relevant to the public, are they making their lives better, and do they have the tools to connect to those? 'Cause, kind of like San Mateo, it's very diverse. You know, you have sort of a high-tech corridor down the 101 corridor, where you have a lot of high tech area, and then you have a very rural area out towards the coast, and very different population you have to serve. >> Sounds like you're a service provider. >> Yes >> Yeah, yeah. >> Talk about this notion of invisibility. How has it changed the way in which your team works? >> Well, I think, you know, everyone wants to feel valued. I think if you're a network engineer or a server engineer, you want to feel like you add value. The one thing I think we do well in San Mateo County is, you know, we have performance metrics that we publish, that we're trying to achieve. Whether it's uptime or customer satisfaction, those trickle down to every group. So, invisibility means you don't have to worry about it anymore. But we do try to keep some visibility on how every staff person contributes to the ultimate outcome we're trying to achieve. So if people can see how6 they're individual efforts add value to the end result, I think they feel valued and they feel important. Invisibility's important because when I go to board meeting now, I'm not talking about, "Oh I need millions of dollars for this server," "Oh, we need to do this big network refresh." That's too visible. That's making the infrastructure the cornerstone of all your conversations, and it takes about two seconds before the board member's or elected official's eyes glaze over. They don't want to hear it. They want to hear about what are the visible aspects, how are we helping youth and community centers better connect to educational opportunities or job or internships. So, I think there'll always going to be a spend on technology to make things better. But I think as CIOs, when we get trapped in talking about specific technologies or how important infrastructure is, that makes it too visible. That makes it seem like that's all we care about. And I think the biggest compliment I ever got, in a budget meeting, was somebody saying, "What I appreciate is we spent 30 minutes talking about IT, and you never used one technical term." You know, and I think that's the invisibility piece of it is. I think as a CIO, you know you've done your job when you never have to to talk about the technology, right? The people that we serve in the community and the elected officials, they need to assume we're making a good technical decision to make those solutions happen. So I think, in a sense, the technology should be invisible, it should be affordable it should be simple. It should enable the end results, but the nuances of the technology we use, should probably in large be invisible to the public 'cause that's not really their concern. >> So you've suppressed a lot of the mundane, complex infrastructure, kind of low value add discussion, it sounds like, with the board. I imagine one area that you still talk about a lot is security. Is that a topic that is a regular topic at board meetings? >> Absolutely, and I think all the ransomware and virus attacks and hacker attacks, you've seen recently. And, I tweet about those a lot, and we talk about those a lot because we've have real impacts on our organization about things like that, phishing attacks. And this again is back to the value add, I think the message I try to bring to the board is our weakest point in security isn't always necessarily the technology, it's the complexity of the technology, right? So, the more complex we make our systems, the more complex and difficult to manage our infrastructure is, the more opportunities for weakness there are. So, we've gone from taking about security in an ivory tower aspect to, I think the two areas where we can focus on is more simplifying our infrastructure so it's easier to manage and easier to secure from our staff's standpoint, and that really adds value. So, we're really able to rapidly react to and address security issues as they come up because we have simplified our infrastructure. The board doesn't really need to worry about how we've done that, but the staff feel more confident that they're able to react to and manage those things, and then we can do value add things like train the users to be more aware of how phishing attacks happen when there's threats. Communicate better. We spent most of our time in the back room hashing servers, now with the Nutanix infrastructure, it's the easy button upgrade to patch servers and to get things addressed, and we can spend more of our time communicating with the end users about threats that are out there, how they should react, how they should respond to it. >> So John, you're kind of an early adopter of this whole concept of convergence. When we first met at VM Worlds a couple years ago, I think we were talking about traditional converged infrastructure, if I can use that term. Are you still using that type of infrastructure, how does is compare with so-called hyper-converged infrastructure, do you see differences? Is HCI a buzzword, or is it substantive in your view? >> I think it's substantive, you know I was doubtful at first too. You know, I came from, like you said, a few years ago, I think every CIO faces this. Especially in the public sector. It's what I call project ware. You know, you do a project, you do an RFP, you got three or four racks of equipment in of the lowest bidder, and that becomes a little island. And then you do the next RFP and you kind of grow your data center like that. We had tried early on when some of the new, sort of converged infrastructures were coming out, and I spend a lot of time going to EBCs, and talking about reference architectures, and one throat to choke when it came to when there's a problem, is it a compute problem or is it a storage problem? I think the industry has recognized for a while now since we first had these conversations about, again, simplifying and collapsing the complexity of those infrastructures is important. You know, I was doubtful when we first did the pilot with Nutanix. We first did the pilot around just VDI. We just saw Nutanix three years ago as a point solution, sort of the project where this was going to be our VDI platform. We would still maintain these other infrastructures for really important projects that needed the more traditional architectures. And, you know, it's really credited to my staff and engineers, it only took about six months before we had failing infrastructure, they would say, "Hey, we can use Nutanix. Let's hyper-converge, and chime in for other things, for compute. And now we're 100% virtualized. You know, we have over 1,200 servers now, all running on the Nutanix. There hasn't been a time in two years where my staff came to me and said, "The hyper-converged infrastructure we've selected isn't going to work for this, we have to buy something else." And so, to me that's when it goes from the theoretical, it might work, it might just be a... to a reality. If I'm going to go all in, and my staff are going to go all in on something, they have to be pretty confident that that's going to work for 'em. >> Are you Acropolis Hypervisor? >> We are in some things, you know, we don't use it for everything. But I think, you know, it goes back. We still have a very good relationship with VMware, we still think in some cases that VMware tools are still slightly more mature than the Acropolis tools. We think Acropolis has been catching up, we've actually been pushing really hard on Nutanix, to make it mature. And that's one of the reasons we've went with this platform, is we like to see that competition. We'd like to think that the Acropolis product will continue to mature, and challenge Vmware to either continue to evolve ahead of it, or bring their prices down to compete with it. >> You know, John, what's still on your to do list for Nutanix and it's ecosystem in your mind? >> You know, we're really looking at, really now around our disaster-recovery strategy, we're doing local replication between two data centers that are about six miles apart, which from a local building failure standpoint's useful. But my county's on the San Andreas fault, so the likelihood that a large earthquake is going to take both local data center is pretty high. So, we're really looking with Commvault and Nutanix and Amazon Web Services now, sort of about, you know, we have over 200 applications we support, for both public safety, healthcare, really mission-critical things that we can have zero downtime on, and in a disaster situation, healthcare and public safety applications are probably going to be the most needed applications out there. So, we're really pushing to try to see what that future looks like in the next 12 months around the Nutanix infrastructure. I don't say we have everything solved locally, but we're very confident in what we've implemented locally for our local compute, but really that next thing, what is the right balance between cloud compute and local compute? And how does that fit into the DR conversation's important. And back to your question about security, we still have real concerns about how secure is the public cloud. You know, it's not is it going to get hacked, but can the public cloud infrastructure be compromised to the point where in a disaster, if that's not available, how are we still going to get the data and applications up and running we need? So, we really see that there needs to be a balance between the two things. >> It's a response issue for you, and in that case-- >> It is, and we don't believe it's less secure, but we believe there's a RTO we need to meet in a disaster, and having lived through the Japan earthquake when I was in Tokyo when they had the 9.0, response time was critical. You can't say, "Well, we'll have the internet connection back up by then," and be reliant on your partners to do that, you need access to that data right now. So you've got a synchronous connection today, between your two data center, is that right? >> We have two data centers, but not to an out-of-area data center yet. That's what we need to accomplish next. >> Okay, yeah, good. Alright, listen. John, thanks very much for coming to The Cube. >> It's my pleasure. >> Let me give you the last word here on Nutanix, your future with them, or other things that you'd want to share? >> Well, we're excited about it and I'd recommend to any CIO who's watching this or thinking about it, really consider it, and see how it fits into your ecosystem. >> Great, always good having you on. Thanks very much for coming. >> It's my pleasure, thank you gentlemen. >> You're welcome. Alright, keep right there, buddy. Stew and I back with our next guest. This is The Cube, we're live from Nutanix .NEXT Conf. Be right back. >> Voiceover: Robert Herjavec