Spy agency seeks cyber-ops curriculum


The National Security Agency is trying to expand U.S. cyber expertise needed for secret intelligence operations against adversaries on computer networks through a new cyber-ops program at selected universities.

The cyber-ops curriculum is geared to providing the basic education for jobs in intelligence, military and law enforcement that are so secret they will only be revealed to some students and faculty, who need to pass security clearance requirements, during special summer seminars offered by NSA.

It is not easy to find the right people for cyber operations because the slice of the hacker community that would make a quality cyber operator inside the government is only a sliver, Reuters reports.

The “quality cyber operators” the NSA is looking for are few and far between, says Neal Ziring, technical director at the agency’s Information Assurance Directorate.
“We’re trying to create more of these, and yes they have to know some of the things that hackers know, they have to know a lot of other things too, which is why you really want a good university to create these people for you,” Ziring told Reuters in an interview at NSA’s headquarters in Maryland.

NSA has two main missions: to protect U.S. government computer networks and to collect foreign intelligence through electronic means like satellites and decode it.

Of 20 universities that applied, only four received this week the new designation of Centers of Academic Excellence in Cyber Operations: Dakota State University, Naval Postgraduate School, Northeastern University and University of Tulsa.

Out of 10 requirements, the two most lacking at many schools were courses on “reverse engineering” – or how to gain knowledge of a technology or product to reproduce it – and cellular communications and mobile technologies, NSA officials said.
“We found a lot of schools weren’t emerging with the technology, weren’t keeping up,” said Captain Jill Newton, who leads NSA’s cyber training and education programs.


NSA officials say the program, which is part of President Barack Obama’s national initiative to improve cybersecurity through education, aims to prepare students for careers at the U.S. Cyber Command, the NSA’s signals intelligence operations and law enforcement agencies investigating cyber crimes.

U.S. officials from the Obama administration and Congress have been banging the drums loudly about the need for greater cybersecurity, accusing China and Russia of hacking U.S. systems for economic gain.
“Right now you hear a lot of talk about foreign countries, China in particular, coming into our networks. They get in, they look around, they see what they might want, they send it home, and you don’t know what else they’ve left behind,” Dickie George, a former NSA official, said. “Why wouldn’t we want to do the same thing? It’s not a one-way game.”

Many universities are now focused on web technologies such as how to write applications for the iPhone, which is not what is required for cyber operations to collect intelligence or defend the government’s systems, NSA officials said.

That requires knowing “the guts, the internals of the operating systems, having to understand how the hardware actually works,” said Steven LaFountain, a senior NSA official who guides academic programs.

Newton said a cyber operation might involve altering computer systems to work to one’s advantage and doing that “without being seen or without it being obvious that I was changing the inner workings of the operating system.”
“It could be very useful for a defender, so as you see your stuff being adjusted, corrupted, exploited, messed with, and being able to recognize when that is happening to you, to be able to better defend against it,” she said.

About 15 years ago, there was a mindset that the computer system being compromised happened rarely and if the security was hardened that would be sufficient to secure it, but the security environment has changed, said Ziring, a computer scientist and the first non-mathematician in his position at NSA.
“What we’ve realized these days is that’s hokum, that doesn’t work any more, that systems are under attack constantly,” Ziring said.
“For many systems, especially those that for mission reasons have to work in a very exposed space, being under some degree of compromise is sort of their new normal state.”

That requires actively defending the systems by blocking and mitigating known problems and hunting for the unknown by looking for anomalies, Ziring said.


One mandatory requirement in the curriculum is covering legal and ethical issues so students understand the limits.
“We still found a lot of schools are still a little reluctant on how they characterize what they are teaching,” LaFountain said.
“We are not asking them to teach kids how to break into systems, we’re not asking them to teach that. And a lot of them have said they wouldn’t teach that,” he said. “We’re just asking them to teach the hardcore fundamental science that we need students to have when they come to work here.”

While the open education provides the basic knowledge, it is not until they arrive at the NSA that newly hired cyber operators get trained in their secret jobs.
“In our operational developmental organization, we would spend up to 12 months to give them the secret sauce, the tradecraft, the really deep technical training so that they could make themselves useful in doing what we need them to do, and that’s with that technical underpinning,” Newton said.

Ziring said it was important to figure out the next step in threat evolution so the technologies can be built to address it.
“The threat actor’s action cycle is speeding up and getting shorter. The defender’s cycle has to get shorter. So what technologies can we build that will help that?”