Naval Academy uses hacking, cyber events to shape classes
By MEREDITH NEWMAN | The Capital (Tribune News Service) | Published: January 24, 2017
Ret. Capt. Paul Tortora always starts his lectures at the Naval Academy the same way: Google "cyber news" in the past 24 hours and analyze.
One day it could be a story about a sheriff's department paying ransom to hackers who locked its computers. Another, experts realizing even pacemakers could be hacked.
These real cyber and hacking events have become an integral part of cyber operations classes at the academy.
"Next time you see a cyber article, there's a good chance one of our 30 classes will be talking about it that day," said Tortora, director of the academy's Center for Cyber Security Studies.
From the Democratic National Committee's hacked emails to ISIL recruiting techniques, those a part of the program say these current events help the midshipmen understand the technical and strategic components of cyber security.
The major first became available to the Class of 2016, where 27 midshipmen graduated in May with degrees in cyber operations. This year, 46 seniors will graduate in the major.
Tortora said the academy takes an "all, many and few approach" with the program. When plebes, or freshmen, enter the academy, they're now all required to take a introductory cyber security class.
Upperclassmen who aren't in the major have access to take cyber security electives, and by senior year, the mids in the major take classes that focus on the ethics and strategy behind cyber security.
The classes includes a practical lab, where mids learn skills like coding and deconstructing and then rebuilding a computer. And yes, they learn how to hack a network.
One of the most fruitful real-world examples has been the hacking of the DNC and John Podesta, Hillary Clinton's former campaign manager, Tortora said.
The DNC hack consisted of emails that included information about Clinton and Bernie Sanders' campaigns and financial contributions.
The information was published on WikiLeaks, and cyber security experts later tied the incident to Russian intelligence groups.
Podesta's emails were also published on WikiLeaks, showing an inside look into Clinton's campaign.
In Tortora's classes, he provides a step-by-step example of how Podesta got hacked and what he could have done to have prevented it.
This one event is used to highlight topics at both a micro and macro level. For plebes, they learn about what a fake website looks like and the importance of authentication. For upperclassman, the hacks lead to discussions about policy and legal implications, Tortora said.
"We want them to be able to talk knowledgeably about an event like this," he said.
In one of the cyber operations classes, the mids participate in a situation war game, called a tabletop, where cyber is one of the elements of national power. One of the scenarios is the ongoing territorial conflict in the South China Sea.
The situation, he said, could be something like: Threats are exchanged between the involved countries, and one of the countries, like Vietnam, does something to even further escalate the conflict.
Do the midshipmen move ships in or back away? Do they use cyber to put information into the country's network? Do they use social media to manipulate the situation?
"This is where you see midshipmen for the first time in their lives think of a decision that is strategic, which is pretty neat," Tortora said.
Cyber security professor Martin Libicki said the Naval Academy's program is "totally peerless" since it combines both tactical and strategic elements of cyber security.
Libicki — who taught at National Defense University and Georgetown University— said he's found the midshipmen have a tendency to think about the technical components opposed to the bigger picture.
"What I find interesting is that you actually have to teach them about how war works at the strategic and operational level," he said.
"Because if you can't get the ship out of a harbor you don't have a Navy. But as they go throughout their career, they're going to get more and more involved in the strategic and the political issues."
And unlike other majors, the cyber operations classes are taught by professors who have decades of experience in the military field, said Midshipman 1st Class Chad Riggins, a cyber operations major.
The professors can provide tangible examples of how to approach different situations, he said. Riggins added that his professors' careers have made him given him an idea of what to look forward to after graduate and what goals to "shoot" for.
Right now, all of the classroom discussions consist of unclassified information that's available to the public and media. But Tortora hopes that will change with Hopper Hall, the new cyber security building the academy plans to open in 2019.
The building will include a Sensitive Compartmented Information Facility, a room that will allow midshipmen to handle classified information.
Mids could have access to intelligence information about strikes in Syria or how the U.S. learned North Korea was behind the Sony hacks.
The possibilities are endless for this space, Tortora said
"I would envision and love to see a laptop or devices taken from terrorists," he said. "And have mids do forensics on it."
©2017 The Capital (Annapolis, Md.)
Visit The Capital (Annapolis, Md.) at www.hometownannapolis.com
Distributed by Tribune Content Agency, LLC.