West Point hosts Joint Service Academy Cybersecurity Summit as industry, government collaborate to defend against cyber threats

Photo By Eric Bartelt | The U.S. Military Academy, on behalf of Palo Alto Networks, Inc., hosted the 2023...... read more read more

Photo By Eric Bartelt | The U.S. Military Academy, on behalf of Palo Alto Networks, Inc., hosted the 2023 Joint Service Academy Cybersecurity Summit (JSAC) on April 4-5 at Crest Hall in Eisenhower Hall. Founded in 2015, JSAC brings together senior cyber experts and leaders from across industry, military and government to discuss issues of the day, what has gone right and what has gone wrong in cybersecurity in recent years and the way forward in the cyber world, especially with the eyes and ears of academy cadets and midshipmen, who are the military’s future in the cyber field, focused on every part of the summit.  see less | View Image Page

WEST POINT, NY, UNITED STATES

04.11.2023

Story by Eric Bartelt 

United States Military Academy at West Point

✔ ✗ Subscribe

25

The date was May 8, 2021, and the Colonial Pipeline Company announced it halted its operations due to a ransomware attack, which disrupted critical supplies of gasoline and other refined products throughout the east coast of the United States – most notably, the southeast part of the U.S.

In the previous three years from 2018-20, similar ransomware attacks shutdown pipelines and customer communications systems were interrupted at four of the nation’s largest natural gas pipeline companies.

These incidents, and specifically the Colonial Pipeline Company cyberattack, have elevated the concern of security of the nation’s energy pipelines and government programs to protect critical infrastructure.

It is incidents like these that provided Palo Alto Networks, Inc., the world’s largest and leader in cybersecurity protection and software, the inspiration to bring industry and government entities together to collaborate to defend against current and future cyber threats by leveraging the unique communities of the service academies.

The U.S. Military Academy, on behalf of Palo Alto Networks, Inc., hosted the 2023 Joint Service Academy Cybersecurity Summit (JSAC) on April 4-5 at Crest Hall in Eisenhower Hall.

Founded in 2015, JSAC brings together senior cyber experts and leaders from across industry, military and government to discuss issues of the day, what has gone right and what has gone wrong in cybersecurity in recent years and the way forward in the cyber world, especially with the eyes and ears of academy cadets and midshipmen, who are the military’s future in the cyber field, focused on every part of the summit.

“There are multiple benefits that happen with this summit,” said Col. Stephen Hamilton, the director of the Army Cyber Institute (ACI) at West Point. “For one, it brings some of these senior cyber leaders together when they don’t always meet on a daily basis or monthly or even yearly. Bringing them together to discuss some of their issues and then presenting it to everyone, and it goes with the theme of this summit where we have industry partnerships come together for – ‘Cyber is a Team Fight.’

“With industry here, having cadets here, having junior officers – that’s the team – it gets across the government and industry to discuss some of the challenges and try to discover how we can do better at it,” he added.

Hamilton, who opened and closed the summit with his opening and closing remarks, said the summit offered some West Point graduate connections among its speakers and moderators with multiple attendees from other military academies.

“It included ones who were CEOs or in leadership roles, and others from security companies or the financial sector, like USAA,” Hamilton said.

After the welcome remarks, the keynote address, “A Call for Leadership in the Cyber Age,” was provided by Gen. Paul M. Nakasone, commander of the U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service. Then Chairman Mark Green, U.S. Representative from Tennessee, and chairman of the House Committee on Homeland Security, offered his advice on the state of cybersecurity during the second address of the day.

The first day finished with panels from the perspective of Pentagon cyber leaders, a panel called, “Harnessing Industry Innovation to Strengthen Collective Defense,” and “Managing Cyber Risk at the Federal and State Levels.”

The first day alone reminded Hamilton how important it was for everyone to come together collectively as opposed to meeting virtually, which has happened the three previous years due to the pandemic.

“I think it’s incredible,” Hamilton said. “I’ve actually only been to the virtual ones … but there are great leaders who give their expertise, but what you miss online is you don’t get the interaction with the audience, you don’t get the feedback that you get in person and I don’t think you can replicate this the same way online.”

This is the third time West Point has hosted JSAC as it held the summit in the first two years in 2015 and 2016. The U.S. Naval Academy hosted in 2017 and 2018 before the U.S. Air Force Academy hosted in 2019 prior to the three virtual years.

Putting the summit together did come with some difficulty when choosing dates for the event as it bumped up against the Conference of Service Academy Superintendents (COSAS), which was a surprise to Hamilton and his planning team a few months out. And then it was about choosing the venue to hold the summit.

“Generally, you start with the dates and then we start planning the venue,” Hamilton said. “The first couple of times it was here, it was at the Thayer Hotel. However, Palo Alto (Networks) wanted to increase the size of it, so this is probably the biggest (venue) I suppose – since the Thayer Hotel’s venue was too small.

“Multiple times (Palto Alto Networks’) teams came out here to look at the site to basically do a site recon and figure out where things needed to go,” Hamilton added. “The last few months have been weekly meetings to make sure people know what they’re going to do. To make sure we had cadets available and make sure they could pronounce names correctly – all of these little details that have to get ironed out as we got closer (to the event).”

Hamilton gave considerable kudos to his ACI deputy director, Dr. Paul Maxwell, and ACI operations officer, Maj. Scott Webb, for doing the lion’s share of the work to get the summit on the right footing for it to run smoothly over the two days.

“(Because of Maxwell and Webb), I’ve been fortunate enough to show up and just be able to do the introduction and that wasn’t even supposed to be me, it was changed at the last minute when retired Gen. (Rhett) Hernandez, the USMA Cyber chair, had cataract surgery so he couldn’t make it,” Hamilton said. “(Hernandez) is our senior advisor and he comes up and visits us once a month or so.”

Day Two of Summit and the Cyber Field

The second day of JSAC kicked off with a session called, “A View from the Nation’s Cyber Commanders,” which included Lt. Gen. Maria B. Barrett, who is the commanding general of U.S. Army Cyber Command. The next session called, “Foxholes to Corporate Board Rooms – The Future Conflicts may be fought in Corporate America,” was led by Rich Baich, chief information security officer at the Central Intelligence Agency.

Baich spoke about the importance of the public-private partnership in helping toward cyber threats in the future, especially from China and Russia, the need for leadership and future cyber warriors to help ward off the “desire to out innovative the west” in the cyber realm.

He talked about China’s aspiration “to become the next cyber superpower,” and how America should be concerned that a country like China will target critical infrastructure, such as telecommunications, energy and networks, which all bear a part of the supply chain – similar to the Colonial Pipeline – and how to target against being vulnerable with capable cyber defensive and offensive strategies.

And from a Cyber Defense posture, Baich talked about how a geopolitical event such as the Russia-Ukraine War impacts security, the things happening today that can impact the U.S. in the future and the things we are not even thinking about now that can affect us down the road.

The second-to-last panel titled, “Emerging Cyber Leaders,” was moderated by Dr. Edward Sobiesk, senior advisor in ACI, and the last session of the summit was a fireside chat on the “National Cybersecurity Strategy,” led by Wendi Whitmore, senior vice president, Unit 42, with Palo Alto Networks, and Chris DeRusha, federal chief information security officer and deputy national cyber director in the Executive Office of the President.

Whitmore expressed how the “Internet is a Battlefield,” while DeRusha added that it is important for the United States to, “Make sure our data is secure because risk will always be present. But we have to mitigate it.”

Overall, the lessons learned and communication among experts to junior leaders and cadets was of great magnitude for those with an eye toward a future in the cyber field.

“I think it is huge,” Hamilton said. “I say that from the perspective of when I was first looking into the Cyber Branch … I distinctly remember when at Cyber Command, the Air Force general officer was like, ‘I’ve been flying planes my whole career,’ and just like we heard on the stage (during the summit), there is still some of that currently.

“It is not going to be for 10, 15, 20 more years before we start having people who this is what they started with (in the cyber field),” he added. “I think it’s important for our junior officers to say, ‘hey, we’ve got great leaders but we still need help in developing this field,’ so I think that is what makes that connection for them – like, holy cow, they understand there are problems and they’re willing to listen to us, but let’s get on this team fighting and increasing our capacity for cyber.”

Hamilton said he looks at cyber as a triad, to include Signal and Military Intelligence, and it is interesting to see what is being formed when you fuse these two different entities with some of their personnel and ideas into the Cyber Branch.

As for Hamilton, he began his military career in the Signal Corps Branch, and he was a computer scientist who was teaching at West Point in the Department of Electrical Engineering and Computer Science before the Cyber Branch existed.

Retired Gen. Keith B. Alexander, who was the director of NSA at the time and became the first Cyber Command commander, asked at the time, “Where do your computer scientists go and instructors go when they leave (West Point)?” Because at the time, the U.S. military was a highly deployed force.

“(He said) will they go to a deploying unit because they haven’t deployed for a long time because they have been teaching,” Hamilton said. “He said, ‘Nope, this year, all of them are going to come to Cyber Command,’ so in 2011 is when I first got introduced by being assigned to Cyber Command as a computer scientist.”

When Hamilton first joined the Army, he wanted to be a computer scientist but there wasn’t a computer field – so the Signal Corps was the closest branch to his passion.

“I still feel at heart that I’m a little more of a software developer than a cyber officer as far as my education has been,” Hamilton said. “But the problem being a software developer is you need to understand the cyber threat as you write code, you know there’s going to be a cyber component to it.”

Today, it is exciting for Hamilton to be the ACI director because he is around very-talented people who are hand-picked into the Army Cyber Institute.

“They continue to blow me away with the latest and greatest technology, and things they are able to do,” Hamilton said. “It’s a treat for them to show me, ‘Hey, here’s the way things are going,’ and I’m like holy crap, I never thought that we would ever be this far advanced, so that to me is where I feel that this job is most rewarding.”

As for the cadets who participated at the summit, Hamilton said it is great that they got involved with the hope that they feel, “Empowered and realize not all senior leaders have all the right answers, but to know that maybe to ask the right questions and we should try to figure out how we can continue to improve the force.”

“I think every senior leader mentioned (during the summit) that we’re not there yet and I hope (the cadets) take that as a call for action that if we’re not there, we need to work and figure out how to get there,” Hamilton said.

Junior officers and cadets also may have a big advantage going forward as they will have only known a career in the Cyber Branch as opposed to senior officers who started in Signal, Military Intelligence or some combat branches.

“At the tactical and operational levels, absolutely … they know how to use the network even with ChatGPT coming out, how to use information to be able to learn faster and to be able to get spun up on things,” Hamilton said. “I always talk to my cadets about how when I was a computer scientist at West Point getting my degree, if I had a problem with an assignment, I had to call the professor, I couldn’t Google the answer and nowadays you can. With that mentality that they have of being able to understand how to use digital systems to assist them, I think they could possibly learn much faster and be able to experiment and do things a lot quicker than we could have thought (back then).”

As for any advice he would give to cadets who are interested in or set to join the Cyber Branch in the next year and beyond, Hamilton said get involved no matter your current education path.

“I would say regardless of if you are good at math, good at computing, good at law, good at whatever it is and whatever interests you, there is a place for you in cyber because it is a team sport, it is multi-disciplinary,” Hamilton said. “We need people who are brilliant in all these areas, so I would say any cadet who is interested in cyber, figure out what they are passionate about and then figure out where that fits in the cyber game.”

Cadets’ perspective of the Summit

For cadets who are earmarked for the Cyber Branch, JSAC was a great one-stop shop to gather some valuable information from the industry experts, all of which can provide building blocks with their own cyber knowledge.

“The most interesting aspect of the JSAC Summit was seeing the private sector interact with the public sector,” said Class of 2023 Cadet Ben Wettstein, computer science major and future Cyber Branch officer. “I have seen the public sector try to make efforts to interact with the private sector, but in my position as a cadet, I have never been able to see how they respond. Having many private sector technology and cybersecurity leaders on hand, as well as public sector cybersecurity leaders in the room – it was very interesting to see.”

Class of 2023 Cadet Nicholas Liebers, who is a cyber science: cyber operations major and a future Cyber Branch officer, agreed with Wettstein’s sentiment and enjoyed hearing, “How committed both the public and private sectors are to creating an encompassing security posture for the whole country.”

“In every talk, both public and private leaders emphasized that ‘cyber is a team sport,’ and there is too much to do for a single entity to do it alone,” Liebers added. “It makes me optimistic.”

When it came to the summit, both cadets appreciated listening to the speakers and the topics that were discussed, and both had a preference to what stood out to each of them.

“I enjoyed hearing some of the general officers discuss their talent management strategies from the strategic perspective,” Liebers said. “Recruiting and maintaining talent is such a challenge, and it was interesting to hear the strategies. More specifically, I enjoyed hearing Maj. Gen. (William) Hartman explain that the military ‘has the unique mission’ that makes the military an interesting place to work. For me, the mission gets me excited.”

Wettstein said many speakers stood out to him and he credited Col. Hamilton and Palo Alto Networks for putting together the “star-studded” lineup for the event. He mentioned it was great to meet with the popular faces in government and military cybersecurity and to hear their perspectives on questions they do not usually get to answer.

“What stood out to me was how the general officers in each branch commanding their cyber forces responded to a question about making a single cyber force,” Wettstein said. “Additionally, listening to the principal cyber advisors from every branch was thought provoking, and reinforced confidence that the civilian advisement to our armed forces is valuable – especially from Army (Principal Cyber Advisor), Dr. (Michael) Sulmeyer.”

With the Army Cyber Command being relatively new, started in 2010, getting in on the ground floor of its infancy and the many opportunities it offers is an advantageous experience ahead for these two cadets looking at the cyber future.

“The fact that the field is so interdisciplinary and young is exciting,” Liebers explained. “There are so many different ways to contribute to the mission – both by serving publicly or privately – that makes this field unique.

“Specifically in the policy aspect, the policy has not caught up to where the field is, and that allows people to make significant impacts early on,” he added. “Cyber is unique where lower levels can have significant impacts on national and strategic objectives. There are few other fields where a small group can have such an immediate impact.”

Wettstein expressed that the multidimensionality of cyberspace is what interests him most about cyber, and the many different roles that someone can serve in the field, whether it is technical or policy oriented.

“I’ve always been a person who is interested in both technical subjects and STEM subjects, as well as policy and strategy,” Wettstein said. “Cyber is one of the only fields where I can pursue these two interests and get deep into both of these interests as I would like, while still making a difference.

“Additionally, cyber will have a large impact on 21st-century life that all people do not have on the forefront of their minds,” Wettstein added. “To be able to make an impact in this field will have an impact on every single person who uses and relies on technology.”

At the end of the day, there is an abundance of excitement beaming from Liebers and Wettstein about the future that lies ahead for them in the cyber domain.

“I’m super excited to serve in this capacity,” Wettestein said. “This is due to the importance of the field and how interdisciplinary cyber is as a field.”

Liebers added, “While I have enjoyed my time in school, I am excited for something new. Every Soldier and officer I have met from the Cyber Branch, they ‘click’ with me. The people in the branch are motivated and passionate about what they are doing, and I could not be more excited to join that passionate workforce. I cannot wait to commission and join them!”

Conclusion: The importance of Cyber

Going back to the cyberattack incident with Colonial Pipeline Company, the importance of having knowledgeable, intelligent and broad-minded individuals at the forefront of the field with everything that cyber is connected with in today’s world is of immense necessity.

“It is intertwined with everything we do,” said Wettstein, who is the cadet in charge of the Cadet Cyber Policy Team. “Our bank accounts, our energy, the news we read and most services are delivered by technology. These technologies can be manipulated and disturbed. There is a low-cost of entry to imposing malicious cyber effects on any of these, and so it is of the utmost importance that we do what we can to protect our technology-integrated way of life.”

Liebers strongly suggested that the United States needs to be a leader in the cyber domain. But what does he mean by this?

“We need to be technical leaders to maintain the competitive advantage over adversaries to maintain our interests; however, equally important is our need to be a leader in developing and maintaining international norms in cyberspace,” Liebers said. “Some of our adversaries have different values, and they want to normalize their behavior in the international community. In my opinion, the United States must lead in this domain to promote responsible behavior in the international domain.”

As for Hamilton, he believes it starts with being vigilant, from both the Cyber Defense and Offense perspectives, against adversarial threats such as China and Russia.

“They have proven to us time and time again that we can’t sit by and just watch what is happening,” Hamilton said. “The interesting thing I get from working in the field is that computing is the core science discipline piece of it, but it’s much more of a people field and a policy-based field.

“When you look at China, they’re able to do a complete surveillance economy, which they can just record everything,” Hamilton added. “We have freedoms in America, so for us to be able to compete with someone who can gather the data and do specialized AI learning models and things like that, to be able to compete with that puts us in a weird position because we still have to respect our citizens rights and still have to follow our laws, follow all of our Title 10 and Title 50 laws of what is considered espionage versus what is considered actions you do in war.

“With those kinds of constraints, it takes a team of people to figure out how do we do this correctly so that we’re maintaining freedom in America but also gaining an advantage against our adversary,” Hamilton concluded. “To me, that is the real hard challenge that we’re going to continue to struggle with for a long time.”

And when it comes to our adversaries trying to manipulate our systems to disrupt our lives, this summit and the conversations in ACI and cyber classes at West Point and among cyber leaders in the military and industry are of the utmost importance to keep society and its institutions from breaking down due to a malicious, debilitating cyberattack.

“Our digital life is like an endoskeleton for modern life … it’s in everything we do, it’s everything we think about because we’re always connected to some digital piece, which becomes cyber,” Hamilton said. “We’ve had many types of conversations at ACI about should we be working on this (matter) because is that cyber enough? It’s such a weird question because when you look at just cyber and that term, I can generally connect almost anything to it.

“One of our problems sometimes is how do we scope it down … cyber is just a broad field but it really intersects with everyone, and I think with what Chairman (Mark) Green said that it really caught his attention when Colonial Pipeline happened because here’s this hack that happened that was all done through cyber means and had this huge impact across the southern United States,” Hamilton added. “It was really an eye opener for people (who generally are) not thinking about the cyber field, but they can be impacted. They don’t have to have a computer to be impacted by (a cyberattack) just due to the fact they can’t go to the gas station and fill up their car (due to a cyberattack).

“It doesn’t matter if you have no skin in the cyber game,” he concluded. “You’re still going to be impacted.”