Not on Our Watch

This story appears in the fall 2018 issue of 360: The Magazine of San Diego State University. 

Today’s threat adversaries work at hundreds of gigabytes per second, crawling the digital space and sending malicious email missives in search of open doors, inadequate locks and windows left ajar.  

A primary target is the U.S. Department of Defense, a guardian of national security. Every day, the agency successfully prevents about 36 million cybersecurity attacks arriving in the form of email alone. All told, the federal government expects to spend $65 billion on cybersecurity contracts during the five-year period ending in 2020.  

Prevention is expensive, but data breaches can cost millions. The Ponemon Institute reports that, globally, the average cost to an organization for a stolen record containing sensitive and confidential is now about $3.9 million.  

The U.S. Navy faces particular peril when naval ships set out to sea, where software updates are difficult to make. A cyberattack on a naval ship could result in any number of disasters—a steering failure, malfunctions in navigational equipment, loss of electricity, a pressure release or a hatch opening unexpectedly. 

“A Navy ship is a floating enterprise network of immense complexity with weapons and communications systems attached, with classified and unclassified information, with systems that are open source and others that are secured,” said Aaron Elkins, professor of management information systems in the Fowler College of Business. “You can’t just put something like that on a system that scans only for threats.” 

Visionary thinking 

To better equip the Navy against security breaches, a team of San Diego State University cybersecurity experts, including Elkins, Bongsik Shin and Lance Larson, has launched a three-year, $310,000 project funded through the Naval Engineering Education Consortium, an alliance of research universities. What they intend to do is unprecedented—design a customized cybersecurity threat intelligence platform robust enough to simultaneously evaluate assets, discover vulnerabilities and uncover threats in a real-time, information sharing environment. 

“Some organizations just focus on their assets. Some organizations just focus on threats,” said Elkins. “There is not a relational key that addresses these two along with vulnerabilities.” 

The SDSU team’s Cyber Threat Intelligence (CTI) System would use big data and artificial intelligence tools to search external threat intelligence sources for actionable intelligence. Long-term, the team’s vision is to build a threat information exchange system that could be employed universally, and by multiple agencies at once.

Elkins and colleagues are involving SDSU undergraduate and graduate students in project development. After all, they are future professionals in the growing field of information security. 

This partnership-based model, which also offers training and employment opportunities for students, is an example of how SDSU intends to structure research and student learning in the future, particularly at the potential Mission Valley campus. 

Timely intelligence 

Designing advanced threat intelligence systems requires intimate knowledge of the motives and methods employed by threat adversaries, nation states, criminal groups or hacker hobbyists. To counter these predators, companies, organizations and agencies rely on default measures, such as updating software to strengthen enterprise systems, regularly changing passwords and training employees to spot scams. These are important measures, but not always effective against sophisticated actors.  

“In cyber, you have two forms of defense: safeguards and countermeasures. But we found one thing missing from many cyberthreat management systems: the use of timely intelligence,” said Larson, who worked in law enforcement and spent years as a government consultant and contractor before joining SDSU. Larson now co-directs the graduate program in homeland security within the College of Sciences. 

The SDSU team’s novel triangulation model is a departure from earlier prevention and reaction methods to prevent unauthorized access to military systems, particularly naval ships. Having moved beyond the conceptual, the team is fast-tracking toward a prototype. 

Larson compared the threat to a rapidly approaching train. “You need to feel the vibration of the train tracks even if you cannot see the train. That’s what our system will do, and that’s why it may be able to reduce vulnerabilities in the double digits,” Larson said. 

Building a pipeline 

Eric Monette, one of the students working with Elkins, Larson and Shin, has presented his research to senior leaders within NAVSEA (Naval Sea Systems Command) and has passed the CompTIA Security+ exam, an internationally recognized certification for professionals in the cybersecurity field. He hopes to pursue a doctorate and become an information security officer. 

That future is already materializing. Monette, a veteran of the U.S. Air Force and graduate student at Fowler College, received an offer to work with NAVSEA, beginning in January, as an information technology specialist, supporting the nation’s sailors. He is one of five SDSU students to be offered permanent positions with divisions of the Navy since the project launched in 2017. Another five students have internships. 

“It is important that our students are taking an active role in research,” Elkins said. “It is not that easy to find people who are experts in the technology field moving into this work, so part of what we are doing is cultivating that connection and a pipeline to secure our nation’s future safety.”