DoD brings in the academics to help it with cybersecurity knowledge

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Defense Department is establishing stronger ties with colleges and universities focused on a single urgent issue. It’s called the University Consortium for Cybersecurity, or UC2. For more on who’s involved, how it works, what its goals are, Program Manager Ian Crone spoke to Federal Drive with Tom Temin.

Interview transcript:
Tom Temin: Mr. Crone, good...

READ MORE

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The Defense Department is establishing stronger ties with colleges and universities focused on a single urgent issue. It’s called the University Consortium for Cybersecurity, or UC2. For more on who’s involved, how it works, what its goals are, Program Manager Ian Crone spoke to Federal Drive with Tom Temin.

Interview transcript:

Tom Temin: Mr. Crone, good to have you on.

Ian Crone: Thank you. Great to be here.

Tom Temin: And tell us where this consortium lives within the DoD panoply, here, it’s part of National Defense University?

Ian Crone: That’s correct. So this consortium responds to congressional direction from the FY ’19 National Defense Authorization Act, Section 1659, which our colleagues in Congress looked across the department and recognize a challenge, which is that there are many folks across the department working with universities, but we could really step up our level of collaboration. And so the UC2 or University Consortium for Cybersecurity responds to that direction. UC2 is organized out of the Office of the Secretary of Defense for Research and Engineering, but has a wide range of stakeholders and the National Defense University’s College of Information and Cyberspace is the executive chair for that consortium, and will be acting kind of as the administrative hub for the consortium’s activities moving forward.

Tom Temin: So Congress ordered this into existence. I think it was last year’s NDAA, is that correct?

Ian Crone: It was two years ago, yeah, it took us a while to get organized. But Congress directed us to figure out a way ahead. And the consortium is how we are organizing to respond to that challenge. They also clarified some of those roles and responsibilities in this past year’s FY ’22 NDAA.

Tom Temin: Well, two years from an NDAA to actuality is actually not bad. That’s better than a lot of the programs go. And tell us what the goals are, here, what are you trying to accomplish?

Ian Crone: This is, I think, really kind of twofold. One, how do we present a better face to the wide range of colleges and universities that work all across the country on a wide range of cybersecurity topics? The department’s a huge place, how do we better consolidate kind of some of the key challenges, technology gaps, and other key issues that the department sees to the universities so that we can really bring the brightest minds from across the country to bear on those hard problems? That’s one area. I’ll say the other that I certainly would say is just as important is how can the Department of Defense be a better customer to and partner with those universities? It’s always a challenge for colleges and universities, and really, for the entire defense industrial base to work with a department, we don’t always make it easy. And so something that I’m really excited to work on is how can we be a better partner for these colleges and universities? And that may come in the form of reviewing or reforming policy or recommending changes to any number of different areas that could really just make it easier for the whole country to be involved in working on the hardest problems that we have.

Tom Temin: And there’s an element of bringing in the historically Black colleges and universities and also the historically underserved universities. That’s part of this program, too, as well, correct?

Ian Crone: Yeah, there’s no question. For the initial year, we’re partnering closely with the National Security Agency’s National Centers of Academic Excellence in Cybersecurity (NCAE-C) program. So the initial cadre of schools, which is about 350 schools that are part of this first year’s efforts are the schools that we’re putting RFIs out to. And that list includes a large number of historically Black colleges and universities, as well as a number of other minority serving institutions. And I think that’s a key aspect of that idea of bringing the whole country to bear on some of the key challenges that the department faces today.

Tom Temin: We’re speaking with Ian Crone, he’s acting principal director for Cyber in the Office of the Undersecretary of Defense for Research and Engineering. And in the kickoff of this, that undersecretary, Heidi Shyu had quite a bit to contribute, too, I understand.

Ian Crone: She absolutely did. Honorable Shyu is a real champion for many of the same goals that the consortium serves and delivered some really, I think, inspiring remarks that reminded us both of the strategic direction that the department and the country are taking as a whole and some of our responsibility to be both champions and key stakeholders for these key issues.

Tom Temin: So the collaboration then extends beyond the professors and academics themselves at these institutions, but also some of the students?

Ian Crone: Yes, absolutely. It’s easy to think just as professors, but that’s where the work gets done. And that’s also going to be the next generation of leaders and doers across the whole country. So trying to figure out how we get a wider range of students working on, aware of some of the opportunities, the challenges that the department faces, we’re facing some really tough problems right now. And I’ll even reiterate and say, the next generation, whether that’s in uniform, civilians, contractors that are going to be key to the department’s challenges those folks are getting educated in the colleges and universities today and in the future. And if the department doesn’t have a great partnership with those colleges and universities that reaches down to the student level, we’re not doing our jobs.

Tom Temin: And there’s a program across government of some years running. It’s called the Temporary Assignment Program or the Personnel Mobility Program where people from academia can actually become temporary or assigned federal employees. Is that part of this or is it everybody works for their own tuition and just collaborate?

Ian Crone: That’s not something that we’ve folded into this activity yet. There’s the IPA program, there’s a number of these programs today. I think the thing that you’re getting at, which is a key point is the department has a large number of these different programs, many of them long-running. One of the things that I know is a priority for me is just to wrap our arms around and consolidate from the department’s perspective, what those programs are, what the opportunities look like, so that we can do a better job providing even just the information on those programs to both folks within the department and the colleges and university partners. A lot of times, it’s hard to even know what the opportunity space looks like. And we need to do a better job at that.

Tom Temin: And how do you expect the program to operate then that is, will different colleges work on different particular pieces of cybersecurity? And are you giving them grants to work on things? How does it operate?

Ian Crone: The initial way that we’re running this and I’ll say, initial because we’ve only just started, through our NCAE-C partner with the NSA, we issued an request for information this past fall on two key technology topics: looking at things like human machine teaming, and modeling, and simulation capability that we know are hard problems for the department; and really looking for innovative work going on out in the colleges and universities that we might not already be aware of. So we’re going to get those responses back early this year. We have a team of folks that’s going to go through those and grade them and then hold a workshop to bring in key department stakeholders so they can hear more about that key work that’s going on. We expect that that RFI process will evolve over time as we learn more about kind of the college’s and their interests, their priorities, the stakeholders interests and priorities. I expect that we’ll start doing RFIs that are more focused on the process and policy questions in addition to the pure technology questions. Right now, these are not grants, we’re not offering funding as a result. So this is not a BAA or an RFP process. That’s something that we’re certainly exploring and looking at in the future as if we need to evolve to that basis. But for right now, we’re definitely offering for those key technologies that we’re identifying if there’s great ideas, going on out there in the community, we’d love to connect the folks with those ideas and those technologies with potential partners from across the department.

Tom Temin: And what are some of the very top of list technologies and procedures you want to explore first?

Ian Crone: Yeah, the first RFI that we issued, I’ll say that the two keys that we identified were human machine teaming. So there’s no question that autonomy and AI as a department priority, and the deputy secretary has certainly highlighted that. And there’s no question that those technologies are going to be key, for every area of the department, but I think, for cyber in particular, the scale and speed of the challenge is really going to demand the use of autonomous capabilities. But those autonomous capabilities have to be partnered with, the operators with the analysts with the humans that are going to be operating those systems. So looking at key questions about autonomy and trust, and then the relationship between the humans and the machines, how can we best optimize both partners? And the other key area that we looked at was looking at high fidelity modeling and simulation. So there are a variety of tools out there for cyber modeling and simulation looking at how do you emulate something like a computer network. There are other models out there for things like physical processes so think industrial control systems or SCADA equipment, but really, the problems of the future are going to demand that we have the ability to jointly reason over both physical processes and network processes. And that’s bluntly, a really hard problem. And we’re looking for innovative solutions that are going to enable us to defend our networks and understand our vulnerabilities and then get after the key problems in a more scalable and robust way.

Tom Temin: And really, when you look at say, a question, like human machine learning and teaming and autonomy, that applies in a lot of DoD domains, even outside of cybersecurity.

Ian Crone: It absolutely does. And there’s robust activity going on to explore that space across the department. But absolutely, we’re also excited to hear about technologies that may be being developed for non cyber purposes. But that might have applicability to cyber, as you say, it’s a deeply interconnected subject area. And one of the things that I think is really great about universities and colleges is, a lot of times there’s work going on in another department that maybe folks would be knowledgeable about, but that, we just blindly looking through our sodastraw cyber might not be, and so looking to those colleges and universities to start forming those connections and start thinking about things in a multidisciplinary and interdisciplinary way to bring those forward. I think that’s going to be a key area for us going forward.

Tom Temin: Ian Crone is acting principal director for Cyber in the Office of the Undersecretary of Defense for Research and Engineering. Thanks so much for joining me.

Ian Crone: Thank you so much. Great to talk to you.

Related Stories

    Getty Images/iStockphoto/djedzuraHacker typing on the illuminated  keyboard by night. Internet safety concept.

    Data will be key to building national cyber workforce strategy, officials say

    Read more
    Amelia Brust/Federal News Network

    DoD group partnering with industrial base to look for cyber vulnerabilities

    Read more