Navy Plebes Learn What Happens ‘Behind the Curtain’ of the Internet
ANNAPOLIS, Md. — The U.S. Naval Academy has created a Center for Cyber Security Studies and instituted mandatory network defense courses in an attempt to prepare new recruits for Internet warfare. The first class, Cyber 1, covers the basics of Internet security and will be taught to about 1,300 students this year.
The Navy is in dire need of “cyberwarriors," as it must not only protect computer systems ashore but also each ship's self-contained network and an intranet shared with the Marine Corps.
Midshipmen are finding out that in order to be good stewards of cyberspace, they must also know what it means to be bad.
From a classroom here on campus, a group of freshmen “plebes” and their professor sniffed out open computer ports around the world to take control of webcams, moving them around and peering into lives of strangers thousands of miles away.
Far from a primer on voyeurism, these students were being taught a lesson about the dangers of the Internet and how keeping a port open is like leaving a backdoor unlocked for a burglar.
If they want to learn how to protect critical networks, these future sailors and marines have to know what it takes to bring them down, says their instructor Navy Capt. Steven “Doc” Simon.
Aside from the webcam experiment, students are shown how to perform offensive and defensive actions in virtual networks that do not connect to the actual Internet.
During an Oct. 19 class, the plebes worked together to create wireless networks on their issued laptops only to have Simon and his assistant, Ensign Justin Monroe, break into them, steal critical information and display it for all to see. The students were forced to go back and add encryption to their wireless access points.
The ease with which hackers can attack networks and capture information surprised Midshipman 4th Class Gavyn Gonzales.
“I always thought it was some genius kid in the basement or more sophisticated procedures, but it’s actually pretty easy,” he says. “I’ve seen the attacks that we’ve studied. They were just someone being careless and an attacker taking advantage of that.”
Gonzales says that he didn’t know much about computers before the Cyber 1 class. That’s typical for the so-called “Computer Generation” entering the academy, Simon says.
His students, who average an age of 19, can use pretty much any gadget thrown at them but are only now beginning to understand how the Internet works.
“These kids grew up with [smartphones] and computers in their houses. One school of thought says we aren’t going to be able to teach these kids anything, because they know it all already,” Simon says. “What we came to find out was these guys are outstanding computer users. They know Facebook, they know Google, they can do stuff with their phones . . . But they don’t really know, with the exception of a very small number, what’s going on behind the curtain.”
Each of Simon’s classes begins with a presentation by a midshipman about a recent real-world hacking incident. Students also attend lectures by the likes of U.S. Cyber Command chief Army Gen. Keith Alexander and former director of both the National Security Agency and the CIA, retired Air Force Gen. Michael Hayden.
These talks are hosted by the academy’s Center for Cyber Security Studies, which Simon oversees. The center is not an academic department, but rather an independent effort that seeks to inject some level of network security education into all aspects of life on the campus. The academy has been able to place midshipmen in internships at NSA and National Defense University and send them to competitions to test their newly acquired skills.
Navy midshipmen last year won the NSA’s Cyber Defense Exercise, which also featured teams from the Air Force Academy, the Military Academy at West Point, Stanford University and the Massachusetts Institute of Technology. The competition required the teams to build networks and set firewalls that were then attacked by NSA personnel. The groups were graded on how long it took NSA to bring down their networks.
By establishing the new core curriculum and cybersecurity center, the academy aims to double the number of computer science and IT majors at the school, which currently graduates 20 to 25 in each area of study annually.
The focus on cybersecurity seems to be paying off in the form of students such as Midshipman 4th Class Corbin Steele, who recently taught himself a computer programming language. He also has been inspired to research routing and encryption systems in an attempt understand exactly how information travels from computer to computer.
Most of the academy’s graduates will go on to be pilots or operators of submarines and ships, Simon says. But Steele is one those students who intends to use his math and computer skills to defend the Navy from the increasingly complex Internet attacks he is learning about in class. Given all of the hoopla about cybersecurity in recent years, Steele was shocked to discover that hackers are not being deterred.
“It’s an active battle front,” he says. “The line is shifting both ways. We make progress and they make progress. It’s a dynamic battle, not just something we’re slowly winning.”
Officials are currently writing the curriculum for a mandatory Cyber 2 course, which will delve deeper into the technical “magic” behind computers and policy considerations. The academy will offer electives that cover even more advanced concepts. Simon also is pushing to have both the core courses taught in ROTC programs at other universities throughout the country.
Educational efforts like these will help the government fill crucial network defense positions, Simon says. Regardless of whether the plebes in his classes become computer gurus, they will always benefit from having a solid understanding of cyberspace, he says.
“It doesn’t matter if they’re crawling through a desert, standing watch on a ship or flying an airplane,” he says, this knowledge will allow them to make the right decisions.
That is why he shows them how to hack into a message board, right along with how to close security gaps on their self-created networks. It is also why Simon wants to bring in a world-class hacker to speak to his students — one that has gone legit, of course.
“Remember, I’m teaching computer defense,” Simon says. “We’re not training 1,300 hackers to turn out into the world. That is not our goal. That is not our policy here.”
But do the Naval Academy’s best and brightest have what it takes to hack into sophisticated systems and bring down networks?
Simon smiles. Probably, he says.
Though he is quick to cite an honor code that forbids them to go back to their dorms at night and try.