Swinging an axe, wielding a machine gun . . . or being able to place a virus that disguises itself into industrial software: which do you think is the most devastating form of warfare?
The new technology of war is perennially unrealistic and hard to accept: sometimes it seems nonmilitant, even. Now we don’t even fight with implements—further from the action even than drones, we fight with programming codes and systems engineering.
Cyber warfare is now what the gun was, a new form of destruction wrought by perceived non-warriors. It is similarly a potential leveler between disadvantaged dissident states and larger modern armies, as coding does not take years of infrastructure and political stability to carry out.
The United State DoD realizes all of our military assets are potential liabilities if contractors are not creating impenetrable products and systems: in 2018 the DoD formally heightened requirements for cyber security measures to be demonstrated in fulfilling every contract. According to Daniel Miller, cyber security expert and Senior Systems Engineer at Intuitive Research and Technology Corporation (INTUITIVE) in Huntsville, it’s easy to imagine the worst-case scenario. “A foreign advisory could use malicious software to infect our power grid and take power offline for a portion of the country for weeks or months at a time.” For a beginner, that’s a tangible introduction to this field: keeping the bad actors out of the computer systems, networks, and programs that literally keep the lights on.
“My goal is to provide the soldier with authorized cyber-resilient information systems, enclaves and weapons platforms in support of global tactical organizations,” said Miller. Cyber security factors into every contract, because there are so many avenues for threats to take.
To give the reader an idea of how serious cyber threats are, I had Daniel Miller tell me a real-world example. Did you know that sometime between 2007 and 2010, Iran lost one fifth of its nuclear centrifuges (they spin nuclear material)? A virus later identified as Stuxnet had likely made it into Iranian computers that controlled industrial systems. The virus replicated itself and covered its own tracks, lying dormant until certain conditions were met. It created false data to suggest centrifuges were operating properly, and meanwhile spun them out of control, ruining 1,000 machines. There was no retaliation because no one took credit blatantly for the sophisticated attack. The clever program has been identified elsewhere but has been otherwise benign. Looks like it wasn’t a reckless rogue nation . . . this time.
Cyber security teams are diverse in expertise and they have to be aware of threats unique to a particular project. “You could divide cyber security at a high-level into two areas: Offensive and Defensive,” said Miller. “Within cyber security, you have sub-disciplines such as computer forensics, penetration testing, network defense, cloud security, secure software development, and policy enforcement, just to name a few.”
While most of us think of continuing education as periodic enrichment, in the defense world it is constant. “At work we receive periodic threat briefings; there’s also a daily computer threat newsletter that summarizes the important threat news of the day.” Furthermore, most jobs require some certifications beyond a degree.
Each contract brings with it new requisite knowledge. Miller explained: “You have to know business, budgets, and schedules. For example, you wouldn’t buy a $1,000 safe to store a $10 bill. The same logic applies to cyber security. You wouldn’t develop an elaborate defense for a strategically useless piece of information. From the technical side, you have to know the basics of how information systems work.”
Because of the dynamic nature of being in cyber security, the job outlook is promising for young IT or engineering professionals at a place like INTUITIVE. According to Miller, “To be successful in cyber security requires attention to detail, the ability to work in teams, and the ability to be self-driven. You cannot wait around for someone to tell you what to do. You have to be able to identify what needs to be done and do it.” Typically, cyber security professionals have degrees in engineering (usually electrical or computer engineering) or information systems, but it’s not limited to those degrees. The most common path is through IT system administration or engineering with training that’s geared towards cyber security.
INTUITIVE is well known in the aerospace/defense industry for advancing technologies and software engineering. Miller said the surrounding teams inspire young professionals to take on challenges and advance their careers. “You’re encouraged to plot your own growth and to learn to communicate effectively about areas of expertise,” he said. INTUITIVE has grown from just 3 employees in 1999 to 400 now. As a matter of principal, their “Swiss Army Knife” approach to hiring, no employee’s fate hangs in the balance based on a single contract.
But what gets a cyber security expert excited about work every day? “I work on systems used by the Soldier,” said Miller. “These individuals put their lives in harm’s way and many times are separated from their families for long periods of time; I get to provide them cyber-resilient systems that help them do their job, hopefully easier and safer.”
Defensively or offensively, the knowledge of cyber security is a way to make the world safer. INTUTIVE always welcomes those interested in careers to reach out. See their complete list of job openings by clicking here.