In February I wrote a piece here on my blog discussing the current woes of the joint professional military education environment and the pending drastic cuts. I was discussing how it effects me, but there is a much larger set of problems in how it is going to effect the nation too. I’ve watched over the last year as numerous computer security and information warfare programs at the Joint Professional Military Education (JPME) level have been cut. Those that thought, “I do cyber” have not been left untouched. So, what is an academic to do? Well I’ve been looking for a new job and here is where I’m going to be going starting with the beginning of the new school year.
I’ll be a tenured associate professor at Purdue University, West Lafayette Indiana, at the number one computer forensics program, in the nation.
Purdue represents a significant increase in my ability to engage in research, be involved in my discipline directly, and have an impact on the field of study I’m an expert in. The Purdue College of Technology and the Computer Information and Technology Department closely align with my interests, and expertise. I will have extensive access to CERIAS my favorite information assurance and security organizations.
Why would I be leaving such a prestigious institution as the National Defense University? The number one reason is that the opportunity at Purdue is significant. The discussion though does need to be truthful about the nature of government work. Over the last six months my current boss has had a Princess Bride plot line kind of Dread Pirate Roberts relationship with myself and the rest of the faculty in our all hands meetings.
“Y’all are doing a great job, love y’all, but likely have to fire you on Monday.”
Even given the negative environment I haven’t felt especially at risk. My knowledge, skills and abilities fit in quite well with the current and apparent future direction of the United States Government even if not with the Information Resources Management College (IRMC) and the National Defense University (NDU). As such I think I could have stayed for a long time in government, but this isn’t exactly the tidings you’d expect in government as an employee. I really like stability and want to be able to teach and engage in research. Direct policy impediments were put into place affecting both of those activities and created a significant push to find another academic job somewhere more conducive to the academic practice.
As a PhD in computer forensics with nearly 25 years of experience in things cyber you’d think you’d be treated with a little respect. It isn’t a criticism of the chancellor of IRMC so much as what it is like to be a government employee. When you’re in a sea of GS15s equivalents you’re really only more flotsam and jetsam regardless of grade or rank. Not much to be done really. There is this “thing” called Title 10 civilian employee. It is supposed to be a significant increase in prestige, but the way they use it is to hire in subject matter experts easily. Then just as easily if they don’t like you they can use the same process to fire you.
See the Title 10 process has all the responsibilities and egregious rules of being a federal employee for behavior, and all the risks of censure and termination of a contractor. This position of being a Title 10 employee doesn’t come with the higher level of contractor compensation and has many of the downsides of government service in leave and benefits. In other words it is supposed to be a bonus and really it is a chain. Be wary my future government employee students.
I most assuredly have enjoyed being affiliated with the Information Resources Management College (IRMC) at the National Defense University (NDU). I have learned an immense amount from my fellow faculty and my students. I did feel that my technical skills were eroding faster than I would believe but I’ll work on re-acquiring those skills rapidly at Purdue. A constant focus on strategic without the bedrock of tactical and operational skills left me puzzled. There is a “magic happens” and “anybody can do information” feeling to the programs at NDU. We would never let a general in the field who hadn’t had extensive experience in the chosen weapons, but we’ll do exactly that with things called cyber.
When I arrived at IRMC they asked what I wanted to teach. I told them I wanted to teach in SEC (technical hands on security lab course), TCC (cyber terrorism and cyber crime course), and the Information Operations (IO) and Information Warfare (IW) courses taught to the National War College students. I ended up working with Mary Carroll in Enterprise Risk Management. Luckily she was a beautiful and smart person willing to take me under her wing and help me out. Unfortunately she’d been in government as long as I’ve been alive and retired. Well unfortunate for me and lucky for her. I do miss her.
I did get to teach in the IO and IW courses. These are classified courses and taught in a SCIF. Most of the content I taught was from open sources, but the students asked lots of questions, which led down sensitive paths. I hope by bringing in the likes of Claude Shannon, Kerckhoff, Von Neuman, Wiener, and so many earlier authors the students got as much from the classes as I did. Since these courses were taught primarily to JPME students it was rewarding to know the students would make use of the knowledge serving the nation. I was lucky that though IRMC is a Department of Defense school the inter agency is heavily represented. I often had significant presence from DHS and State in the classes.
Where am I going and what will I be doing in the future? In the future I hope to continue my work with CERIAS at Purdue and integrate some of my research into the multi-disciplinary environment that a center like CERIAS can offer. I would like to continue my research into cyber warfare and the various aspects that impact national security at CERIAS as funded research. I would really like to get in on some aspects of the “Plan X” DARPA project, but I’ll have to wait and see what the funding streams look like. I don’t want to end up sitting across from a DARPA project manager talking about how academics can make widgets but nothing really significant.
What about research? My future research vector is much more along the forensics path than in the past. I’ll continue to look at strategy but I have some insights into that now that I missed. There isn’t much room for grand strategy in the current political arena. Regardless of posturing or argument to the contrary most American grand strategy is acute pain relief rather than chronic ailment solving. One way to fix some of the issues of strategy is to create scientific and technological strategies to leap the gap of the current policy impediments. Make the policy mechanisms simply overcome by events (OBE) by creating technologies that the policy mechanisms never thought of or could be used against.
I was tasked by friends at CERIAS with defining my research in the future slightly more detail than my research focus that I originally had written. So what follows are my top three areas of interest in research for the future.
First area of research: Cyber conflict. I have a deep and abiding interest in cyber conflict/war and how it is waged and what can be done as a protection mechanisms against it. There are direct areas of research into the founding principles that simply haven’t been defined yet. I am well grounded and prepared to discuss this area deeply and with breadth. I understand the concepts of strategy, operations, and tactics and how much of the different worlds militaries are organized to fight in this space. More importantly I understand the different biases of agencies, actors, and entities that are fighting over the cyber conflict rice bowl. I can explain and detail issues and problems along with solutions and mechanisms of relief while tying this area into information assurance and security and war.
Second area of research: Attribution. This area has direct links to forensics. I hypothesize that we have made technical attribution much to challenging as a false barrier that is usually politically motivated. We worry about who made the ore to make the gun rather than who shot the neighbor in computer and malware forensics. I think (though can not prove) that current network forensics professionals ignore entire levels of technical attribution and the evidence can be found in the telemetry levels of the telecommunications layers.
Third area of research: Industrial control system forensics. I’ve talked to NERC and various other entities involved in large-scale critical infrastructure protection and they all agree that this is a huge issue. How do you do forensics on a power plants industrial control systems? Most current computer forensic strategies analogize as cutting off the patients head to do dentistry. Since most computer scientists stop where TCP/IP ends, and most electrical engineers start where low voltage industrial control systems begin this area has what we call a “strategic seam”. I have deep knowledge of the low voltage side and good level of depth and breadth on the information technology side. I’m not sure I’ve run across anybody who has depth and breadth in both disciplines. Admittedly most of my interest in this has been from attacking critical infrastructures and key resources and how to obfuscate forensic level attribution. Key element to this: It isn’t just grab an image and analyze it. It is also systems of systems analysis for perturbations that are unexpected or causal.
What about teaching? I’ve really enjoyed several of my students at IRMC. I’ve had several leave the IRMC and head off to PhD programs and significantly enhanced careers. I’ve had my share of the other kind of student too. I was roundly criticized by a student who felt that I, “Didn’t read all of their content and missed the point of the discussion.” What the student failed to understand and was illuminating to me was that I was there to teach them not debate with them. Where the student wanted me to accept at face value their considered and obtuse discourse, my goal was to get them to think beyond the moment, doctrine, and policy into how they as leaders would impact the future of MY country. The existence of students with brittle cognitive structures, and engaging in concrete thinking is one of the challenges of being a professor. Breaking the fundamental obstruction of concrete thinking is one of the joys of being a professor.
So, what about future students? I look forward to working with students who engage in real research in an environment that fosters discovery and challenges the scientific grid lock of paradigms. Of my future students I actually know quite a bit. The minute I signed the Purdue contract they started contacting me. The academic and administrative systems move slowly but the grapevine of graduate students is the only faster than light communication medium known to man-kind.
Another element that academia requires is service or engagement. What about consulting to government? I’m more than willing but I think there is a fundamental misperception on what that means. The United States federal government is a morass of regulation, and administrative codes making the entire archaic structure a mess of inaccurate and policy foibles. There is nearly zero way for the government to bring me into the fold as a direct consultant. They could do this through a contractor entity, but I don’t see that happening anytime soon. A contracting entity would have to move fairly quickly.
After all, what government entity would want to take my already paid for high level security clearance credentials and manage those so that I could work on projects that would be tax-deductible and show an academic industry partnership? I know there have to be four or five real published experts with internal knowledge of the government mechanisms for waging cyber warfare, information assurance and security, and the host of intergovernmental issues. I just don’t foresee a top-level government entity making me an offer for part time work at that level. Unless they ask really soon my window of opportunity will close.
I look forward to other forms of engagement in academia. As a tenured professor I expect I will serve on some committees. I served previously at the University level and had fun. This time around I think I will limit my participation to the discipline and the research vectors as much as possible. I’d really like to engage with CERIAS and see what kind of research paths might be open. I’d like to find myself on more journal editorial boards serving my discipline and I most assuredly I will be doing more committee work for particular conferences. Of course there will be the required department and college level service commitments.
Opportunity abounds.
1 comment for “Incoming rounds and short artillery: I’m outta here”