KINGSTON, R.I. — April 21, 2023 — When U.S. Army Major General William J. Hartman first joined the military 34 years ago, he and his fellow soldiers arrived on the battlefield by jumping out of an airplane. Today, the battlefield that concerns Hartman the most is not accessible via aircraft or any other vehicle.
As commander of the Cyber National Mission Force, under U.S. Cyber Command, Hartman leads a team of 2,000 military members and civilians with a mission to protect the United States from foreign cyber threats. During a visit to the University of Rhode Island earlier this week, he said cyberspace has created an entirely new form of warfare—one that plays out each and every day.
“I used to be an infantryman. I trained a lot to fight, but at least in my first 10 years [of service] I didn’t fight a lot,” Hartman told a crowd of students and faculty gathered in URI’s Memorial Union Ballroom. “[That] is fundamentally different from the way we execute cyber operations. On a daily basis, we have offensive teams, we have defensive teams, and we have information operation teams that are engaged with the adversary in foreign space. That is a fundamentally different model for how we execute warfare than what we really see in any other domain.”
Hartman was the keynote speaker for the inaugural Langevin Symposium at URI, which explores topics related to national security, U.S. civics, and democracy. The series is named for former U.S. Congressman James Langevin, who joined the URI faculty in January as a visiting professor of political science and lends his expertise to the series. The topic for the first installment of the series was “Cyber Warfare: Understanding National Security in the 21st Century.”
Along with Hartman’s keynote, the event featured a presentation by Valerie M. Cofield, chief strategy officer with the U.S. Cybersecurity and Infrastructure Security Agency (CISA), as well as a panel discussion with Hartman, Cofield, and Langevin moderated by Roya Izadi, assistant professor of political science at URI.
During the panel discussion, Langevin said his eyes were opened to cyber threats by a 2007 demonstration called the Aurora Test. In their demonstration, researchers from the Idaho National Laboratory remotely accessed a power generator, issuing commands that pushed the machine to the point of exploding.
“If you could do that to one turbine, you could imagine … doing that to a whole section of the country’s electrical grid,” Langevin said. Such an attack would not only do “great damage to our economy but also potentially [lead] to loss of life. That was my wakeup call.”
That realization pushed Langevin to be a leader on cyber issues during his time in Congress before his retirement last year. He chaired the Emerging Threats and Capabilities Subcommittee of the House Armed Services Committee, founded and co-chaired the House Cybersecurity Caucus, and served on the Cyberspace Solarium Commission, created by Congress to develop an overarching strategy to protect the country against cyberattacks.
Today cyber threats are ubiquitous, whether carried out by lone-wolf criminals or by state-sponsored actors.
The ongoing war in Ukraine demonstrates the importance of the cyber battlefield in modern conflict. Hartman said that well before soldiers and tanks poured across the border into Ukraine, Russian forces were laying the groundwork for cyberattacks. By the time the invasion began, defensive elements of Hartman’s team were already working with the Ukrainians to help them prepare critical networks for the onslaught to come. These types of “hunt forward operations” not only provide critical aid to allies and partners, Hartman said, but also help to protect cyber infrastructure within the U.S. by identifying malicious code.
“We started immediately sharing indicators of compromise—literally thousands of malicious IPs that the Russians were using to attack Ukraine could be blocked by the U.S. and other partners,” Hartman said.
While Hartman’s team works to secure military cyber assets from foreign attacks, CISA, where Cofield works, helps to coordinate government and private cybersecurity efforts nationwide. Increasingly, she says, critical cyber infrastructure is in the hands of organizations that don’t necessarily have the personnel needed to protect it. These include places like hospitals and schools, which have increasingly become targets of ransomware attacks. So one of CISA’s priorities is to help protect entities that are “target-rich and resource-poor,” Cofield said.
“Most of the critical infrastructure in the U.S. is actually owned and operated by the private sector,” she added. “So that’s one of the mission spaces the CISA occupies. As the civilian defense agency, we work day to day with the private sector.”
All the participants underscored an urgent need for new cybersecurity experts to join the workforce.
“Our ability in this country to develop, [and] attract to government service, the cybersecurity experts that we need in order to defend the nation is absolutely critical,” Hartman said. “We have fantastic talent across the force, but we don’t have enough of it.”
URI is working to do its part in training a new cyber workforce, offering undergraduate and graduate degrees in cybersecurity as well as a professional certificate. In May, URI will graduate its first class of CyberCorps Scholarship for Service Recipients. The program provides tuition, a stipend and other funding to students seeking undergraduate and graduate cybersecurity training. In exchange, CyberCorps Scholars must work for a U.S. government agency for a period equal to the time they received their scholarship (usually two years).
After graduation, URI’s first CyberCorps cohort will all take posts in public service. Benjamin Dahrooge will join the URI faculty as an assistant professor. Kenneth Lu Diaz is headed to Los Alamos National Lab as cyber security specialist. Jacob Lussier will take a security post with the U.S. Regulatory Commission. Pranitha Nichanametla will join the National Oceanographic and Atmospheric Administration as a cybersecurity specialist. Samantha Louise Saldua will take a security position with the Federal Deposit Insurance Corporation.
These professionals will be part of a workforce rising to meet the cybersecurity challenges of tomorrow. Because cyber threats will continue to be a dominant force in U.S. public affairs both domestically and abroad.
“Data,” Langevin said, “is the new oil.”