Ask Gretchen Bliss about the United States’ biggest cyber vulnerabilities, and she won’t start with the power grid, or voting machines, or even the nation’s satellites.
“It’s people,” said Bliss, director of cybersecurity programs at UCCS. “People are our biggest vulnerability. With phishing scams, with people clicking on things they don’t know they’re clicking on — we need to get them to start being more aware of what cybersecurity is, from a tech perspective.”
For the average person, clicking the wrong link doesn’t conjure images of national security crisis; it’s more likely an image of Grandma unsuspectingly downloading malware on her cell phone. But remember: John Podesta, Colin Powell, and their staff members were fooled by a simple phishing scam, clicking on a shortened URL sent to them by Fancy Bear, an elite group of state-sponsored Russian hackers.
The need to strengthen the nation’s cybersecurity has brought together a host of partners at UCCS’ sprawling facility on North Nevada Avenue, including the National Cybersecurity Center, Exponential Impact (XI) and Space ISAC (Information Sharing and Analysis Center). The partnership has made Colorado Springs a national hub for cybersecurity in general — something envisioned by then-governor John Hickenlooper in 2016.
Micki Cockrille, communications director for the National Cybersecurity Center, explains the idea was born after a trip to Israel where Hickenlooper toured a facility that had a similar mission and makeup.
“He saw this amazing collaborative effort in cybersecurity between the government, education, and the private sector, and said ‘I want that in the U.S.,’” Cockrille said.
Hickenlooper wanted the center to be based in Colorado Springs, which seemed like a natural fit as the city already had such a large military presence. Later that same year, Hickenlooper founded the NCC.
DEFICIT OF CYBER PROFESSIONALS
It’s a quiet Friday morning at the office as Cockrille leads a small tour of the nonprofit’s facilities on North Nevada. “Once upon a time, this used to be a missile factory,” Cockrille said.
A bit past the offices lies a cavernous, empty warehouse, and the only things taking up space are two lonely looking cornhole boards.
The “people” problem Bliss outlined is never far from Cockrille’s mind.
“We want to train state legislatures and their staff to be more cyber-secure,” Cockrille said. To that end, the NCC is supported by Google with a program called Cybersecurity for State Leaders.
“The idea is to go to all 50 states to train state leaders and their staff on cybersecurity and best practices … train them on what the high-level threats are, what they can do about them — because these are the folks that are on the frontlines of democracy.”
Another “people” problem is the deficit of cybersecurity professionals, something else the NCC is tightly focused on.
“There is a huge cybersecurity workforce deficit,” Cockrille said, “and one big program here is cyber education. We want to train K-12 students, to make them more aware cybersecurity is a thing, as well as give them training and knowledge, resources and connections into the cybersecurity world.”
It’s a concern shared by Bliss, and it’s a big reason for all the construction on the site’s north end.
“That [north end] will all be UCCS — classrooms, faculty offices, conference rooms, training areas,” said Bliss.
While pandemic-related supply chain issues have pushed back the buildout’s construction timeline, Bliss believes classes will be able to begin by next fall.
The construction is filling in already existing space at the sprawling facility.
“We have over 120,000 square feet — we’ll be building out 26,000 on our side, and 8,000-10,000 for Space ISAC,” said Bliss.
Bliss also talks a lot about addressing the demand for cybersecurity professionals, and the importance of building a K-12 pipeline for these jobs — particularly its importance in recruiting women and minorities. It’s a field which, while growing rapidly, is also still emerging on the radars of students and their parents, and there is plenty of competition for the attention of the best and brightest students.
“Many students decide by middle school whether they will be going into STEM or cybersecurity, and we won’t win them back five years later,” Bliss said. “We want to make this acceptable at those younger age levels.”
An initiative Cockrille brings up more than once is the need for a kind of national cyber-911 hotline — something to help smaller businesses without many resources (such as a cybersecurity division) — and it’s something they’re currently building at a local/state level here.
'A SLIGHT DELAY'
Just down the hall from the NCC and XI, Space ISAC is a nonprofit that facilitates collaboration across the global space industry, with a focus on providing actionable intelligence/sharing information with allies.
Executive Director Erin Miller said that the agency has formed a variety of collaborative groups with the same end in mind — sharing information across the global space community, focusing on increasing the commodity-based supply chain, improving international cooperation towards threat response, and building out an on-site Watch Center, which will house analysts from the private sector and government agencies like U.S. Space Force.
Threats Space ISAC may analyze could range from hacked satellites to stray asteroids.
“We have companies in Norway, Japan, France, Luxembourg … we’re only expecting that to grow over the next several years,” Miller said.
Already corporate members include Microsoft, Booz Allen Hamilton, Northrop Grumman, Lockheed Martin, Parsons, and Kratos Defense and Security Solutions Inc., with L3Harris Technologies being the newest member, brought on board earlier this month. They share a keen interest in defending against potential threats to their own satellites.
Miller noted that part of the current buildout includes 5,500 square feet for Space ISAC HQ, adding that their total facility space will stand at about 7,500 square feet by the end of construction.
According to Miller, there has been “a slight delay in start of construction” of the Cyber Vulnerability Lab due to rising material costs and various supply chain issues, but she also said that “we believe we can complete it on time — by the end of next year, Space ISAC will have its watch center, and we will have reached our initial operating capacity.”
Simply being a resource for the public is another goal for the NCC.
“One thing we want to do is to be a voice in cybersecurity, and comment publicly in the fashion that think tanks do. ... We try to give folks some basic cyber hygiene tips, just things they can do here and there to take preventative measures,” Cockrille said, adding that they often film webinars at the in-house studio.
Next to some NCC-branded fridge magnets and pens for guests is a supply of laptop camera blockers with a sliding feature — a fancy improvement over Mark Zuckerburg’s infamous piece of tape.
Pressed to identify a No. 1 national cybersecurity threat, Cockrille declined to name names — but he emphasized that the community has witnessed some of the biggest hacks in history this year, specifically referencing the crippling Colonial fuel pipeline hack, the Kaseya ransomware attacks and the catastrophic SolarWinds hack, which alone triggered costs spiralling into the billions.
“Even with the recent hurricanes, wildfires, the pandemic — cybersecurity should be just as big a story,” said Cockrille. “But cybersecurity is not something you think about until the worst-case scenario happens.”