By Sean Evans - Student in Integrated Security Program Capstone Course 4164 - The Future of Security
In early November, I had the chance to participate in the 72nd Student Conference on U.S. Affairs with two other members of the Virginia Tech community. Hosted annually at West Point, Delegates from prominent universities and colleges across the country are invited to participate in drafting memorandum on a pressing issue to a relevant U.S. office. After travelling up the Hudson Valley to where the conference was hosted, we were assigned to roundtables on various issues facing the United States. These roundtables ranged from Social Media and the Weaponization of Information to Inequality in an Era of Disruptive Technology. Our delegates were all assigned to the roundtable regarding 21st century vulnerabilities: Critical Infrastructure and Cybersecurity. The United States Military Academy boasts an impressive campus with an almost foreboding sense of history. West Point alumni include multiple U.S. presidents whose statues are prominently displayed over the campus. Due to COVID-19 restrictions, we were only allowed to interact with a select few cadets. Nevertheless, the legacy of West Point seemed to be one that cadets took seriously.
On the first day, we were introduced to the cadets who would be working with our roundtable. A younger cadet would serve as the scribe for the roundtable, one of the senior cadets would serve as a delegate, and one other senior cadet would serve as the student lead. We were also introduced to our Co-chairs who were experts on our assigned issue. Throughout the four-day conference, we also had the chance to hear presentations from some of the leaders of the private and public sectors regarding the growing importance of cybersecurity in the development of U.S. policy. We spent the majority of our time in the first days of the conference debating the importance of various vulnerabilities facing critical infrastructure in the United States as well as key adversaries and allies of the United States specifically regarding this topic. Thankfully, before we had the chance to begin the process of writing our memorandum and deciding its destination, we were to listen to the keynote address, which was given by General Nakasone Commander of U.S. Cyber Command as well as Director of the National Security Agency. He spoke on the importance of understanding that technology is here to stay and the necessity of working in tandem with industry to help them to understand that they are at a crossroads when it comes to understanding the strategic environment, they are currently facing in terms of cyber threats to the U.S. economy. Greater transparency between both partner nations and between industry leaders helps to prevent disasters. He further emphasized his belief that the future lay in AI and machine learning, 5G and its relationship with the internet of things, space-based weapons and capabilities, kinetic and non-kinetic cyber weapons, and cloud computing. Ending on a note that highlighted that the importance of working together with partner nations as he states that the United States is a standout among allies while its adversaries are simply standouts.
Our roundtable’s topic was extremely close to the issues that General Nakasone and the panel of industry leaders earlier in the week had focused on so we spent our time developing what we hoped would be an impactful memorandum regarding securing supply chain infrastructure to protect against cyber-physical attacks and increasing cyber literacy in an attempt to lower the incidence of cyber-attacks against critical infrastructure caused by human error. Working with delegations from different esteemed universities was a rewarding experience as well. Prominent members of our roundtable came from the graduate program at Oklahoma State University, West Point, and Harvard. We originally spent the first several sessions debating the significance of various threats on the United States and decided to devote specific focus to Ransomware, Supply chain security, cyber-physical attacks, Strategic competition with China, and non-state actors. In response to the issues highlighted by General Nakasone, we developed three policy recommendations for National Cyber Director Chris Inglis. First, we recommended the creation of two-tiered education system for K-12 and post-secondary institutions. K-12 schools would increase digital literacy in a manner not entirely dissimilar from the boost of financial literacy classes we have seen in recent years. In post-secondary institutions, we recommended the creation of cyber fellowship programs and agency-sponsored certifications tailored to specific concentrations. To address the issues of cyber-physical and ransomware attacks we suggested the creation of an international organization titled the Global Supply Chain Oversight Committee (GSOCC) that would assign security ratings to companies that do business in the critical infrastructure of the United States. Finally, to address reporting issues regarding cyber-attacks in American industry we asked the National Cyber Director to increase devotion to a unified Cyber Intelligence community that would improve information sharing between both law enforcement and cybersecurity firms. However, due to the competition inherent in the United States market, we wanted to ensure that a legal framework was also developed to ensure the protection of privacy and IP of standard-compliant reporters while mandating that the Cybersecurity and Infrastructure Security Agency (CISA) coordinate responses to cyber-physical attacks with the Department of Defense.
The conference itself was incredibly hospitable to both host and feed our delegation. Furthermore, we were granted long dining hours to converse with other delegations as well as with the experts who were present. It was incredibly interesting to learn about the different approaches various policy-focused majors take when it comes to issues of national security. I found it extremely interesting how important policy-specific knowledge was still applicable to fields that are usually considered highly technical. I was originally concerned about my placement on a roundtable concerning vulnerabilities in cyberspace, however, I found that I could easily lean on my peers who had a greater understanding of the specific vulnerabilities of various portions of the United States while their understanding of policy was proportionate to my understanding of computer science. That is to say, while either one of us may have only had a tertiary understanding of the other’s major we were able to effectively parse our knowledge into ways that the other could understand. This conference reaffirmed to me the importance of intersectional events between institutions and areas of study to solve complex problems that the United States is facing on the international stage.