The CAE at 10: Interview with Dickie George of the NSA
Today, the ranks have swollen to over 100 CAE-designated schools, and information assurance professionals are much better prepared to tackle the cybersecurity challenges we face.
Dickie George, Information Assurance Technical Director within the NSA, discusses:
George began at the National Security Agency in August 1970 after graduating from Dartmouth College. He started in the Crypto-Math Intern Program, having tours in Research, the SIGINT Directorate, and the Information Assurance Directorate's (IAD) predecessor organization. Except for a tour in the Signals Intelligence Directorate (SID) and one at the Center for Communications Research in Princeton, he has worked in the IAD since 1973, and has served as the Technical Director of the IAD since 2003.
TOM FIELD: Hi this is Tom Field, Editorial Director with Information Security Media Group. We are talking today about the centers of Academic Excellence Programs and we are talking with Mr. Dickie George, Technical Director for the Information Assurance Director of the National Security Agency. Dickie thanks so much for joining me today.
DICKIE GEORGE: My pleasure. It's great to be with you.
FIELD: Now, Dickie, I understand that centers of Academic Excellence Program was started by the NSA, but is now administered by the NSA and the Department of Homeland Security, correct? GEORGE: That's correct. We have DHS on this, and I think it is good for us, good for the government, and good for the schools.
FIELD: Now as I understand it, you've had about 10 years of this program, and the program has grown from seven universities to 95. To what do you contribute this growth?
GEORGE: Well, actually it's grown to 106 universities and colleges, and I think there is a lot more awareness out there in the public about the cyber issue today, and this program addresses information assurance. Everybody, whether it's individuals, companies, industry vendors, you name it -- government academia -- we all need information assurance. This realization has really gone a long way towards driving this program. There are a number of reasons why schools have joined, and I think some of this is just word of mouth. Some schools see there are jobs available and they want to prepare their students for these jobs. Some schools need help in preparing the curriculum to really get their students to the point where they are going to be effective on the job, and we do provide that kind of aid. Almost all the schools we deal with, really, want to find a way for their students to serve the country, and I think this is an outstanding opportunity for them.
FIELD: Dickie, let's take a step back here just for a second and describe for us. if you could please, the core admission of the CAE program.
GEORGE: Well, the core admission is to look at the students that are being produced today to educate them to become future cybersecurity experts. It's a tough world out there, and there are a lot of adversaries that have access today that they didn't have 15 years ago. These students have to be capable of addressing the threats that these adversaries provide. You see everyday in the newspaper where credit card numbers are lost, there is fraud, there's identity theft. We need to have professionals who are ready to address those threats, and this program is designed to make the students aware of those treats and to give them the tools and the capability, the skills that they need to address those threats.
FIELD: Now I would like to talk with you about the benefits of the program in terms of the university and of the student. So for the university, how does the program distinguish a school's information assurance program?
GEORGE: Well, there is a set of criteria that the schools have to meet and that sets the schools up to be able to tell the world that they actually are a center of excellence as recognized by the US government. So that is benefit in itself. There are also opportunities for grants, opportunities for scholarships. The grants benefit both the students and the schools. We have conferences a couple of times a year where the schools get together and can work together on projects and programs. That sharing of information and ideas benefits everyone. The scholarship opportunities benefit a small number of students, but the benefits are significant. That preparation that the students get and the work that we get with the professors on the curriculum and the types of research that they are doing, it's all beneficial to everyone involved, and for us it's a wonderful opportunity to get some really talented individuals in here to do some very, very important work.
FIELD: Well that's a good point. You spoke about some of the student benefits, but how do you see that a student really is better prepared for a career in information security having gone through one of these programs?
GEORGE: Well, when you look at the programs -- and for me when I think about the type of programs -- they separate into two styles. One style is more theoretical, and one is very much hands on, and both are absolutely necessary. We need the purely theoretical results to try to address the major problems, but we also need hands-on training so that people are ready to come in and tackle the fires that we have today. Put those fires out. The training that we get that the students get in this program really allows them to come in here and it puts them a couple years ahead for us as far as being able to jump right in and tackle the kind of problems that we face on a daily basis. We see the results firsthand when the students come in and they are really prepared to do things that we weren't seeing students ready to do 10 years ago, and that is tremendous for us and we see it across the government.
FIELD: Well, that is excellent. Now let's go back again and talk about the universities. You've got over 100 universities involved in this program now. For a university that wants to become CAE designated, what are the expectations of this program for that school?
GEORGE: Well, I'm not sure of what any particular school would expect. I know I've talked to a number of professors, and some are excited about the guidance that they can get on developing an IA curriculum, because there is a lot of expertise that we have, and the kind of things that the students need in that curriculum is very much spelled out on the web pages. For others, they are looking for an opportunity to work with other schools to team, to share information, to be apart of a larger effort. Some schools are looking for an opportunity for their students to get the training to get the scholarships. We have summer internships, and we have a great scholarship program, but for all of them there is an opportunity to meet other professors that are as worried about the situation, the cyber situation that we have today, as they are, and to get together and address the big problems that are facing us and hopefully to solve some of those problems, at least to mitigate the concerns.
FIELD: Now you've had 10 years to watch students go through the program and go into their careers. What have you seen as some of the outstanding career paths of these students who have completed these programs?
GEORGE: We've seen every path imaginable. We've seen students that have worked through our government. Mischel Kwon is one of the graduates, and she was running CERT until just recently. We see several students have gone to become very strong researchers and faculty members throughout the country, and we see a large number of students that have gone to DHS and to NSA and are reading the efforts that we have in cybersecurity for the nation. In addition to the normal things that you think working at very, very large companies that deal with security and cyber across the country.
FIELD: So, you've got one decade under your belt with this program now. If you were to project into the future another 10 years, what do you think we can expect to see come from this program in the second decade?
GEORGE: I would like to see it expand, get more schools. We already have two levels in the program. We have the CAE and the CAR, which are research universities. We would like to see, more soon, we would like to see more collaboration. We need to get down to the community colleges, the two-year schools, so we need an expansion in the program. I would like to see an emphasis on getting to students earlier in their careers -- even to hit them in high school, not as part of this program, but as a preparation so they understand the value of this program in their future. Some of the things that we do when we talk to high school students is we try to explain to them how interesting the problems are, how important they are, and that there is future in being a cyber scientist beyond just teaching, which is important in itself, beyond just working for the government. There is an aspect of being a cyber-skilled scientist in every aspect of life today, and you can get this through this program, and you get there much better prepared than you do without this program. Educating all of the citizens of the country to the threat and how to address the threat is one of the key aspects that we need to address as a nation, and this CAE program is the best way we have to get those people out there who understand the threat and can help to make others understand the threat.
FIELD: Dickie, that is well said. I very much appreciate your time and your insight today. Thank you.
GEORGE: My pleasure.
FIELD: We've been talking with Dickie George of the NSA. For Information Security Media Group, I'm Tom Field. Thank you very much.