Last week, Carnegie Mellon University in Pittsburgh became one of the latest -- and most prestigious -- schools to partner with the National Security Agency on a program designed to recruit young cyberspies.
The NSA has run this “cyber operations” program since 2012, working with Northeastern University, Dakota State, the University of Tulsa and the Naval Postgraduate School to design curricula that match the agency’s intelligence and infrastructure needs. (CMU, the Air Force Institute of Technology, Auburn and Mississippi State joined last week.) The purpose, says Carnegie Mellon’s Dena Haritos Tsamitis, is to shift capabilities from “cyber defense” to “cyber offense.” It’s also to funnel the next generation of analysts and hackers directly to the NSA, CIA, Department of Homeland Security and other government agencies and contractors.
To be clear, the NSA doesn’t teach these classes or dictate what faculty members teach, but schools compete fiercely for NSA certification. Federal agents also suggested topics and methods directly to professors as part of the certification process, Tsamitis said, and students have the opportunity to work with the NSA during summer sessions that require them to become short-term employees and obtain top-secret security clearances.
At CMU, aspiring government hackers, programmers and cybersecurity analysts start out with basics such as "fundamentals of telecommunications networks" and "introduction to computer security" before moving on to courses in mobile security, operating systems and Internet services. All students also take a class on "applied cryptography" during their second year, which covers both how to encrypt digital information and how to crack encrypted signals.
That mirrors the cyber ops program at Northeastern, which, unlike the Carnegie Mellon program, is open to undergraduates. Computer science majors there study theory, programming languages and other basics before five cyber ops-required classes: one on network architecture, three on network and software security, and one on the fundamentals of radio, wireless and cellular networks.
Are there any big surprises here? Probably not. But given the ongoing scrutiny of the NSA -- and the time bomb that is the United States' waning dominance in tech and science education -- the subjects the agency pushes at its “cyber ops” centers seem relevant. Consider, for instance, the fact that Carnegie Mellon’s digital privacy class is an elective, or the fact that digital surveillance rarely comes up at Dakota State’s “hacker lab.”
“I haven’t heard many people talk about it at school,” said Darius Garvin, a 28-year-old graduate student in DSU’s cyber ops program. “It doesn’t seem to faze them. It might be understanding the technology involved … it doesn’t surprise security people as much as the rest of the world.”
He adds, a little giddily: “I mean, there are possibilities in the technology no one’s exploited yet.”