On an episode of Mr. Robot, the good guy hacks into a data-storage plant’s HVAC system and raises the temperature enough to start a fire. He does it by attaching a credit-card-size computer called a Raspberry Pi, which is a real thing that exists outside of TV, to the facility’s thermostat system. This may seem like something a bad guy would do, but the world of cybersecurity—and, frankly, the show—can be confusing.
And if you think it sounds far-fetched, you should see what researchers are working on at the Hume Center for National Security and Technology, on Virginia Tech’s Ballston campus.
“The perspective we’re taking is that you can’t build a perfectly secure system—it will be compromised at some point,” says professor Ryan Gerdes, tucking his chin-length wavy hair behind his ears amid a maze of projects in the Cyber-Physical System Security lab. The windowless facility—no bigger than an average bedroom—is crowded with screens, wires, and servers, plus more expensive stuff such as 77-GHz automotive radars (the kind that can detect collisions), waveform generators, and oscilloscopes that add up to $400,000.
Gerdes points to a thin line moving across a small display, similar to an EKG reading. It’s attached to a computer the size of a SIM card, which is mimicking the inside of a car. Gerdes and his students are trying to invent a method of detecting a “compromise” in a self-driving car, much as antivirus software does for your laptop. Another student is exploring how to bring down a drone in a “coordinated” way if it violates airspace restrictions—i.e., land it rather than shoot it out of the sky. “It sounds like a Bond-villain weapon,” says Hume Center director Charles Clancy, but it’s for the purpose of good: hacking the drone the same way a bad guy might hack a car. A third student is investigating how a smart building might resist Mr. Robot’s HVAC attack.
These are the kinds of projects that some Virginia lawmakers are hoping to expand with the funding of CyberX, an initiative aiming to increase higher-ed opportunities in the state and, eventually, fill some of the 42,000 open cybersecurity jobs in the Washington area.
In January, Virginia House delegate Chris Jones invited Virginia Tech president Timothy Sands to propose a “cyber moon shot.” The president told Jones the university was already on it, developing a network of faculty entrepreneurs through the center’s research. The faculty-led start-up Federated Wireless, for example, completed its B round of funding last year, bringing in $76 million in venture capital, with grad students going on to be employees. While that was one of eight start-ups to come out of Hume in its eight-year existence, Sands thought it would be terrific if it could scale up faster and team with other Virginia universities to bring in more industry partners.
Jones asked Sands to rough out a concept paper—“the first all-nighter I’ve pulled since college,” says Sands. A few weeks later, CyberX appeared as a $50-million line item in the Virginia House’s proposed budget. Ten million would be set aside for establishing a cutting-edge shop in Northern Virginia; another $15 million would go toward hiring research faculty, building entrepreneurship programs, and developing educational programming at the new hub.
Focusing on developing technologies that have a natural pipeline to the local market is an idea that DC innovation consultant and investor Jonathan Aberman agrees is smart. “What’s not appreciated is that technologies like Siri, videoconferencing, and GPS largely happened because of scientists and agencies located in the DC region,” Aberman says. “Most of the technology that makes your cell phone useful wouldn’t exist today. Let other regions create ‘Facebook for Cats’—we should be leading the nation in cybersecurity, biohealth, and advanced software.”
Clancy says that cyber is one of the areas in which public- and private-sector interests are aligned. A technology that begins as a Navy contract, for example, could go on to broader commercial success.
Says Sands: “What you used to think of as a cyber problem—like getting your e-mailed hacked and the data dumps of private info being made accessible—is still important, but the issues have grown to the point where we’re talking about the whole of the country’s physical infrastructure being at risk.”
If the state doesn’t fund CyberX, Sands says, Virginia Tech still plans to pursue the initiative, though more slowly and with additional private partners. The state-funded cybersecurity accelerator Mach37 and Virginia Tech’s well-regarded online master’s degree in information tech—ranked number two by U.S. News & World Report—have already put Virginia on the map, but Sands says that’s just a start: “We want Virginia to be the center of the universe when it comes to cyber.”
This article appeared in the May 2018 issue of Washingtonian.