Meet the Scientists is an Armed with Science segment highlighting the men and women working in the government realms of science, technology, research and development. The greatest minds working on the greatest developments of our time. If you have someone you’d like AWS to highlight for this segment, email Jessica L. Tozer at email@example.com.
WHO: Dr. Sunny Fugate. Originally from Elko, Nevada, which is (I’m told) famous for its cowboy poetry slams. Received his doctorate from the University of New Mexico. Dr. Fugate is a SSC Pacific visionary, engineer, scientist, and innovator with more than a decade of experience as a researcher for the US Navy. He’s a cutting-edge cyber defense theorist confronting a “Wild West” of technology and the Internet.
TITLE: A research engineer for the Network Warfare Branch in the Information Operations Division, Fugate’s research interests range from the e-Glove and visual communication theory to biologically inspired cyber defenses. He is even exploring three-dimensional printing and rapid prototyping as a hobby.
MISSION: Referred by some as a “cracker-jack” scientist, his interests and research span interdisciplinary fields of human-machine interfaces and interaction devices, cognitive science, artificial intelligence, computer security, secure and anonymous communication, data visualization, language and semantics, and novel visual and iconic communication strategies. Say that ten times fast.
Tell me a little bit about yourself and your position.
“I started at SPAWAR 12 years ago, right out of undergrad. I quickly found myself gravitating away from my degree field of electrical engineering more specifically, and gravitating toward basic research and software engineering. I’ve got two kids, a five year old and two year old; they are also advocates for the world of science and engineering, so we build lots of robots and do lots of experiments at home. Growing up I had that same kind of relationship at home with my dad and we did lots of ad-hoc experiments. My dad is not a scientist but he has a scientific mind. I feel that it is incredibly important to try to be innovative and to try to think a little differently because that is when you find unexpected results. If you’re good enough at it you can even get paid to do cool stuff.”
What is your role in developing cyber defense programs?
“Back in 2004-2006 or 2007 and I worked for the advance technology unit [at what is now Cyber Command]. We worked with different agencies to identify current security problems, and then worked to find suitable solutions. Lately, I’ve been trying to think about what we should do next to protect our computer systems. None of our computer systems are really secure. We all sort of pretend that they are, but it’s more like locking your doors and pretending no one can get in your house.”
“There are lots of ways of breaking the locks on computer systems. We spend far too much time dumbly replacing locks and not nearly enough performing new research.”
“I am an ardent advocate for any kind of research in the field of Cyber security. During the last couple of years I have participated in over 20 proposal efforts and submitted several patents and papers. I am also a researcher. I spend most of my time poking around hard security problems such as the one I am currently working on. I’m looking at how to diversify software programs so we can all run the same software without all sharing the same vulnerabilities. Right now that is a huge problem for everybody, not just the DoD.”
So we’re all running clones of the same computer, so to speak.
“It’s as if we all shared the same immune systems. If one of us is able to get a virus, all of us are able to get a virus. This is how our software currently works, which is really terrible. We have a few techniques that we developed in-house and have partnered with some DARPA performers who have developed some really clever methods of diversifying software to make it more resilient.”
Let’s talk about your Stochastic Compiler Hacks as Software Immunization Mechanisms, or SCHSIM project. So what is the goal or the mission of this project and what do you hope that it will achieve?
“The goal is to be able to give everybody an individually unique copy of a piece of software. Being “unique” in this case doesn’t mean the functionality will be different, the functionality will be identical, but the internal structure of the software will be shuffled to make it impossible to attack. You probably run some kind of word processing software like Microsoft Word or Pages. Right now that software is exactly identical to a copy that I would run if it was the same version. So what our goal is to be able to distribute unique programs for each computer.”
“It is kind of like playing a game of solitaire. We’re all handed card decks, but they’re all exactly in the same order. What we are really just doing, in a simple metaphor, is shuffling that deck before we hand it out.”
Why is it important for the military to have this cyber security technology?
“The military runs one of the largest computer networks in the world. There has been a huge push in the last ten years to make the system cheaper. Generally, this means that more centralization has been the push. Centralized control, centralized distribution, and centralized management. We’ve got millions of computers running identical software all over the world. This means we have ever larger the surfaces vulnerable to attack. It is becoming more and more costly to pick up after the fact [if disaster strikes]. We are talking about tens of millions of dollars to recover from one of these events.”
What do you think is the most impressive or beneficial thing about your work and why?
“I think the biggest benefit is to change the perspectives of policy makers; to think of security as something that is best done in a completely decentralized manner. If we embed security in systems – and make that security mechanism independent of any central authority – we can truly have something that an adversary can’t use against us. That is exactly our goal; to make security mechanism as robust as possible by making them completely decentralized.”
It’s like you’re giving computers their own DNA sequence.
“Yes, giving them their own unique sequence. So that each has only a limited and unpredictable set of vulnerabilities. It is only because we are doing things in a randomized way that makes this work. We have to be unpredictable. We have to use random choice, random chance.”
“It sounds odd when you hear it, but if we provide a fixed guarantee of the security of our systems then an adversary can use that guarantee against us. Being unpredictable is key.”
What do you mean when you say we exist in an era that is at the frontier of the “Wild West for cyber”?
“We really do live in an era where we need everyday cyber weapons, like the small arms that you might carry to a frontier. Currently, our everyday cyber weapons are not very sophisticated and they are not very intuitive. You kind of have to be the hacker type to understand most of them. We all have one weapon that we can always use, but it is like the nuclear option. I can always just turn off my computer or unplug it from the network, but this is unacceptable. We can do better.”
Can you give me an example?
“I have a friend who is not very tech savvy, and [their technology] almost always has some type of infection. They are disabled because their computer is trying to be automated, trying to protect them in the dumbest way possible and it is because no one has any tools. No one has handed it to them and said, ‘Here’s a cyber-weapon that you can that you can use to protect your home system. Here is how you use it.’ The same way that if you were a frontiersman someone would say, ‘You better be able to use a rifle so here’s a rifle. We are going to show you how to use it and show you how to protect yourself with it.’”
Are you working on any other projects right now?
“I have worked on a lot of very interesting things at the center. Early in my career, one question I was asked to work on was how you might represent things in the cyber domain so that people will have a better intuition about it. If I have a network security analysis working at a Navy operations center, how do they get intuition about the network and security events? We are usually looking at plain-text representations of network communications, and this is really hard to do. So we spent a few months generating different prototype visualization approaches and iconic language approaches.”
“What we eventually developed combined elements of visual linguistics with an electronic glove that can capture gestures and turn it into icons. You can make a gesture and then an icon will pop up on someone’s display. That is one of the other efforts that I am passionate about.”
If you can go anywhere in time and space, where would you go and why?
“I think I would want to go someplace where the human life span expands to an indefinite period of time. I really don’t think that we know what humans are capable of doing or thinking or achieving because our life spans are so short. I don’t know when it would be but, I would like to see what people are capable of if they are able to live hundreds or even thousands of years.”
Thanks to Dr. Sunny Fugate for contributing to this article, and for his contributions to the science and technological communities.
Jessica L. Tozer is the editor and blogger for Armed with Science. She is an Army veteran and an avid science fiction fan, both of which contribute to her enthusiasm for science and technology in the military.
Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense of this website or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DOD website.