By Amy Schwartz, photos by Kaori Funahashi
John Lehr, an evidence technician for the San Luis Obispo Police Department, has worked in California law enforcement for 28 years. He knows firsthand the emerging challenges of cybercrime because he’s one of only a few members of law enforcement on the Central Coast who handle computer forensics and digital evidence.
“Most people’s cell phones are smartphones, which means every person walking down the street has a computer in their pocket,” says Lehr. “Every year, the amount of technology we use increases, and the amount of data we have is more readily available, yet in all my years, I’ve seen a decreasing number of officers capable of dealing with it.”
In a unified response to this growing threat, Cal Poly is partnering with the California Military Department and the California State University system to develop a unique new cyber training program at the California Cyber Training Complex (CCTC). The program, supported by numerous key state agencies, aims to serve the needs of California’s present and future cyber workforce. The novel partnership between academia, industry and government offers immediate opportunities to local law enforcement, military personnel, and even Cal Poly students to help California better protect its citizens.
A System Underequipped
Lehr’s experience is pretty common for law enforcement across California. Even though California is the leading target of cyberattacks in the United States, it’s not unusual for police departments to lack the resources and budget to properly train officers in digital forensics techniques.
“The landscape of collecting, preserving, investigating and prosecuting both cybercrime and conventional crime involving mobile computing has dramatically changed during the past five years,” says Lee Cunningham, assistant district attorney for San Luis Obispo. “We need access to cyber training across the full spectrum of first responders, investigators and prosecutors to keep up with the bad guys and to effectively communicate cyber evidence to judges and juries.”
As law enforcement across the state has struggled to create a plan for battling cybercrime, the California Military Department has also found itself seeking to address the critical need for cyber training. In 2015, the Department of Defense called for the National Guard to support the implementation of specialized Cyber Protection Teams (CPT), which are intended to assist states in the protection of critical infrastructure. This can only be accomplished through coordinated training across multiple jurisdictions taking place in dedicated facilities. Without access to standardized training and broad information sharing, California’s cyber defenders in both military and law enforcement have tread into uncharted territory.
Building a Solution
Sitting barely five miles up the highway from Cal Poly’s campus at the California Military Department Camp San Luis Obispo, the CCTC will be home to an academic training center, cyber forensics lab, field training complex, test range and experimental laboratory. The location of the complex at Camp San Luis Obispo is almost serendipitous. Right in Cal Poly’s own backyard, this top-flight facility is readily available, it serves as home base to the CPT, and thousands of first responders already train there every year.
In addition to providing desperately needed training to thousands of law enforcement personnel and supporting the National Guard’s CPT mission, the CCTC serves as an extended Learn by Doing space for Cal Poly students, where they can explore new cyber technologies and train and test tactics side by side law enforcement professionals and cyber forensics experts. The program offers an environment for cyber defense innovation through advanced study and basic and applied research on emerging issues and technical challenges, helping to shape California’s cyber standards and practices. In collaboration with Cal Poly’s Cybersecurity Center, this innovative, hands-on learning approach will help Cal Poly develop day-one- ready experts in cyber technologies and systems.
Another key part of the complex’s mission is to facilitate cybersecurity knowledge creation and transfer across the entire state. This will be accomplished in part through the California Cyber Forensics Learning Environment (CCFLE), which is set to go live in February. The secure online community will allow law enforcement, prosecutors, and those working in digital forensics incident response to interact with one another, share information and resources, and take courses remotely.
Cal Poly professors Brian Beaton from the College of Liberal Arts and John Oliver from the College of Engineering are currently developing curriculum for the CCTC and conducting crosscutting research on social, technical and workforce challenges, while the university’s Information Technology Services (ITS) provides business and technical support to get the complex fully operational.
Into the Future
In November 2016, CCTC hosted its first cyber forensics training class for first responders from 13 local agencies, including the San Luis Obispo County Sherriff’s Office, San Luis Obispo District Attorney’s Office, and the California Highway Patrol. During its first full year of operations, the complex is expected to train more than 1,000 students.
The CCTC will get the chance to unveil its progress in June, when it hosts the annual California Cyber Innovation Challenge, a statewide demonstration event in which teams of high school students compete in a series of timed cybersecurity challenges.
Lehr, who has been an active participant in the CCTC since its inception, has already spent the past few months working part time out of the fully operational Central Coast Forensics Lab at Camp San Luis Obispo. He looks forward to sharing the space with fellow law enforcement, military personnel, and students in the months to come. “We’re going to have computers, software, a collaborative area where there’s investigation, research and development happening. This will allow us to go forward and face the challenges of the future,” says Lehr. “If I can process evidence faster, I can do more to protect the citizens of this city.”