When people say someone “wrote the book on it,” Rich Owen really did do that.
Owen, a legend in the field who was at NASA during the heyday of the shuttle program, wrote the “pink book,” a document that was the original cybersecurity standard for Mission Operations at NASA’s Johnson Space Center in Houston.
“In cyber, the amazing thing is, the cyber equivalent of the very beginning thought-leaders – the people who shaped history as it unfolded – are available to us,” said Michael Manrod, adjunct faculty at Grand Canyon University and chief information security officer at Grand Canyon Education. “And one of those iconic people is available to us tonight.”
Owen, that cybersecurity icon, spoke recently at a meeting of the Threat Intelligence Support Unit, a group that offers a semesterlong cybersecurity training program designed to help anyone who’s interested take their first steps into the field. Manrod and his team developed the free program, supported by Dr. Pam Rowland, associate dean of GCU’s College of Engineering and Technology.
“I have a lot of war stories,” said Owen of his days in the military and NASA, though his history-rich talk covered a wide swath, from fellow technology thought-leaders to his worries about artificial intelligence.
Owen, who also gifted Manrod the U.S. government’s “rainbow series” of computer security manuals evaluating trusted computer systems, never envisioned himself becoming one of the architects of cybersecurity.
“My childhood dream, obviously, was not to become a CISO (chief information security officer). In fact, my dream started in 1962, when John Glenn guided Friendship 7 and flew around the Earth; I wanted to be an astronaut.”
But that dream wasn’t to be.
Owen, who joined the Air Force ROTC at Virginia Tech, studied aeronautical engineering so he could become a pilot. But he wore glasses, and the summer after his freshman year, the military told him: “You’ll not fly our planes.”
He said, “At the time, there was no degree in computer science, so I lost my goal,” though he found another one.
Instead of being drafted into military service for the Vietnam War, he enlisted and served in the Army Security Agency, which collected electronics and signals intelligence for the National Security Agency.
He worked as an electronic warfare and electronic counter systems repairman, “which means I fixed anything," he said. He repaired computers, transmitters and radios by replacing a tube or transistor.
Owen learned to program in Fortran, COBOL (using punch cards) and RPG – and built a computer based on the 8080 chip, revolutionary microchips that significantly boosted the rise of personal computers. He also built a computer using a Z80 microprocessor, which powered early computers.
Using BASIC, he remembers writing an echo program, a simple program that displays back to the user what it has received as input, and he showed this amazing program he created to his wife.
“I started it up and it said, ‘What is your name?’ She typed in ‘Joy,’ and it came back and said, ‘Hi Joy!’ And she said, ‘What else does it do?’”
“I said, ‘You don’t understand. I can tell you where every electron is flowing … every piece of code.' … She wasn’t impressed.”
After a decade in the military, Owen entered civilian life and was contracted as a data control engineer at the Johnson Space Center’s Mission Control Center before moving up to the engineering team.
“I was there for the launch of the first shuttle,” he said.
At Mission Control, the team oversaw a mainframe computer, as well as a dynamic standby computer powered by a separate source.
“All computers in the Mission Control Center, even to this day, are powered by two sources," he said.
In the shuttle itself, five computers were onboard. Three of the four had to agree before a command could be executed, Owen said. The fifth computer was loaded with a special program and had a separate power source.
“That computer was the get-me-home computer. That’s all it was there for,” he said.
When Owen moved from contract work to becoming a full-fledged NASA employee – his senior director was Gene Kranz (played by Ed Harris in the film “Apollo 13”) – one of his first big projects was to create a security program.
“We were starting to get concerned. Viruses were becoming real,” he said of early computer viruses like Michelangelo, one of the first to cause a widespread public scare.
"I'm concerned that we're going to use this (information from AI) and depend on it so much that we're not going to question the wrong answer it gives us."
Rich Owen, author and retired NASA computer security official
Some of the first pushes to secure the nation’s computers came at the National Computer Security Conferences he attended in the late 1980s and early 1990s, where he met industry bigwigs like Cliff Stoll, a systems administrator at Lawrence Berkley National Lab. Stoll’s investigation led to the capture of hacker Markus Hess, believed to have hacked into 400 U.S. military computers (documented in Stoll’s book “The Cuckoo’s Egg”), and Robert Morris Sr., principal architect at the National Security Agency.
He shared with students briefings he attended based on the “orange book,” the centerpiece of the government’s data to assess the security of computer systems.
And he spoke about cybersecurity models such as the Clark-Wilson Integrity Model, which focuses on data integrity by ensuring only authorized transactions can modify data, and the Bell-LaPadula Model, used to enforce access control to government and military operations.
“These are the fundamental building blocks for something you may have heard of – Zero Trust (a security framework centered on the principal of never trusting and always verifying information). … Our present day wasn’t built today,” Owen said.
At one point in his NASA career, he was asked to create requirements for people to build on in maintaining the space station control center at the Johnson Space Center. His requirements were that the contractor must demonstrate good security, not just compliance with "at standard."
Owen’s security standards for NASA would become known as “the pink book” throughout the organization – a color chosen by his assistant, who thought it would be a funny color for a serious book about security and technology.
“All my stuff was based on risk management,” Owen said. “… If you have two geographically separated mission-like critical computers, the connection between those two computers shall be encrypted. Easy! Makes sense.”
This program led to an award from the NASA administrator for avoiding more than $25 million in costs and the Silver Snoop award, which is the only award given by the astronauts.
Owen, in his career, also would work in data security for the Galveston County Office of Emergency Management, the Texas Office of the Attorney General and Dell, to name a few. And he’s authored several books, including “Your Personal Information is At Risk” and “The Alchemy of Information Protection.”
His advice for students: Get involved with industry organizations. Ask a leader in the field what you can do to help. Get a mentor. Be a mentor.
He spoke a little about artificial intelligence, too, something he’s concerned about. Growing up on the technology side of things, he said, he knew how things worked. With AI, he can’t open something and say, “This goes here.”
“My concern is that nobody cares to verify it and would go ahead and use it,” he said of information gathered from all reaches of the internet, whether true or not. “… I’m concerned that we’re going to use this and depend on it so much that we’re not going to question the wrong answer it gives us.”
He also told students, when you can’t become a pilot – or whatever it may be – “You should have a goal. You should figure out where you’re going but be able to modify the goal as life hits you. …
“It’s up to you guys. I’m history. My safety depends on you guys capturing the world and making it safe for me.”
Manager of Internal Communications Lana Sweeten-Shults can be reached at lana.sweetenshults@gcu.edu or at 602-639-7901.
***
Related content:
GCU News: International security association recognizes GCU for cybersecurity excellence
GCU News: Cyber program earns prestigious National Security Agency Designation
GCU News: Support for women in engineering, technology STEMs the gap
