Flying fighter planes and working as an operations expert for the Brazilian Air Force showed Paulo Costa the interplay between systems and cybersecurity engineering. Now, he has made it his mission to integrate the two in his work at Mason Engineering.
Costa, an associate professor in the Department of Systems Engineering and Operations Research (SEOR), came to Mason to earn his master’s in systems engineering when he was an active member of the Brazilian Air Force and worked on programming fighters’ electronic warfare suites. It was the Center of Excellence in Command, Control, Communications, Computing, Intelligence, and Cyber (C4I & Cyber) that drew him to Mason, and he has recently taken the helm as the center’s new director.
“I wouldn’t have ever imagined that I would become the director of the very center that brought me here. It’s amazing,” he says.
After receiving his master’s, getting his PhD in information technology, returning to Brazil in between, and rising through the ranks of the Brazilian Air Force, Costa decided to put away the air force pilot wings and come back to Mason as a research faculty member. Within one year, he was invited to join SEOR full-time and more recently received tenure. But it was his experience in the Brazilian Air Force that showed him how systems played a role in cybersecurity and vice versa.
“When I was a lieutenant, I flew a very simple fighter airplane, but then I was assigned to the most complex airplane in the Brazilian Air Force and that fighter had 39 computers. Nowadays you go to an F35 and you will find a lot more, all very tightly integrated. That is what brought me to the world of systems engineering. I wanted to figure out the navigation system, defense system, hydraulics, and how all these parts work together.”
His fascination with these connections made him realize there was an essential correlation between systems engineering and cybersecurity.
“Some people have the view that cybersecurity is specifically a computer science problem,” he says. “But cybersecurity is a much broader problem that requires robust systems engineering thinking.”
Costa says this misconception of cybersecurity as a one discipline problem has pushed him to urge people to look at cybersecurity from a multidisciplinary perspective. “If you are a chief information officer of a company, you shouldn’t just be worried about networks and internet connections.
“There could be attacks in which rogue actors are embedding compromised components into your supply chain or a number of attacks performed outside of your company’s network or internet connection,” says Costa.
Technology has grown more complex and enabled major advances, but the same tight integration between cyber and physical components that enabled these advances also introduced vulnerabilities across the cyber-physical systems and its interconnections.
“No serious company can afford to treat cybersecurity specifically as a network or computer science problem,” he says. “Cybersecurity must be seen as a first-class consideration from the earliest design phases of a system, versus an afterthought once the system is ready.”
Costa says he hopes to bring this multidisciplinary approach to the center. “I hope we can bring together new people in Mason from different fields,” he says. “This center is like no other in the United States, and more people should be a part of it so that they can see how interconnected it is.”
“Dr. Costa has brought tremendous recognition and visibility to our department,” says John Shortle, chair of SEOR. “He has leveraged his research in data fusion and cybersecurity to develop new courses that have been vital to keeping our systems engineering curriculum at the leading edge of the field. Dr. Costa exemplifies the role of a systems engineer as a leader who brings together diverse disciplines to tackle big problems.”