Newswise — As a U.S. Department of Energy (DOE) national laboratory, connected to the wide range of research across the DOE complex, Brookhaven Lab is part of the U.S. intelligence community. This role enables the Brookhaven scientists to contribute to intelligence work, but also makes the Lab a target for adversaries from around the world. These adversaries range from online grifters to nefarious parties sponsored by other governments looking to steal the Lab’s scientific data or gain access to the United States governmental infrastructure.

According to Michael DePhillips, who manages intelligence work at Brookhaven, one main strategy of attack is to seek vulnerabilities in the Lab’s computer systems. By predicting potential cyberattacks and preventing them from occurring, DePhillips has played an important role in protecting DOE’s assets at Brookhaven and across the complex.

“We protect the United States from active, persistent threats,” DePhillips said. “We would like to know who these people are and their motivations for the attacks.”

From 2010 to 2017—in his role as a cyber counterintelligence officer at Brookhaven—DePhillips’ primary strategy was to take a deep dive into any malware code that attacked the Lab’s computer systems.

“At that level of code is where you are going to figure out how to break into a machine and how to prevent someone from breaking into a machine,” DePhillips explained. By analyzing data produced from attempted cyberattacks, DePhillips could look for patterns and anomalies to figure out with some degree of probability and some degree of certainty how the attack occurred and who was responsible.

DePhillips was not always involved in cyber warfare defenses. In fact, he did not even know how to read or write code when he first came to Brookhaven as an environmental scientist in the early 1990s. His interest in writing code bloomed during his time in the environmental science lab where he first learned how elegant code could be. Ten years later, he honed his debugging skills by reading and understanding code for the STAR experiment, one of the large particle detectors at the Relativistic Heavy Ion Collider (RHIC), Brookhaven’s flagship nuclear physics research facility. Today, as director of the “Field Intelligence Element” at Brookhaven, DePhillips applies the Lab’s intelligence capabilities and strategies across the DOE complex.

Though these fields are seemingly unrelated, they are tied together by DePhillips’ passion and respect for code. His career trajectory showcases how skills, especially unexpected ones, acquired in various positions can have far-reaching impacts.

Back to the beginning

When DePhillips first came to the Lab in 1991, he was a self-described “young guy with long hair.” He was working in an environmental sciences lab studying how human actions, like pulling oil out of the ground, could negatively impact ecological systems in the Gulf of Mexico.

“Environmental science was the cool thing to do in the early nineties, but I was also quite inspired by it,” DePhillips recounted.

While many scientists were previously analyzing their data by hand, desktop computers were working their way into daily life. New software, like Windows 3.0—released in 1990— and early instances of Linux had the potential to increase efficiency in research labs.

“I was always drawing the short straw as the youngest in the crew and somebody needed to figure out how to make desktop computers work,” DePhillips said. “For early scientific computing, this was not a trivial process. You needed to know exactly what the machine was doing at each installation step.”

In addition to getting the new machines up and running, DePhillips figured out how to model probabilistic risk assessments for the environment, bringing a computational element to his field. That’s how he learned the beauty of writing code.

“My mentors showed me that code can be creative and rigorous at the same time, and I thought that was really wonderful,” DePhillips recalled.

After becoming a “reasonably good” coder, DePhillips took on a leadership role as a database manager for the Lab’s Environmental Services Division in 1997.

Working closely with computer scientists across the Lab, he heard that RHIC was looking to hire someone to work on their databases. He jumped at the chance to join this Office of Science user facility, where data are shared with scientists all over the world.

“Their databases were way cooler,” DePhillips said. “I didn’t have a physics background, but I knew enough for them to give me a try.”

Reading the Source Code at STAR

When he first joined the team at STAR, DePhillips learned that his boss had read every line of code in the physics libraries. This involved hundreds of thousands of lines of code. DePhillips was in awe, but also perplexed.

“I couldn’t understand why someone would read the source code when they knew that the software worked,” he recalled. “I figured it was like reading the fine print on a webpage. Most people just click through it.”

But as he learned, physics experiments require complex computer software that may not exist. Scientists often write their own code to conduct experiments and analyze data. These experiments are expensive to run, so any issues require a prompt solution.

“When there are no debugging manuals or websites to consult, the fix needs to be created in-house,” DePhillips explained. “This can only be done by digging deep into the code and fundamentally understanding how it works.”

On February 29, 2004, the computers at STAR stopped working for seemingly no reason after more than three years of normal functioning.

“Nobody knew what was going on. It was like a mystery,” DePhillips remembered. “But then I realized what day it was. This was the first leap year the computer systems had encountered.”

DePhillips and his team wrote a little bit of code that took leap years into account to get the computers up and running again.

“There was an immediate feeling of relief,” DePhillips said. “These seemingly trivial details, often not thought about until there is a problem, are indicative of the obstacles that come with using custom code.”

By solving such problems as a team, DePhillips said, “I learned a sense of community, a sense of camaraderie, and a sense of mission to the experiment at RHIC. That was not spoken, that was just palatable. We were in it together.”

Seven years of working on the STAR experiment—which reconstructs what happens in particle collisions by tracking the particles that stream out— gave DePhillips an appreciation for the idea of studying an event by observing its aftereffects.

“I had a notion that the work being done at RHIC could be applied elsewhere,” he recalled. While he was not actively looking for a new job, he approached conversations at the Lab’s cafeteria and job postings with an open mind.

“Next thing you know, I had an interview for a counterintelligence position at Brookhaven.”

Working in Intelligence

Protecting the Lab from cyberattacks is a large collaborative effort comprised of individuals with different roles. In addition to DePhillips’ work detecting vulnerabilities and finding attribution, there are people who work in operations to prevent nefarious parties from getting into the Lab’s systems, while others work as “hackers” to test the same systems by trying to get in the way an outsider would.

“I could figure out who our adversaries were and what they were up to through a combination of cyber security and intelligence information,” DePhillips said. “But I knew that code could automate this process.” He figured out how to apply his skills from RHIC to learn about cyberattacks based on their aftermath.

The code DePhillips developed to systematically find anomalies in computer systems was then used to build larger programs that could identify adversaries targeting the Lab. These packages had the potential to help the Department of Energy and the larger intelligence community, but to make what he was doing more widely available, Brookhaven Lab first needed to establish what is known as a Field Intelligence Element (FIE). This is an intelligence component of the DOE Field Intelligence Enterprise that provides products and services to DOE, the Intelligence Community (IC), and non-IC Federal agencies.

“I wanted to bring tools based in physics to the intelligence community,” DePhillips said. "We needed a FIE to do so in a secure manner, so I set aside everything else to build the FIE.”

It took in-depth applications, significant efforts to meet all the requirements, and a four-year trial-run period before Brookhaven had a fully established FIE. DePhillips is now the director.

Having a Field Intelligence Element at Brookhaven has expanded and adjusted the scientific portfolio to align with national and global intelligence needs. Scientists at the Lab can now work on developing tools that can contribute to counterintelligence work or study large data sets generated by the intelligence community.

“While we have a technical need for the FIE at Brookhaven,” DePhillips said, “we also have a moral imperative to contribute as a part of the United States’ governmental infrastructure.”

Though his day-to-day activities may be more administrative and less technical than they were in his past roles, DePhillips’ energy and work ethic are as strong as ever. He treats the rules of the intelligence community the same way he treated the code at RHIC: Reading the rules, or the code, provides a fundamental understanding of how things work and why they work.

Each day, he uses that foundational knowledge to direct his team effectively and in accordance with regulations, similar to the way he used knowledge of source code to troubleshoot issues at RHIC. 

“One of the wonderful things about working at the Lab,” DePhillips said, “is you always feel like you’re making a difference; you always feel like you’re contributing.”

Brookhaven National Laboratory is supported by the Office of Science of the U.S. Department of Energy. The Office of Science is the single largest supporter of basic research in the physical sciences in the United States and is working to address some of the most pressing challenges of our time. For more information, visit science.energy.gov.

Follow @BrookhavenLab on social media. Find us on Instagram, LinkedIn, Twitter, and Facebook.