On July 5th, 2019 Mike Assante decided it was his time to leave this world and shuffle off this mortal coil. I say decided because as I would learn from Tim Conway, Mike didn’t want to die on July 4th because it would ruin the festivities of the holiday (he was deeply patriotic) and he didn’t want to die on July 6th which is his wife’s birthday. So essentially Mike chose the 5th. That’s the kind of stuff we make up about people to pretend they’re a badass, but that was just another true story and small feat by Mike. Mike didn’t lose his battle to cancer, he kicked its ass a decade ago, it came back, and he told it “no you’re going to wait your turn.” That’s as much winning as can be had.
A lot has been said about Mike and a lot will continue to be said by many. The mere fact is he impacted an unreal number of people and we’ll all spend years figuring out how much stuff he actually did behind the scenes. I don’t pretend to be able to offer unique insights or thoughts, I only know that this blog is therapeutic for me and hopefully one day useful to his kids. In the military they train you pretty early on that if one of your buddies dies in combat you are suppose to capture your thoughts and write them down. The therapy of this is important but it’s the memories and stories for the kids that are the most important. To see their loved one through someone else’s eyes. I feel some solace in knowing that Mike’s family will have letters and memories to read that could fill books worth of exciting tales most that seem to be something out of fiction.
So here’s my therapy and contribution to the stories.
Mike was everything to me. I never could place what he was exactly. Part father like, part brother, part mentor, part brother in arms, part best friend, and part inspiration. I have never been impacted by death. It sounds odd to say it, I have confided in my wife that I think I’m a heartless person or maybe just ultimately at peace because I’ve lost friends, family, and military brothers before; and not once did I ever cry. It didn’t really impact me. I know it sounds odd, I can’t explain it. But I don’t even go to funerals not because it’s too hard but because I look like the odd one out while everyone else is sad and I’m just moving on. It sounds all sorts of screwed up to say out loud which is why I always avoid the topic altogether. But since Mike got sick again I have spent more nights crying than I can count. This is one of those blogs you cry-type and then realize you have to delete most of it because you made a bunch of mistakes through the tears. Mike was unique. In our last call together he and I talked of the future and what he wanted to see for the community and I sought guidance on my own path and how to honor him (I tried to stay away while Mike was sick, his time with his family was most important, but I felt the need to be selfish at the end and steal some of his time). We talked for awhile until we both started to break down in tears so we abruptly hung up on each other. I cannot put into words how much this hurts. I only know that feeling this way feels selfish when I think about his wife and kids and how they feel now.
Mike had more of an impact on me than any single other person. I remember in 2011 I gave my first public conference talk, it was at Joe Weiss’ ICS Cybersecurity Conference (WeissCon). I was doing some unique things in ICS security at the time not only focusing on finding new threats but at the time also looking at remotely piloted aircraft and the control systems on them, satellites, and some other interesting stuff. At the conference Mike came up to me and we chatted about what things I was seeing. I thought they were unique at least. Mike of course was always about 100 miles ahead on any topic you wanted to talk about “hey Mike did you know there’s $x equipment on $weaponsystem” and he’d listen and brainstorm with you even though he’d not already known but the reason you were working on any given project was likely he mentioned its importance to someone before. (As an aside, I always thought I’d one up him, I’d brief the White House and brag to him “oh did you see John?” he’d casually say about some ridiculously high ranking person. I remember I thought I had him when I testified to the Senate and was invited to some closed planning sessions, as I bragged to him “oh did you see Lisa? Tell her I said hi” he’d say about a sitting US Senator. Or I’d be invited to some highly classified special access program to work on something important only to find out it existed because Mike had told the USG it was something important to do. Mike could *not* be one upped. Ever. He was always ahead of you, period.) We chatted about the problems of the ICS security community. At the time I was in a weird and alone place in the USG. I didn’t have mentors on this topic or others looking at ICS security. I know the Air Force and National Security Agency were looking at ICS but my focus was on finding the threats targeting ICS, not vulnerabilities and hardening the systems and not, at the time, targeting them. No one in my government circles was doing this and we didn’t even have a name for it then. But Mike not only spoke my language, he knew how to encourage me. We opined about the threats together and what could be done as well as what needed to be done. He and I both settled on the need for education and training. I told him one of the hardest challenges I had in the military and intelligence community was having any sort of structured onboarding or training for folks to pick up these skills. Mike talked to me about SANS and the need to do something there. That conversation would then be carried out in emails and conversations here and then until he finally convinced me to do something about it.
In 2013 Mike convinced me to come share some thoughts at the SANS ICS Summit to take place in the following spring (March 2014). I didn’t feel I had a lot to share. Anything good was related to targeted cases of ICS threats and what we were doing at the NSA to counter them; couldn’t exactly put that into slides (I wouldn’t ever disclose I was at the NSA until post Snowden leaks and a Russian group piecing together enough metadata to call me and a couple others out publicly, no use denying it at that point). I had written a book titled SCADA and Me and Mike wanted me to come talk about that and how to talk to people about ICS security. In the Air Force pretty much every flag officer is a pilot; if you can explain it to a pilot you can explain it to anyone. So I made one of the all time horrible presentations on educating your management about SCADA security. For whatever reason it was a hit but I attribute that to the fact that for half my presentation Mike and I just called out to each other, him from the peanut gallery and me on stage, making fun of each other (him for being in the Navy of course, an inferior choice in life). It was there that my life truly changed. Every path I would take from that moment was an offshoot of the one he put me on. He made sure I was properly introduced to Andy Bochman, Ben Miller, Tim Roxey, Tim Conway, Marty Edwards, Bill Lawrence, and others. I want to say we had crossed paths before but not like this. Tim Conway, Mike, and I sat in the corner and talked about that 2011 conversation I had with Mike and what was needed. They asked me my thoughts about ICS410 which I thought was a really useful class to the community but not what I needed for folks going onto my mission. I had by then really fleshed out the ICS threat discovery mission at the NSA and had led it for long enough now I had a decent grasp on the skills needed. It was a mix of threat intelligence, discovery/hunting, malware analysis, and incident response skills. Mike and Tim convinced me I needed to make a class for SANS since it didn’t exist. Of course they failed to mention just how hard that is or how much time it was going to take “oh you’re an active duty officer? Psh you’ll have time good luck man.” I pretty much gave up the next 7 months of my life while I was under the impression that this shouldn’t take long and I was somehow a slacker for not being done yet. As a young officer stationed in Germany I should have been traveling and getting drunk (more); instead I was building ICS ranges in my basement with parts from Ebay.
There were so many things missing from the space though on this topic. Every time I wanted to talk about a topic and looked for foundation material I found it missing. So Mike and I spent so much time together brainstorming so we could come up with models and foundation content to build what 515 needed to be. One of the efforts we’d work on was the ICS Cyber Kill Chain where we discussed what ICS cyber attacks really looked like. There was a sense of optimism in the paper on how ICS ends up being some of the most defensible environments in the planet. But we also captured some of the thoughts to paper we had previously only discussed over too much whiskey; we both would always quietly confide in each other that the community wasn’t ready for what was about to come. As an example, somewhere around the time the CEO of NERC (Gerry) made a comment in a testimony to Congress that a power outage could only really last a few hours, maybe a couple of days, that in his estimates he “couldn’t imagine a cyber attack taking down electric power for more than 2 weeks.” I remember Mike and I texting back and forth during it “Sorry Gerry the adversary is unfortunately not limited by your imagination.” Of course Mike was nicer than I was but it was fun as we proceeded to meet up and talk about how we’d take down the bulk electric system in key locations and how long we could do it for; not simply high level theory but what exactly would we do. We figured we could get to about a month of down time across major portions of the grids. We thought about the same for oil and gas infrastructure and designed, in theory, some attacks against SIS that would facilitate loss of life and damaging of key infrastructure. It was through this that we could think about what we would defend against and how and what it would take; the ICS Cyber Kill Chain paper hinted at the scenarios we discussed very lightly (you don’t want to give an adversary a playbook on how to be evil, most of them aren’t as smart as you think) and a lot of what we put into play March 2014-October 2014 was meant to be forward looking for years without the expectation we’d see these types of attacks for a long time. (Little did we know)
The SANS ICS515 class debuted at GridSecCon in San Antonio, Texas. What I didn’t appreciate at the time was Mike set me on a path where I’d have to make changes in my life. The amount of work SANS ICS515 required as well as the number of times it needed taught was significant. But the real impact was that having that class propelled me into a very hungry community looking for those with experience especially on the “threat” side of ICS security where up and to that point the broad discussions were mostly on vulnerabilities. I spent all my leave (military vacation time) in various companies’ ICS and teaching ICS515. Every week was a conversation with Mike and what needed done. I grew up in a military family. My mother and father are both retired Senior Master Sergeants (E8) in the Air Force. The Air Force is all I ever wanted in life. But Mike gave me a mission that the USG couldn’t compete with not with all the accesses and capabilities and camaraderie in the world. It was a mission to change the community, educate them, empower them, and protect civilization. He set me on a journey that would have me leave the military; it wasn’t his intention but the experiences I was gaining came in direct conflict with what the military wanted me to do after I left the NSA and went “back” to the Air Force doing an offensive mission under CYBERCOMMAND. It put me at odds with the mission and where I saw my contribution to the community. I knew I had to get out.
With the knowledge I was leaving the military I felt comfortable proposing to my girlfriend. We’d get engaged at the SANS ICS Summit in Disney World in March 2015. It was Mike that pep talked me before I proposed. I would leave the military the last day of August 2015. As I teared up as I drove off the base for the last time it was my father and Mike that I called. Now, as a free agent, I was also free and unrestricted when the cyber attack on Ukraine in December 2015 occurred. Because of the class I had the connections and had trained people abroad and was asked to get involved. With Mike, Tim, and a number of other folks around the community we jumped in head first and had a response faster than anyone else with a more measured understanding. There is so much more to the story of Ukraine 2015 than anyone will ever know. This is the case for so many things Mike did behind the scenes that’ll never be public. Only a few of us will ever fully understand or appreciate what Mike did. What he was prepared to lose, the drama that came with it, and the fights that had to be fought behind the scenes. It was the making of a movie from lies to deceit to politics up to the White House itself. And yet I know Mike always was the one to calm me down. I love the USG, don’t get me wrong, but I was ready to go to war with them because of what happened behind the scenes to Mike. But it was Mike that was the cooler mind on it all anyway. In the end he was right, it was all for the greater benefit for us to all play nice’ish in public. It would take me years to calm down; he was cool nearly immediately.
Because of my experience with Mike and Ukraine and my experiences in the ICS515 class he asked me to build, I would find that education alone couldn’t scale fast enough in the face of the threats we were seeing. More was needed. That I reluctantly needed to do a software company. I really hated software companies for the most part, sure there are good ones but so many are snake oil salesmen and quick to take credit for smart users doing cool things that there software happened to be a part of; many just want to get rich which is something that truly doesn’t motivate me in life but just about everyone you meet forever assumes it is when you wear the title of vendor; the last thing I wanted to become was a vendor. But in seeking guidance from Mike I knew it was important. I had previously had “Dragos Security LLC” with my cofounders Jon and Justin but it was really just a legal structure to protect us while we were still in USG when we made the CyberLens tool largely for my students in ICS515. Mike pushed me to do more and to make the leap and try to codify the lessons learned and knowledge into software, real software, that would actually help ICS security. So with his guidance and pushing I founded Dragos, Inc. in May 2016. That December, the Ukraine 2016 cyber attack would occur and now I had a full time team to get involved. And we were involved and stayed involved in every major ICS cyber attack and campaign since then. New insights yielded new conversations for Mike and I; with an intelligence team and incident response team backing us we were able to theorize even more. It accelerated our conversations. We never wrote those things down, we were busy after all, so I comforted myself at least; in our last conversation together before his death we both lamented that we didn’t do even more together. That was Mike for you, he literally changed the community in a way no one else could and literally changed my life forever in ever possible way…and in the end it was all about things left undone and how much more there was to do. Of course, his view was that the mission would carry on without him. My view is that the world will never appreciate how much is lost because he’s not here.
Building a class that would train thousands with critical skills, leaving the military, being in a position to marry my wife, being in a position to have a child (another thing I wouldn’t have done still in the military), starting a company, having a dedication to capturing lessons learned in every form possible for the community, and making life long friends. Everything I am today, Mike played a significant leading role in the story. Any success I will ever have will be a silent homage to him. There has never been someone other than my wife and parents that I’ve been closer to. And my love for Mike was still unique in comparison. I don’t want to write a bunch of stuff about me, but it’s important to understand that anything positive I ever do in this community, it was Mike. My world view and turn from “protect the USG” to “safeguard civilization” was Mike. It’s always been Mike. And Mike’s not here anymore. And I still can’t wrap my head around that. That and at the SANS ICS Summit, Tim and I will continue it on without Mike looking like idiots up on stage knowing that we cannot fill his shoes. He’d punch me by now if he was reading this “oh Rob don’t be like that” or some combination of telling me that I’m doing important things and I give him too much credit, because that was the humble beautiful man he was, but he’s wrong, and I have never given him enough credit, not publicly.
I don’t have real regrets with Mike. We should all be so lucky to get the kind of closure he had in the end. For the last few months when we all know he was going to die he was able to spend time with friends and family on his terms. I keep telling myself and others who ask me how I’m doing “we should all be so lucky to get the kind of closure he had in the end” it’s burned into my thoughts at this point. It’s my hollow echo to people who are kind enough to reach out because they know how much Mike meant to me. But even as I type them they feel like a fake guard I have up to my real thoughts which are just a combination of tears and missing my friend.
I have been able to confide more and more in Tim Conway. Probably one of the best things Mike ever did was introduce me to Tim. In him I’m able to still experience the mission Mike started at SANS and what some of our unfinished plans are. I wouldn’t be strong enough to do it alone. I love SANS don’t get me wrong but it’s difficult to keep teaching and run a company and have a family. Sometimes there’s drama at SANS and my colleagues at SANS know that I’ve…clashed…with some of the choices there and I’ve thought about quitting. And probably in our most sick and sadistic dark moment Tim and I joked through the tears that Mike knew that by dying he was locking Tim and I in forever at SANS. That we’d never be able to leave and we’d always feel this debt in life to complete his vision of a safer world not only through our own individual paths but through the joint path of training at SANS. What a prick. Always knowing what’s best for us even when we don’t. It makes me think of Graham Chapman’s funeral and John Cleese’s speech. That we would all be bereft not to take the opportunity to joke on Mike one last time. To shock the world. And yet if you look at John’s face by the end, it’s hollow and empty and the full of the understanding that his life will never be the same again as the moments he experienced with his friend Graham.
Mike you gave me everything. You made me better. I’ll try hard to live up to your legacy and to strive to be better. I never will get out from under your shadow and I wouldn’t have it any other way, somehow it’s brighter here.