What US cybersecurity needs: a few more good guys
In high-tech America, cybersecurity specialists trained for high-stakes fights with hackers are in short supply.
(Page 2 of 2)
The federal government, which awoke gradually to the danger during the Bush administration, has accelerated efforts to improve the nation’s defenses. Existing training and education programs are “limited in focus and lack unity of effort,” the cyber education section of President Obama’s Comprehensive National Cybersecurity Initiative found last year. To ensure an adequate pipeline of skilled people “it will take a national strategy, similar to the effort to upgrade science and mathematics education in the 1950s, to meet this challenge.”Skip to next paragraph
Subscribe Today to the Monitor
Companies and government agencies interested in developing cybersecurity talent are now pushing for more programs in college and tougher curricula.
Colleges and universities like Purdue and Southeast Missouri State are expanding their cybersecurity programs while others are developing entirely new programs, CSIS’s Mr. Lewis says. The University of Maryland University College in Adelphi last year launched undergraduate and graduate programs in cybersecurity – signing up 900 students in both. For UMUC, it makes perfect sense: The cyberskills-intensive National Security Agency headquarters is only a few miles from campus.
A critical part of the problem though is certification and credentialing of experts already on the job. One federal agency recently tested a dozen new employees for cybersecurity skills on their résumés – and got a rude surprise, says Alan Paller, research director of the SANS Institute, a cybersecurity education organization.
“When the dozen new agency employees were confronted with a skills test, three-quarters of them didn’t know what to do,” he says. A credential has to mean a lot more than just knowing when to order an antivirus scan, since the most dangerous, advanced threats are undetectable by them and do not cause system problems. What’s needed are forensic and “hunter skills,” Lewis and Mr. Paller agree.
To fix that problem, a new organization called the National Board of Information Security Examiners based in Idaho Falls, Idaho, is developing tests to ensure its credentials mean an individual has the ability to identify threats on the network.
But it’s not curricula or credentials that will recruit the next generation of cyberdefenders. Competitions might.
The national cyberdefense competition – sponsored by Deloitte, a consulting company – has grown from 24 competing colleges in the 2006 national competition to 109 this year. Others contests like Cyber Security Treasure Hunt, Cyber Patriot, Netwars, and DC3 Digital Forensics challenge are emerging, too.
And then there are the prizes. Beating powerhouses Texas A&M (second place) and University of Louisville (third place) was a sweet victory for Czeskis and his University of Washington teammates. But they won something else even sweeter: Each was deluged with job offers from the likes of Google, Microsoft, and the Department of Defense.