August 08, 2012

Help wanted: Geek squads for US cybersecurity

By Jacob Stokes and Kristin M. Lord

Finding enough qualified men and women to protect America’s cyber networks stands as one of the central challenges to America’s cybersecurity. Even in the computer age, people are essential. In the field of cybersecurity, they are also lacking.

Cybersecurity breaches cost America billions of dollars a year. Meanwhile, cyberattacks on America’s critical infrastructure increased 17-fold between 2009 and 2011. To defend the cybersecurity of both private businesses and government agencies, it is time for a serious geek surge.

Right now the lack of qualified cyber experts is hamstringing US efforts to secure cyberspace. Last month, Jeff Moss, a prominent hacking expert who sits on the Department of Homeland Security Advisory Council, told a Reuters conference, “None of the projections look positive… The numbers I’ve seen look like shortages in the 20,000s to 40,000s for years to come.” A study earlier this year by industry group (ISC)2 found that 83 percent of federal hiring managers surveyed said it was extremely difficult to find and hire qualified candidates for cybersecurity jobs.

In 2009, the Department of Homeland Security announced plans to recruit 1,000 cyber professionals in the next three years. As of 2011, DHS had only managed to hire about 260. “We need analysts. We need people who are engineers. We need people who are experienced in intelligence as it relates to the cyber-universe,” Secretary of Homeland Security Janet Napolitano recently told CNN.

Congress just missed an opportunity to help solve this problem. The now-dead Cybersecurity Act of 2012 included a federal cyber-scholarship-for-service program and continued training for federal employees working on cyber issues. The bill also would have helped build clearer and more rewarding career paths for cyber experts employed by the federal government. And it would have established national and statewide competitions to help identify and recruit cyber talent for the next generation.Such programs would be both valuable and politically uncontroversial, and they merit inclusion in any future cyber legislation.

Wisely, federal agencies are not waiting for legislation to ramp up their campaigns to find cyber experts. Ms. Napolitano has gone on a tour of American universities in an attempt to increase interest in cyber careers. The National Security Agency is setting up programs at select universities to train people for cyber jobs in intelligence, military, and law enforcement. The private sector is also rising to the challenge. For instance, the defense firm Northrup Grumman has paired with the University of Maryland to start an undergraduate cybersecurity program that will begin this fall.

Beyond specialty cyber-education programs, America needs the building blocks of a future workforce fit to grapple with the rapidly evolving challenges of cybersecurity. This will require young Americans skilled in “STEM” fields – science, technology, engineering, and math. It will also require H-1B visa reform to keep more talented engineers and cybersecurity experts working in America.

For its part, the military can increase the capabilities of its cyber workforce by drawing on civilian expertise in its reserve components. For example, a reservist who works as a software engineer at Google brings unique skills to the force and can help fill an important position, as long as the institutional avenues to draw on those skills exist. Such an approach would save the military both money and decrease training time.

Dangers in the cyber arena grow by the day. Men and women skilled in the cyber arena are needed to meet those challenges. It’s time to build America’s geek squad.