(Editor's note: The need for President Obama to issue an executive order to get private industry co-operating with the federal government to better protect U.S. infrastructure from nation-state hackers hints at the discord underlying America's readiness for cyberwar. In this guest commentary, Alan Paller co-chair of the Department of Homeland Security's 2012 Task Force on Cyberskills, and George Boggs, CEO emeritus of the American Association of Community Colleges, lay out the case for a more unified effort to recruit troops for the escalating battle.)
The Obama Administration's intentions to step up efforts to combat the theft of trade secrets is not going to solve the problem. The Pentagon's plan to nearly quadruple its command for fighting cyber-attacks only highlights how far we have to go. As it stands, we have at best 1,000 experts with the skills necessary to perform at world class levels in cybersecurity's rapidly intensifying "red zone", where the hands-on work of defending against attacks takes place. We need at least 25 times more -- 10 times more just to match the defenses of China.
There is a way to start filling this hungry pipeline that not only builds the capacity we need, but which also relieves unemployment and advances needed innovations in higher education. It calls for targeted recruiting strategies, more rigorous and relevant training, and meaningful practical experience. But none of these things can happen without a profound shift in our thinking about how to engage, educate, and employ a 21st century workforce.
First, we must attract more of the best and the brightest to the cyber-security field. One promising "on-ramp" comes in the form of competitions for high school and college students and other interested adults. Competing for scholarships, internships and other prizes, participants try out their hacking skills with simulated cyber-attacks designed by government agencies and top private employers.
Educators and businesses need to spread the word that these competitions are educational, lucrative, and fun. But widening the pipeline is just the beginning. Once we have boosted the supply of recruits, we have to give them the training they need and our nation demands. Our current cyber-security programs are too often focused on the theoretical rather than the practical, the elementary rather than the advanced. To borrow from a related field, the existing programs are producing too many security guards and not enough homicide detectives.
To correct the balance, we need rigorous new programs that will prepare students for the most sophisticated, high-demand cyber- security jobs – the "red zone" jobs the Pentagon, the Department of Homeland Security and the private sector are urgently looking to fill. The curriculum will be intensive and hands-on. And courses will be designed in concert with the very government agencies and corporations that will use what they produce.
Building programs like these means offering a genuine alternative to the traditional, expensive four-year degree. A top cyber-security professional could prove mastery of this difficult coursework with an associate's degree or a certificate. Our need for these professionals is acute and immediate. There is no reason they can't get top-notch training in from 18 to 24 months.
Finally, we must take a cue from the medical profession and establish residencies for top graduates of cyber-security programs. With mentoring by government agencies and private corporations, residents will have the opportunity to apply their skills in the real world, working on actual projects and earning money as they do. Like newly minted M.D.s, successful residents will be ready immediately to take on the responsibilities of defending our vulnerable networks against cyber-attack.
Not everybody, of course, will graduate from one of these programs a "top gun." But the programs acknowledge that there are various levels of success. They will also produce graduates capable of performing a variety of lower-level but still vital roles, and these graduates, too, will have benefited from the intensive training that is so lacking in many programs today.
Cybersecurity is one of the most serious economic and national security challenges we face, and the risk of calamitous attack is growing. We have the tools to catch up. We can catch up if together we work to expand the pipeline of highly skilled cyber-professionals by embracing new ways of engaging our talent, educating our students, and employing a new workforce. In exchange, we will produce a talented new generation of cyberaces, superbly educated, and ready and committed to keeping our country safe.
The Obama Administration's intentions to step up efforts to combat the theft of trade secrets is not going to solve the problem. The Pentagon's plan to nearly quadruple its command for fighting cyber-attacks only highlights how far we have to go. As it stands, we have at best 1,000 experts with the skills necessary to perform at world class levels in cybersecurity's rapidly intensifying "red zone", where the hands-on work of defending against attacks takes place. We need at least 25 times more -- 10 times more just to match the defenses of China.
First, we must attract more of the best and the brightest to the cyber-security field. One promising "on-ramp" comes in the form of competitions for high school and college students and other interested adults. Competing for scholarships, internships and other prizes, participants try out their hacking skills with simulated cyber-attacks designed by government agencies and top private employers.
Educators and businesses need to spread the word that these competitions are educational, lucrative, and fun. But widening the pipeline is just the beginning. Once we have boosted the supply of recruits, we have to give them the training they need and our nation demands. Our current cyber-security programs are too often focused on the theoretical rather than the practical, the elementary rather than the advanced. To borrow from a related field, the existing programs are producing too many security guards and not enough homicide detectives.
To correct the balance, we need rigorous new programs that will prepare students for the most sophisticated, high-demand cyber- security jobs – the "red zone" jobs the Pentagon, the Department of Homeland Security and the private sector are urgently looking to fill. The curriculum will be intensive and hands-on. And courses will be designed in concert with the very government agencies and corporations that will use what they produce.
Building programs like these means offering a genuine alternative to the traditional, expensive four-year degree. A top cyber-security professional could prove mastery of this difficult coursework with an associate's degree or a certificate. Our need for these professionals is acute and immediate. There is no reason they can't get top-notch training in from 18 to 24 months.
Finally, we must take a cue from the medical profession and establish residencies for top graduates of cyber-security programs. With mentoring by government agencies and private corporations, residents will have the opportunity to apply their skills in the real world, working on actual projects and earning money as they do. Like newly minted M.D.s, successful residents will be ready immediately to take on the responsibilities of defending our vulnerable networks against cyber-attack.
Not everybody, of course, will graduate from one of these programs a "top gun." But the programs acknowledge that there are various levels of success. They will also produce graduates capable of performing a variety of lower-level but still vital roles, and these graduates, too, will have benefited from the intensive training that is so lacking in many programs today.
Cybersecurity is one of the most serious economic and national security challenges we face, and the risk of calamitous attack is growing. We have the tools to catch up. We can catch up if together we work to expand the pipeline of highly skilled cyber-professionals by embracing new ways of engaging our talent, educating our students, and employing a new workforce. In exchange, we will produce a talented new generation of cyberaces, superbly educated, and ready and committed to keeping our country safe.
No comments:
Post a Comment