In a major espionage incident in 2007, many U.S. government computer networks were penetrated by unknown foreign intruders and massive amounts of data were downloaded from the Defense, State, Commerce, and Energy departments, as well as from NASA, according to James Lewis, director of the technology and public policy program at the Washington, DC-based Center for Strategic and International Studies.
Lewis recalls that the attack—“of which only a portion was reported in the press”—confirmed what cyberexperts had been warning, that the U.S. is severely lacking in IT security practitioners.
One positive outcome is a concerted effort by government, industry, and academia to interest high school and college students, using a slew of competitive events, about the opportunities that exist in cybersecurity. The U.S. Cyber Challenge is the umbrella title under which fall some of the largest competitions, including the Air Force Association’s CyberPatriot Defense Competition, the Department of Defense’s (DoD’s) DC3 Digital Forensics Challenge, and the SANS Institute’s NetWars Capture-The-Flag Competition. Various universities and states sponsor other similar competitions.
“What we’re talking about is this country’s need for 10,000 people each and every year who graduate and go into computer jobs knowing something about cyber security,” says Gregory White, director of the Center for Infrastructure Assurance and Security at the University of Texas at San Antonio (UTSA). “Your average programmer may not be involved in a security position, but he needs to know something about secure programming—or we’re going to end up with even worse problems than we have now.”
The contests, which began last year, vary in nature, but most involve hacking of some sort. For example, the NetWars’ Capture-The-Flag Competition took the form of an online game in which participating teams had to penetrate a network and defend their own.
“One contestant was clever enough to rig a firewall around parts of the game so that others couldn’t even get to it,” recalls the CSIS’s Lewis. “Those are the sorts of skills that impress the judges.”
Competition prizes typically include cash awards and scholarships, but also actual jobs as recruiters frequently attend and have been known to make employment offers immediately following a competition.
“One way we measure our success is from the comments of our sponsors,” says UTSA’s White. “We had one who told me that she frequently goes to the events trying to recruit people because she usually finds two or three individuals she’s interested in. At our last competition, she was pleasantly surprised to find that she liked all the competitors. I was just beaming.”
But observers note that the problem is getting worse, not better. For instance, the DoD has indicated that it graduates only 80 or so people with cybersecurity skills each year. And, as securing networks becomes more important, demand for experts in the field will only increase.
More important than “finding people who know how to build more security products,” says Paul Kurtz, chief operating officer of Arlington, VA-based Good Harbor Consulting, “the country needs people with the skill sets to give us more secure computing in the first place—those electrical engineers who understand how all the pieces come together to give us a more secure and resilient IT infrastructure. The real good thinking comes from those who know how to build computers from the ground up. Everyone else is just trying to stop the bleeding.”
Paul Hyman was editor-in-chief of several technology publications at CMP Media, including Electronic Buyers’ News.
No entries found