US admits to lack of cybersecurity professionals as war drums beat louder
Congress, the White House, Pentagon and politicians across the US have only ramped-up calls for stronger cyber-defense as of late, with President Barack Obama expected to sign his name to an executive order at any moment putting into place a program that government says is necessary to secure America’s infrastructure from foreign hackers. Even after weeks and months of ramped-up warnings, though, Defense Department officials speaking to FCW Magazine say the United States has not made any significant strides in preparing for the worst.
When Sandy made her way up the East Coast this week, highways were shut down, ATMs went offline and electricity to some of the country’s largest cities was cut unexpectedly — exactly what a cyberattack from an American adversary could theoretically cause with only a few clicks of a mouse. But while Mother Nature might be a force to be reckoned with on her own, the abilities of cyber terrorists shouldn’t be anything to laugh at.
Earlier this month, US Defense Secretary Leon Panetta said a “cyber Pearl Harbor” would soon hit America, sending the country into a war that it has all-but-certainly started on its own. The US is suspected to be one of the major players behind an operation that has targeted the computers at Iranian nuclear facilities using malicious viruses and worms, with a retaliation from the Islamic Republic all but expected now.
“Over the past three years, the Iranian regime has invested heavily in both defensive and offensive capabilities in cyberspace. Equally significant, its leaders now increasingly appear to view cyber warfare as a potential avenue of action against the United States,” Ilan Berman, vice president of American Foreign Policy Council, said earlier this year. As recently as earlier this month, US officials specifically blamed Iranian hackers with cyber-assaults on the servers of Capital One Financial Corp. and BB&T Corp, two of America’s biggest banking institutions.
Still, the country's hasn't found a sound solution just yet.
“We don’t have all the capacity and the right sets of skills that we need to do all that’s required,” Army Maj. Gen. John Davis, senior military adviser for cyber to the undersecretary of defense at the Pentagon tells FCW. “In the department we are still struggling to fully define and empower the cyber workforce. It’s a big challenge, just to define the techniques.”
According to Amber Corrin with FCW — an outlet that bills itself as reporting on the business of federal technology — “a nationwide shortage of students of science, technology, engineering and math (STEM)” has left the Defense Department scrambling to find their own cyberwarriors to protect America and launch attacks on its foes.
Corrin quotes Maj. Davis from an appearance the adviser made at the Center for Strategic and International Studies in Washington last week, where she says he acknowledged that the government is reaching out seemingly everywhere for its next generation of recruits.
“There’s a wide range of functions and skills that are required for us, whether you’re in industry, other elements of government, military – all across the board, there are a wide range of skills and functions we need,” he said. “Every person who touches a keyboard is in some way associated with the cyber domain, because there are disciplines and standards associated with protecting against the threats.”
“Analytics, forensics, training, testing and evaluation, engineering, operational planning, leadership roles, legal, law enforcement – there’s a very wide range that all go into the mix we’re calling the cyber workforce,” Davis told the crowd.
Even with the Pentagon looking to pull new agents from all walks of academia, the cyber unit of the DoD is being left with slim pickings. In July, National Security Agency Director Gen. Keith Alexander made an unusual appearance at the annual DefCon hacker conference in Las Vegas in hopes of recruiting computer experts who would consider putting their coding skills to use for Uncle Sam, not an international adversary or malicious hacking group.
"In this room right here is the talent we need to secure cyberspace," Gen. Alexander said. "You know we can protect the networks and have civil liberties and privacy and you can help us get there,” adding that he thought of the audience as "the world's best cybersecurity community."
"This community, better than anyone, understand(s) what we need to do" he said. That need might soon be more dire than once thought, though. During his July speech at DefCon, Gen Alexander said, on a scale of one to 10, American readiness to deflect a major cyber-attack on its infrastructure is “around three.”
Three months earlier in April, the NSA acknowledged that it had selected four US colleges to be ‘Centers of Academic Excellence in Cyber Operations,’ where students would be specifically trained to advance someday into the cyber units at the Pentagon.
"We're trying to create more of these, and yes they have to know some of the things that hackers know, they have to know a lot of other things too, which is why you really want a good university to create these people for you," Neal Ziring, NSA’s technical director for their Information Assurance Directorate, said at the time.
As the US inches closer to a full-fledged cyberwar, though, the Pentagon might not be making a splash with American hackers to the degree they’d hope.
“The outlook is grim because we are not producing, from an education perspective, the people with the right skills sets to just have the entry-level skills needed in order to make progress in cybersecurity,” Cynthia Dion-Schwarz, deputy assistant director for computer and information science and engineering at the National Science Foundation tells FCW Magazine. “It’s a pipeline issue…it’s not a desire or capability issue.”
Rising tuition prices and stagnant unemployment rates aren’t doing any wonders for the cyberwarriors of America’s future, though, as made clear by claims from Dion-Schwarz and the Pentagon’s top guns.