Uncle Sam, industry scout for cybersecurity talent
- By William Jackson
- Jul 27, 2009
Citing what some experts are calling a “radical shortage” of skilled cybersecurity professionals, a government-industry coalition today announced the U.S. Cyber Challenge, a collection of long-term programs intended to identify future cybersecurity professionals at the high school level and earlier and to foster their educational and professional development.
Cyber Challenge will work in five areas to help begin filling the human resources pipeline for the cybersecurity professionals who will be needed in coming years by:
- Identifying students with the right talents and interests.
- Establishing “cyber camps” to foster those interests.
- Sponsoring national competitions to increase awareness of the profession and its top practitioners.
- Offering scholarship programs.
- Providing internships and jobs.
“This is a work in progress,” said Alan Paller, research director for the SANS Institute, one of the Cyber Challenge partners. “We’re not sure how all of it is going to work yet.”
The first step of the program, the talent search, already is being put into place with a number of high school and college level competitions that have been developed in recent years. These are the:
- CyberPatriot Defense Competition, a high school level cyber defense competition hosted by the Air Force Association.
- DC3 Digital Forensics Competition, hosted by the Defense Department’s Cyber Crime Center.
- NetWars Capture the Flag, a SANS Institute penetration testing competition.
The growing shortage of cybersecurity professionals hinders the ability of public and private sectors to adequately defend their portions of an increasingly vital information infrastructure. To create a pipeline of these professionals, a coalition led by the Center for Strategic and International Studies (CSIS) will bring together existing programs and build additional ones aimed at finding 10,000 young Americans with the necessary aptitude and interest and to create a career path for them. This will be followed up with a series of programs including educational cyber camps and exercises that could help give them access to academic scholarships and employment opportunities.
Coalition members include, in addition to CSIS, the Defense Department Cyber Crime Center, the Air Force Association, the SANS Institute and a number of universities and aerospace companies.
Richard C. Schaeffer Jr., the National Security Agency’s information assurance director, said the Centers of Academic Excellence program established by NSA to work with the academic community, is beginning to bear fruit, but too slowly. Schaeffer’s directorate has hired 257 of 300 computer scientists expected to be hired this year, and about half of the new graduates who have been hired have come from Academic Centers of Excellence. But demand for these professionals is growing sharply. In the Fort Meade, Md., area alone — the home of the NSA — demand is expected to jump to as high as 5,000 IT workers next year as new activities such as the DOD’s Cyber Command are stood up.
“It’s a trickle,” Schaeffer said of the flow of graduates from the Centers of Academic Excellence program. “It is a tiny number. Things are improving, but not at a pace they will have to in order to make progress on this issue.”
By identifying likely students early and providing an education and career path — and by improving the status of computer science activities — the Cyber Challenge hopes to increase the trickle.
The DC3 Digital Forensics Competition began in 2006 when the DOD digital forensics lab solicited teams to recover data from damaged media, side DC3 executive director Steven D. Shirley.
“We had 140 teams” that first year with only a “thimble-sized effort.” This year there are 580 teams and more than 1,000 individuals participating.
The CyberPatriot exercises were conceived last year by the Air Force Association’s board for aerospace education. Eight five-member teams participated in the first exercise in February, and recruiting for CP2 began in April, said S. Sanford Schlitt, vice chair of the board. There have been 270 100-man teams signed up so far for this exercise, and the first round is expected to be conducted this fall. After a semi-final online playoff round, contestants will meet in an in-person championship competition. The exercise is being developed as an online game to leverage interest in gaming.
SANS’ NetWars Capture the flag competition is quickly evolving program that lets contestants download a software and reverse engineer it to find and exploit vulnerabilities. The first round was played over eight days in June with about 80 participants, ranging in age from 14 to the mid-20s. A round 1.5 was held earlier this month, and round 2 will be announced in August.
At the collegiate level, there already are a number of competitions, including the Cyber Defense Exercise for U.S. service academies, and the National Collegiate Cyber Defense Competition, run by the University of Texas at San Antonio.
What these programs lacked separately was resources and visibility, Paller said. Bringing them together under the Cyber Challenge canopy will give them higher profiles and give participants access to a career path.
The next step, cyber camps probably run by universities for high school students, are expected to begin next summer and will be similar to athletic summer camps that give students access to high level coaching and training. Plans are being made now to train instructors and develop training programs.
Sen. Tom Carper (D-Del.) announced today that Delaware has agreed to be a state partner in the Cyber Challenge. University of Delaware and Wilmington University will host contest activities activities, and will host some of the first generation of cyber camps. The state also will work to provide internships with employers in the state provide opportunities for scholarships and access to top employers in private industry and government.
Carper cited the growing number of attacks against the U.S. cyber infrastructure in announcing Delaware’s participation. "Unfortunately, our country doesn't have enough people who really know how to defend our critical networks from these types of attacks,” he said. “I am proud that Delaware has been named as a state to help the United States continue be the most competitive and most secure nation in cyberspace today."