For national security emergency, launch a Cyber National Guard
Cybersecurity has dominated headlines in 2015. The security industry has talked at length about hacks and breaches and its failures – to date – to neutralize the worst threats. But we haven’t brought enough urgency to solving the cyber security talent shortage.
More than 209,000 cybersecurity jobs in the U.S. alone were unfilled in summer 2015, and postings increased 74 percent in five years, according to a Stanford University analysis. Cyber security leaders expect 1.5 million more jobs than takers by 2019.
{mosads}Yet nobody sees the threats receding. It is all-hands-on-deck time, but we have far too few hands.
To remedy our alarming cyber talent deficit and address what is now a crisis for the civilized world we must recruit more than a million Americans. And as in any war, only the federal government can lead the response. The answer is a Cyber National Guard.
We are more vulnerable, in more places. Hackers are upping their game, moving from stealing money or identity data to commandeering strategic assets. The Department of Homeland Security identifies 16 high-priority categories of infrastructure, public and private, requiring robust cyber defense, including energy, transportation, financial services, and communications. Yet only 24 percent of private enterprise companies have the internal resources to monitor their digital systems 24/7, according to a study by 451 Research.
Sobering as the drumbeat of hack-attack news may be, it’s probably just the tip of the iceberg. Most states don’t require organizations to reveal asset attacks or losses of intellectual property, only personal identity data theft. Real losses are likely far worse than reported.
Stack that hard truth against the cyber talent deficit, and it ought to keep us awake at night. At more than a third of companies surveyed by 451 Research, deficient in-house expertise inhibits important security projects. For four straight years, organizations have told Enterprise Strategy Group no area presents a more “problematic shortage” of skills than IT security.
“[W]hen we factor in a rapidly growing connectivity of devices—from cars and medical devices to utilities—cybersecurity is now a matter of public safety,” sad Matt Loeb, CEO of the global IT association ISACA, earlier this year. “Leaders in the private and public sector must invest in and insist on a properly trained cybersecurity workforce – and fast.”
There’s a flurry of private initiatives underway, but we lack coordination and a joint sense of mission. Imagine us gearing up for World War II with Boeing, Lockheed, and Curtiss-Wright all building fighters and bombers independently, without consulting with the War Department. We cannot afford such chaos.
A Cyber National Guard can work this way. The Department of Homeland Security – that’s the logical federal agency for this – offers young STEM graduates immediate employment protecting government and other critical assets. They put in three to five years on the front lines, emerging with practical experience and a security clearance. They’ll find private companies like mine committed to hire them – and pay them what they’re now worth.
Government competes today for cyber talent against private companies. This model can help solve that. Many computer science students either don’t consider cyber security careers or don’t see a way to get in; this can fix that too. Ben Scribner, who runs the National Cybersecurity Professionalization and Workforce Development program at DHS, has suggested we reach out to kids early, perhaps in middle school. We can give young people strong professional prospects while addressing this defense crisis.
Israel became a key crucible for cyber defense talent as young people went through their mandatory national-defense stints, then into roles as private-sector innovators. We’re not about to draft anyone into a U.S. Cyber National Guard, but I believe the program would attract enough young Americans on its own merits to reduce the current talent deficit.
Before an audience of influential present and former government officials at the Aspen Security Forum this summer I discussed this idea with a senior-level DHS official. The basic deal: DHS employs a corps of young people right out of college and commits to give them good experience. I’ll have jobs for them three to five years later. In a bit of crowd-pleasing fun, we shook on it. Win-win.
Why not try and make that partnership work? I believe my industry is ready. For a nation waging a real, critical cyber war, it can’t come a day too soon.
Young is senior vice present and general manager of Intel Security, an organization committed to protecting digital experiences. Follow him on Twitter: @youngdchris.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..