Cyber In-Security Calls on a New Generation of Cyberdefenders

Washington - Though they tend to be young and eager, skilled cybersecurity experts are small in number. There simply are not enough of them to meet projected long-term global public and private sector requirements.

Corporations, smaller businesses and governments need future leaders who can provide information assurance by protecting computer networks containing proprietary information or political-military strategies and monitoring, detecting, analyzing and responding to any actions that could compromise or infiltrate those networks.

In the United States, the Washington-based, nonprofit Partnership for Public Service and private contractor Booz Allen Hamilton published a 2008 report called Cyber In-Security, which suggests that government and private-sector computer networks will be unable to fend off expected attacks by criminal groups, foreign nations, terrorists and individual hackers unless there is a huge increase in the number of federal cybersecurity experts.

Cyber In-Security calls on the U.S. Office of Personnel Management to develop new government job classifications in the cybersecurity area with clear career paths from entry level up.

Typically, some 120 graduates find government cybersecurity jobs through the Department of Homeland Security's Scholarship For Service program each year but more could be hired. A Government Accountability Office report says such scholarship programs should be augmented. Senator Jay Rockefeller hopes to pass legislation to authorize $300 million over five years to provide scholarships to 1,000 students.

U.S. Defense Department Secretary Robert Gates said every country is under cyberattack these days, but he finds his department particularly short of the necessary computer security experts. The department grooms 80 new candidates annually. By 2011, Gates said, he expects that number to grow to 250.

During a recent multilateral cybersecurity conference in Washington, Homeland Security Secretary Janet Napolitano posed this question: "How are we going to grow, recruit and retain experts, or cybercops?" (For related information, see "Secretary Napolitano Announces New Hiring Authority for Cybersecurity Experts ( ).")


Alan Paller, director of research for the SANS Institute, a computer security training company, said a massive talent search is needed to develop a cadre of 20,000 to 30,000 cybersecurity experts. He advocates organizing "cybercamps" at prestigious universities such as New York University's Polytechnic Institute in Brooklyn, expanding national competitions, offering scholarships for service or college courses on advanced information security, and marketing attractive internships and job offers.

Melissa Hathaway, who led President Obama's 2009 60-day cyberspace policy review, said it is important to promote digital literacy. That review, citing a report in The Economist, pointed to a shortage of information technology workers everywhere. The Obama administration plans to work with the Advertising Council, a national nonprofit organization that produces public service campaigns, to emphasize computer education from kindergarten through the 12th grade.

Richard Schaeffer, director of information assurance at the National Security Agency, said the United States cannot afford to be second in the cybersecurity arena and avoiding that fate means developing a robust pipeline for new math, science and engineering recruits. Figuring out how to engage and reward students, he said, is clearly an area where the private sector can help.

The U.S. Cyber Challenge - a three-part national competition seeking to identify 10,000 young Americans with exceptional computer aptitude - is sponsored by an existing public-private partnership. The competition is sponsored by the Center for Strategic and International Studies, a Washington-based public policy research institute; the Defense Department; the SANS Institute; and the Air Force Association.

The association, an independent civilian organization that educates the public about the role of aerospace power in national defense, is sponsoring the CyberPatriot high school competition. The Defense Department's Cyber Crime Center is responsible for the Digital Forensics Challenge, which targets high-school through postgraduate-level students. And the SANS Institute is running the online NetWars competition, which calls on secondary school students as well as college and postgraduate students to compete for points by assuming the role of an analyst, defender or penetrator or any combination of the three. Competitors try to protect secure resources from attackers, take control of a Web site or defeat mounting attacks in an effort to gauge vulnerabilities in a simulated network.

The most promising candidates will be offered additional training at the Federal Bureau of Investigation, Carnegie Mellon's Computer Emergency Response Team, the Energy Department's main laboratories or elsewhere. (See The 20 Coolest Jobs in Information Security ( ).)

Non-U.S. citizens can participate in some of these competitions, but are ineligible to win or participate in follow-on development programs. The Digital Forensics Challenge included teams from Chad and India in 2008. In 2009, CyberPatriot, which asks competitors to defend a simulated business network from attack, registered teams from Japan and South Korea.

The United Kingdom is interested similarly in identifying and nurturing talented youth, according to Judy Baker, recently retired from the British Centre for the Protection of National Infrastructure. She said after a U.K. cyberchallenge is launched she likely will aid other European nations interested in mounting national contests.

Greg White, a computer science professor at the University of Texas at San Antonio, said the idea behind U.S.-based competitions is to offer "unique, real-world, hands-on experience" and networking opportunities that can be important to young professionals.

Senator Joe Lieberman congratulated one of the residents of his congressional district in Connecticut, Michael Coppola, 17, for winning a 2009 competition. "Cybersecurity is a very real threat," he said, "so it is encouraging to see young people like Michael taking an interest." (See Coppola interview ( ) at the 2009 Gov 2.0 Summit.)

For more about U.S. policy, see Cyberspace Policy Review ( ) (PDF; 710KB) and a Foreign Press Center briefing on cybercrime by the FBI ( ).

Frequently asked questions about the U.S. Cyber Challenge competitions are answered on the CSIS Web site ( ).

For information about the International Multilateral Partnership Against Cyber Threats, see the IMPACT Web site ( ).

(This is a product of the Bureau of International Information Programs, U.S. Department of State. Web site: