Author Topic: US Facing a Human Capital Crisis in Cybersecurity, Says CSIS  (Read 4035 times)

0 Members and 1 Guest are viewing this topic.

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
US Facing a Human Capital Crisis in Cybersecurity, Says CSIS
« on: November 07, 2010, 06:54:55 am »
US Facing a Human Capital Crisis in Cybersecurity, Says CSIS
http://www.circleid.com/posts/20100721_us_facing_a_human_capital_crisis_in_cybersecurity_reports_csis/
Jul 21, 2010 11:43 AM PDT By CircleID Reporter

A Human Capital Crisis in Cybersecurity – A White Paper of the CSIS Commission on Cybersecurity for the 44th Presidency, July 2010
A new study has been released by Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th President that looks into cybersecurity manpower challenges in the United States. The report titled, "A Human Capital Crisis in Cybersecurity," is produced by CSIS - a bipartisan public and foreign policy think tank in Washington.

From the report:

"The nation and the world are now critically dependent on the cyber infrastructure that is vulnerable to threats and often under attack in the most real sense of the word.

... The problem is both of quantity and quality especially when it comes to highly skilled “red teaming” professionals We not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.

The cybersecurity workforce to which we speak in this report consists of those who self-identify as cybersecurity specialists as well as those who build and operate our systems and networks.  That workforce includes not only workers on government payrolls, but also those contractors who operate as part of the extended government workforce.  It also includes those who build and maintain the critical infrastructure on which the public and private sectors have come to rely."
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
Re: US Facing a Human Capital Crisis in Cybersecurity, Says CSIS
« Reply #1 on: November 07, 2010, 06:55:57 am »
The Human Capital Crisis in Cybersecurity
http://federalnewsradio.com/?nid=420&sid=2083321
November 4, 2010 - 4:46pm Download mp3    
October 20th, 2010

October is Cybersecurity month. Jane Norris, host of the new FedCentral program, will be joined by Karen Evans, partner at KE&T Partners, LLC, and former Administrator for E-Government and IT at OMB along with JR Reagan, principal with Deloitte & Touche LLP to discuss Cyber Workforce trends including key findings from the Human Capital Crisis in Cybersecurity study.

Karen S. Evans
National Director
US Cyber Challenge (USCC)

Karen S. Evans is serving as the National Director for the US Cyber Challenge (USCC). The USCC is the nationwide talent search and skills development program focused specifically on the cyber workforce. She is also an independent consultant in the areas of leadership, management and the strategic use of information technology. She recently retired after nearly 28 years of federal government service with responsibilities ranging from a GS-2 to Presidential Appointee as the Administrator for E-Government and Information Technology at the Office of Management and Budget (OMB) within the Executive Office of the President. She oversaw the federal IT budget of nearly $71 billion which included implementation of IT throughout the federal government. This included advising the Director of OMB on the performance of IT investments, overseeing the development of enterprise architectures within and across the agencies, directing the activities of the Chief Information Officers (CIO) Council, and overseeing the usage of the E-Government Fund to support interagency partnerships and innovation. She also had responsibilities in the areas of capital planning and investment control, information security, privacy and accessibility of IT for persons with disabilities, and access to, dissemination of, and preservation of government information. Included in her accomplishments are making IPv6, HSPD-12, and SmartBUY (which is leveraging the federal government requirements) a reality; elevating the importance of transparency with the publication of the Management Watch List and High Risk List projects; increasing the focus on cybersecurity to include the Federal Desktop Core Configuration for the government; and balancing the expanded use of technology for citizen services with increasing demands for privacy.

Prior to becoming the Administrator, Ms. Evans was the Chief Information Officer for the Department of Energy. There she was responsible for the design, implementation, and continuing successful operation of IT programs and initiatives throughout the Department and its offices. During this time, she was the Vice-Chairman of the Federal CIO Council. Elected to the post in December 2002, she coordinated the Council's efforts in developing federal IT programs and improving agency information resources practices.

Before joining Energy, she was Director, Information Resources Management Division, Office of Justice Programs (OJP), U.S. Department of Justice, where she was responsible for the management and successful operation of the IT program. OJP's bureaus and offices provide funding opportunities for initiatives such as Safe Schools, Safe Start Program, Community Prosecution, Native American Tribal Courts and other programs of high local, state and national interest. Key accomplishments included the implementation of an on-line grants management system to process grants from discretionary, formula and large block grants programs, to streamlining capabilities to ensure for the expeditious processing of claims benefits to families of public safety officers after the September 11th attacks.

She holds a Bachelor's degree in Chemistry and a Master of Business Administration degree from West Virginia University.
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
Re: US Facing a Human Capital Crisis in Cybersecurity, Says CSIS
« Reply #2 on: November 07, 2010, 06:58:40 am »
In the future, everyone may be a cybersecurity professional
http://fcw.com/blogs/quick-study/2010/07/human-capital-crisis-cybersecurity.aspx
By Brian Robinson Posted on Jul 26, 2010 at 2:06 PM

The Commission on Cybersecurity for the 44th Presidency has published its findings on the “Human Capital Crisis in Cybersecurity” and, as earlier reports suggested, it could be the spark for a wholesale change in the way the entire government IT work force is trained and certified.

Long term, if the commission’s recommendations are accepted, the professional bona fides of those who work in software development and network operations, as well as in traditional security areas such as intrusion detection and forensics, would be decided by an independent Board of Information Security Examiners. These areas are also critical to cybersecurity, the commission believes.

The commission identified a total of nine key roles in cybersecurity many of which, as with the above, don’t usually fall under the cybersecurity umbrella, including such things as systems administrator and even technical writer. “At least for the moment,” the commission said, it’s not including “executive and leadership roles or specialized functions unique to national security, intelligence or law enforcement.”

If you read through the commission’s report, however, it wouldn’t be surprising to eventually find just about any job that touches on IT, and therefore cybersecurity, included in this list.

The push for certification of cybersecurity professionals, and along with it the definition of just who fits that bill, will be controversial, given that there are many people already involved in cybersecurity that don’t have any formal qualifications. The commission tackles that by comparing the current state of cybersecurity to the practice of medicine in the 19th Century. Likewise, it said, the cybersecurity field has “lots of often self-taught practitioners only some of whom know what they are doing.”

It goes on to say:

“What has evolved in medicine over the last century is a system that recognizes that different kinds of skills and specialties are required. And, since most of us are not able to access the qualifications of a practitioner when a need arises, we now have an education system with accreditation standards and professional certifications by specialty. We can afford no less in the world of cyber.”
Those will be fighting words to some, and there’s a widespread dislike of the idea that the government could take a lead on deciding who is and who is not a cyber professional. But given the urgency that’s building around cybersecurity and the lack of people to fill essential roles, the commission’s recommendations will likely get a sympathetic hearing.

All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
Re: US Facing a Human Capital Crisis in Cybersecurity, Says CSIS
« Reply #3 on: November 07, 2010, 06:59:11 am »
Build an army of cyber warriors
UMUC programs can help America face new generation of threats
http://articles.baltimoresun.com/2010-08-30/news/bs-ed-cyber-soldiers-20100830_1_cyber-security-cyber-warriors-cyber-threat
August 30, 2010|By Susan C. Aldridge and Harry D. Raduege Jr.

The United States is under attack from an unknown enemy. Legions of enterprising foes, both foreign and domestic, are lurking in cyberspace. They threaten to take down our defense networks and power grids, along with our banking, transportation and communications systems.

President Barack Obama calls this escalating cyber threat "the most serious economic and national security challenge we face as a nation." The House Armed Services Committee asserts that the Pentagon's computers are targeted at least 5,000 times every 24 hours.

There is evidence that other nations regularly infiltrate the networks that control our country's critical infrastructure, looking for leverage should they ever want to use it. And let's not forget the millions of Americans who have had their identities stolen or their health records intercepted by enterprising cyber thieves.
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,090
    • Git Ureself Edumacated
Re: US Facing a Human Capital Crisis in Cybersecurity, Says CSIS
« Reply #4 on: November 07, 2010, 07:00:00 am »
Cyberwarrior Shortage Threatens U.S. Security
http://www.vpr.net/npr/128574055/
Monday, 07/19/10 5:30am - Morning Edition Tom Gjelten


There may be no country on the planet more vulnerable to a massive cyberattack than the United States, where financial, transportation, telecommunications and even military operations are now deeply dependent on data networking.

What's worse: U.S. security officials say the country's cyberdefenses are not up to the challenge. In part, it's due to a severe shortage of computer security specialists and engineers with the skills and knowledge necessary to do battle against would-be adversaries. The protection of U.S. computer systems essentially requires an army of cyberwarriors, but the recruitment of that force is suffering.

"We don't have sufficiently bright people moving into this field to support those national security objectives as we move forward in time," says James Gosler, a veteran cybersecurity specialist who has worked at the CIA, the National Security Agency and the Energy Department.

If U.S. cyberdefenses are to be improved, more people like Gosler will be needed on the front lines. Gosler, 58, works at the Energy Department's Sandia National Laboratory in Albuquerque, N.M., where he focuses on ways to counter efforts to penetrate U.S. data networks. It's an ever-increasing challenge.

"You can have vulnerabilities in the fundamentals of the technology, you can have vulnerabilities introduced based on how that technology is implemented, and you can have vulnerabilities introduced through the artificial applications that are built on that fundamental technology," Gosler says. "It takes a very skilled person to operate at that level, and we don't have enough of them."

Gosler estimates there are now only 1,000 people in the entire United States with the sophisticated skills needed for the most demanding cyberdefense tasks. To meet the computer security needs of U.S. government agencies and large corporations, he says, a force of 20,000 to 30,000 similarly skilled specialists is needed.

Some are currently being trained at the nonprofit SANS (SysAdmin, Audit, Network, Security) Institute outside Washington, D.C., but the demand for qualified cybersecurity specialists far exceeds the supply.

"You go looking for those people, but everybody else is looking for the same thousand people," says SANS Research Director Alan Paller. "So they're just being pushed around from NSA to CIA to DHS to Boeing. It's a mess."

The Center for Strategic and International Studies highlights the problem in a forthcoming report, "A Human Capital Crisis in Cybersecurity."

According to the report, a key element of a "robust" cybersecurity strategy is "having the right people at every level to identify, build and staff the defenses and responses."

The CSIS report highlights a "desperate shortage" of people with the skills to "design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts."

The cyber manpower crisis in the United States stands in sharp contrast to the situation in China, where the training of computer experts is a top national priority. In the most recent round of the International Collegiate Programming Contest, co-sponsored by IBM and the Association for Computing Machinery, Chinese universities took four of the top 10 places. No U.S. university made the list.

The Chinese government, in fact, appears to be systematically building a cyberwarrior force.

"Every military district of the Peoples' Liberation Army runs a competition every spring," says Alan Paller of SANS, "and they search for kids who might have gotten caught hacking."

One of the Chinese youths who won that competition had earlier been caught hacking into a Japanese computer, according to Paller, only to be rewarded with extra training.

"Later that year, we found him hacking into the Pentagon," Paller says. "So they find them, they train them, and they get them into operation very, very fast."

Some members of Congress, eager to follow China's example, are now promoting a U.S. Cyber Challenge, a national talent search at the high school level. The aim is to find up to 10,000 potential cyberwarriors, ready to play both offense and defense.

"The idea is for schools around the country to field teams, and the teams would compete against one another," says Sen. Thomas Carper, a Delaware Democrat who is one of the backers of the effort. He sees the challenge as an opportunity "not only for them to hone their skills on being able to hack into other systems, particularly those of folks we may not be fond of, but also to use what they learn to strengthen our defenses."

In order to protect a computer system, one needs to know how someone might attack it. Last year's preliminary Cyber Challenge game was won by a 17-year-old from Connecticut -- Michael Coppola -- who was smart enough to hack into the game computer and add points to his own score.

"There's actually a flaw within that Web application," Coppola says. "Using that, I was able to execute commands on the computer running the scoring software, and I was able to add points and basically do whatever I wanted."

It was certainly an unconventional approach, but the competition judges were so impressed by Coppola's ability to hack into the computer game that they actually rewarded him for changing his score.

"It's cheating," Michael says, "but it's like the entire game is cheating."

Indeed. People who know how to cheat will soon be on the front lines of cyber defense, because the best way to defend a computer system from attack is to figure out how an adversary would be able to hack into it.

Now 18, Coppola is himself looking to a career in cybersecurity.
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately