It is old news that the U.S. lack the manpower needed when it comes to defending its own information infrastructure. Again and again, existing security experts that work for the government and its various agencies bemoan the lack of future “cyber warriors” that would lighten their burden and eventually step into their shoes when they retire.
When it comes to defending itself from cyber attacks, the U.S. is one of the most vulnerable countries in the world, since many civilian and military operations are essentially dependent on data networking. We have recently seen what could happen if a foreign government or and extremely organized group of knowledgeable individuals targets the U.S. infrastructure.
And, according to NPR, while China has put training computer security experts at the top of their list of national priorities – encouraging apt individuals to choose it for a career, organizing competitions to spot them, recruiting caught hackers and “reward” them with more training and a job for the government – the U.S. have really dropped the ball on this issue.
A hacking competition here and there, some schools and universities that are ready to train candidates, a handful of non-profit and government agencies that currently educate future experts – all good, but not nearly enough.
James Gosler, a veteran cyber security expert judges that at this time, there are around 1,000 people in the U.S. who are knowledgeable enough to perform the role of a national cyber defender – and government agencies and big business need 20 or 30 times that number of experts.
A recently published report by the Center for Strategic and International Studies confirms this opinion. They call it a “human capital crisis in cybersecurity”.
“The problem is both of quantity and quality especially when it comes to highly skilled “red teaming” professionals,” say the authors. “We not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.”
According to them, there are 4 things that should be done to deal with this situation:
- Promote and fund the development of more rigorous curricula in our schools.
- Support the development and adoption of technically rigorous professional certifications that include a tough educational and monitored practical component.
- Use a combination of the hiring process, the acquisition process and training resources to raise the level of technical competence of those who build, operate, and defend governmental systems.
- Ensure there is a career path as with other disciplines like civil engineering or medicine, rewarding and retaining those with the high-level technical skills.