The great cybersecurity star search

Threats to the country’s most important computer systems don’t merely represent technical problems; they also highlight an urgent workforce challenge, according to computer security experts.

The Obama administration, lawmakers from both major political parties and large defense contractors have identified cybersecurity as a top priority. But even as officials press ahead on policy changes and companies race to build lucrative new technologies, many believe the dearth of highly trained cyber technicians is the most pressing problem.

Experts say thousands of additional professionals will soon be needed as analysts and systems administrators and in other related roles. However, although a tidal wave of new talent is needed, some observers say the current pipeline of candidates looks more like a trickle.

The Partnership for Public Service and Booz Allen Hamilton recently released a report stating that the government will be unable to combat cyber threats without “a more coordinated, sustained effort to increase cybersecurity expertise in the federal workforce.” The study’s authors also wrote that the “pipeline of potential new talent is inadequate.”

Meanwhile, in May, President Barack Obama released the results of his administration’s 60-day policy review that compared the current cybersecurity situation to the space race of half a century ago.

“The United States is in a global race that depends on mathematics and science skills,” the report states. The authors recommended more math and science education from kindergarten through 12th grade and increased funding for key education and research and development programs.

Richard Schaeffer, director of information assurance at the National Security Agency, said last week that there was a need for insight from a group of people who have yet to be identified. He added that it is important for companies and the government to cooperate to tackle the problem.

“We’ve got to work this together,” Schaeffer said.

He made the comments during a speech at an event on Capitol Hill in which government and industry officials unveiled a new national cybersecurity education program. The goal is to identify 10,000 young Americans with the skills to be cybersecurity practitioners, researchers, guardians and cyber warriors.

The program — called the U.S. Cyber Challenge — is led by the Center for Strategic and International Studies. Participants include the Defense Department’s Cyber Crime Center, the Air Force Association and the SANS Institute. Universities and aerospace companies are providing support.

Alan Paller, director of research at the SANS Institute and a leader of the initiative, said the program was a massive national search and development program similar to efforts to encourage young athletes.

“If you think about sports, grade school and high school give kids the chance to show that they might be good at basketball or soccer or football,” Paller said in an interview July 22. “We don’t have anything like that in [the cybersecurity field] except bad things.”

There’s evidence that other countries, such as China, are taking their search for cyber talent very seriously, he added.

The need to prepare young people to enter the computer security ranks in the United States is even more urgent given indications that the federal cyber workforce is growing older. That was the conclusion of the CIO Council’s most recent Information Technology Workforce Capability Assessment, which was released in 2008 but based on 2006 data.

The U.S. Cyber Challenge has five components: a talent search conducted through three ongoing national competitions, educational cyber camps for young people, live competitions, scholarships, and eventually internships and jobs.

“Rather than just teaching, it’s got to be fun,” said S. Sanford Schlitt, vice chairman of the board of directors at the Air Force Association. AFA is running an ongoing competition for high school students interested in the cybersecurity field.

Officials say the goal of all the U.S. Cyber Challenge is to identify talented individuals to participate in cyber camps at colleges nationwide. There’s also a program to train would-be camp counselors and plans for an FBI agent to visit each of the camps to discuss cyber crime and reinforce the need to use cyber skills in ways that comply with the law.

Rep. Yvette Clarke (D-N.Y.) and Sen. Thomas Carper (D-Del.), leaders of House and Senate subcommittees that focus on cybersecurity, said in statements released last week that they supported the cyber challenge and were pleased that their constituents would be involved. Meanwhile, Sen. Joseph Lieberman (I-Conn.), chairman of the Homeland Security and Governmental Affairs Committee, issued a statement congratulating a high school student from his state who had won one of the initial competitions.

In the meantime, government officials continue to define their needs and develop cybersecurity career paths.

Karen Evans, former administrator of e-government and information technology at the Office of Management and Budget and now a partner at KE+T Partners, said the government needs skilled analysts and systems administrators. She also said it’s important to match the focus of government-sponsored training opportunities with the needs of agencies and stressed that people are the greatest asset.

Experts say expanding and reshaping the workforce to meet agencies’ future cybersecurity needs won’t happen overnight, but existing programs could be expanded and historical parallels could guide the effort.

CSIS’ Commission on Cybersecurity for the 44th Presidency said the simplest way to increase the number of skilled cyber workers in the government would be to expand the National Science Foundation’s Scholarship for Service Program. In addition, the government must develop a career path for cyber specialists.

After the Soviet’s launched Sputnik, the commissioners wrote, “we were able to respond quickly with educational programs to meet a new kind of security challenge. We believe that the same rapid response is required now for the challenge facing the United States in cyberspace.”