Blog

JSOnline: Time to crack the state’s shortage of cybersecurity talent

In the (first) Cold War, Americans worried about nuclear attack and a retaliatory Armageddon that would have reduced the world to a smoldering wreck.

Then came the terrorist attacks of Sept. 11, 2001, when a small group of suicidal zealots turned hijacked airplanes into bombs.

Today’s weapons of choice for those who would attack U.S. interests are Trojan horse programs, denial-of-service attacks and password-cracking tools used to steal or corrupt digital data.

Not every foreign power can bankroll a full-fledged military, but it appears everyone can afford a room full of hackers.

The alleged North Korean cyberattack on Sony Pictures Entertainment was a reminder that foreign “hacktivism” not only aims to disrupt national security interests, but economic and cultural stability, as well.

Sony initially scrapped the Christmas Day premiere of “The Interview,” a comedy about a plot to assassinate North Korean leader Kim Jong Un, following a hacking attack on the company and threats against cinema chains that planned to screen the film. Sony’s decision drew criticism from Hollywood to the White House, and the company approved a limited theatrical release.

Read this column in the Milwaukee Journal Sentinel here

Everyone loses when hackers from outside our borders can rob us of cherished principles like the First Amendment to the U.S. Constitution, or valuable lists of customer accounts stolen from major retailers and financial service institutions. Such cyberattacks can undermine national security just as surely as those carried out directly against defense and homeland security targets.

According to reports by the FBI and other sources, the list of foreign hacktivist groups is long and getting longer. They include People’s Liberation Army Unit 61398 in China, the Syrian Electronic Army, APT28 in Russia and similar groups in nations ranging from Tunisia to Thailand, and from Iran to ISIS.

The United States is home to criminal hackers, as well, whose main focus appears to be cracking into corporate cyber vaults.

Behind the curve

Having the right people in place to defend against such attacks has become a major cost, and recruitment challenge, for businesses in Wisconsin.

Consider Wisconsin’s major business sectors: They include financial services, insurance, health care and retail chains, all of which can be prime for cyberattacks. And yet, most C-level leaders in those sectors would admit there aren’t enough trained hackers of the honest variety to go around.

That problem deserves attention in Wisconsin, which is behind the curve in producing, attracting and retaining the kind of cybersecurity talent needed by companies and institutions of all sizes.

For starters, private companies aren’t just competing among themselves for talent.

The federal government is the largest single employer of cybersecurity experts. The Department of Defense alone expects to increase its cyber-fighting workforce to more than 6,000 employees by 2016, making it one of the largest such forces in the world. Defense contractors employ large numbers of developers and technical staff with cyber-expertise, as well.

The global demand for people with cybersecurity skills is forecast to grow at about 13% per year for at least the next three years, according to the Global Information Security Workforce. A recent RAND report, “H4cker5 Wanted: An Examination of the Cybersecurity Labor Market,” confirmed the shortage and noted: “…educating, recruiting, training and hiring these cybersecurity professionals takes time.”

Closing the talent gap

Filling the workforce void in Wisconsin begins with producing more students with computing skills, especially in the emerging world of data science.

Data scientists bring a combination of math, computational and analytical skills to the job. Starting salaries for these positions are substantial, sometimes in the six-figure category. In 2011, McKinsey & Co. estimated there will be roughly 150,000 unfilled data analytics expert positions by 2018.

Wisconsin is one of only seven states lacking a training program used by the Department of Homeland Security and the National Security Agency.

Known as the National Centers of Academic Excellence in Information Assurance and Cyber Defense, there are about 100 such outlets nationwide. The program encourages the teaching of cybersecurity and building a pipeline of professionals, not only for the government but for other sectors.

So, what’s being done?

The talent shortage is being discussed within state agencies and academic institutions, and organizations such as the Wisconsin Security Research Consortium also are making the case that more must be done to close the talent gap.

Cyberattacks do much more than shut down movie theaters. They threaten national security and cost businesses and the economy hundreds of billions of dollars a year.

Workforce development in Wisconsin should mean more than preparing people for the skilled trades. It should include building a workforce for the digital age.