In the fifth domain of warfare, only a strong army of cyber warriors can safeguard U.S. networks and systems. But without an adequate number of skilled cybersecurity professionals, the digital infrastructure remains exploitable to hackers and nation-state enemies.
Now, government contractors and academia are joining forces to help solve one of the most-pressing human capital crisis in the 21st century: Educating next-gen defenders of the electronic battlefield.
Recently, the severe dearth of skilled cyber warriors has been discussed from the highest echelons of the White House to industry insiders, all underscoring how U.S. financial, transportation, telecommunications and even military operations are open targets to adversaries skilled in cyber warfare.
As former Director of National Intelligence Mike McConnell asserted in October, “Our nation’s ability to successfully protect our critical infrastructure and information systems from attacks hinges on a trained, ready cyber workforce.”
To train and man the cyber frontlines, universities across the nation have begun offering specific cybersecurity degrees. In the capital region, the University of Maryland University College recently added three cybersecurity degrees to help meet the demand for tens of thousands cyber defenders in the area. The online programs are geared toward individuals who are already employed but who are looking to advance their careers or gain knowledge in the rapidly progressing field of cybersecurity.
Although cybersecurity degrees are nothing new—before cyber became a buzzword, they were often classified as “computer science” or “information assurance”— the demand for them is unprecedented. And so is the interest among those desiring a degree, said Greg von Lehmen, provost and chief academic officer at the University of Maryland University College.
When the school launched two new graduate programs, it had more than 500 students in the first semester, von Lehmen said.
“I think that as the need is more and more profiled in the media … we’ll see more universities open full-fledged cyber programs and more students enrolling,” he said. “I certainly believe that as this workforce permeates the national consciousness that there will be more and more students enrolling.”
UMUC decided to start offering cybersecurity degrees after realizing the acute need for skilled cyber professionals, von Lehmen said. Officials became aware that they could help fill that gap efficiently and began the process of forming the degrees; a bachelor’s degree in cybersecurity, and two master’s degrees in cybersecurity technical track and in cybersecurity policy, he said.
In its pursuit to educate the next-gen cyber workforce, the university has formed partnerships with several major government contractors. In October, the school announced a partnership with Booz Allen Hamilton to allow the firm’s employees to take courses and earn a graduate certificate in one of three tracks.
Ed Kanerva, principal at Booz Allen, said the firm recognizes that the most significant challenge in the realm of cybersecurity is building a trained, experienced cyber workforce that can protect U.S. critical infrastructure and information systems from cyber exploitation and attacks.
“This partnership, which fuses our expertise in emerging cybersecurity needs with UMUC’s reputation of global excellence, is aimed at fortifying the nation’s cyber workforce,” he explained.
But safeguarding the digital infrastructure demands more than a just technical know-how.
Because of the complex nature of cyber threats, a single-faceted approach is not enough, something William Luti, executive vice president of cybersecurity at Digital Management, Inc., stressed. DMI, which works with UMUC at the undergraduate level to expose students to the business and government cyber environment, is especially interested in programs that are interdisciplinary in nature, Luti said.
“We want prospective employees to obtain a foundation in computer networking, information security, and perhaps most importantly, learn how to integrate cybersecurity best practices into every aspect of a business enterprise,” he said. “As a Maryland-based small business, we believe UMUC offers what we need.”
Cross-training individuals from noncyber disciplines to become cyber warriors has proven to be one of the challenges, acknowledged Dr. Loyce Pailen, associate professor and associate provost, Office of Instructional Services and Support, UMUC. For those without IT backgrounds, new terms and technologies are difficult concepts to grasp, she said.
“It is making sure that they understand the level of detail and how much depth they need to go into to understand some of these topics,” Pailen said. “I think it is working out well in my class because the main thing is to have the students ask. If they are concerned about the level of detail or the depth that they need to go into for a particular topic, I can provide that assistance for them.”
Dr. Alan Carswell, chair, Information and Technology Systems, and collegiate professor at UMUC, echoed his colleague’s sentiment, saying the “geek factor” can get a little bit powerful and intimidate some of the non-technical students.
“The nontechnical people just have to work a little bit harder — that is just sort of the nature of the beast,” he said. “Students who are motivated, I think, would appreciate the effort that they put into it and how much they get out of it just by pushing into it. I think we get students who are really interested in the subject and they are not just looking to get a credential. They really are interested in the subject of cybersecurity and they get excited about things that are relevant to them.”
But will solving the manpower crisis by filling the ranks with newly credentialed cyber experts actually address the cyber issues the United States faces? Luti said he believes it is at least a first step on the path to a solving the shortage of cyber professionals.
“In this space, really smart people empower the underlying technology,” he said.”The sooner we establish and support education and training curricula throughout our academic institutions, the better able we’ll be in defending those networks.”
Pamela Warren, cyber crime strategist and director of the public sector and telecom initiatives at McAfee, Inc., said cyber schools are one way to “raise” the future workforce. However, the availability of schools and content should be in parallel with an incentive to enter the field, she added.
“Book knowledge does not replace practical knowledge,” she said. “The threat landscape, and the technology to address it changes so swiftly that book knowledge in one period of time does not ensure the operational knowledge to make the best, most-informed decisions.”
Despite the oft-reiterated mantra of the urgent need for more cyber warriors, some experts say recruiting more cyber talent is a quixotic solution and far from a panacea to the problem. Aaron Barr, CEO of HBGary Federal, said while cyber schools are important, a deluge of cyber warriors is not a solution. He insists there is already an adequate number of cybersecurity professionals today to make a difference; however, the right technologies and processes to use those individuals have not been implemented.
“It’s a common solution to complex problems, similar with what we did with the economic crisis — it is easy to throw more resources at a problem that we don’t necessarily understand well or understand how to develop point solutions,” Barr said.
Instead of more people, he said, what really are needed are better processes and better-implemented integrated technologies, communitywide knowledge management solutions, and much better information sharing and collaboration
Adding more people will have some positive effect, but in the sense that more people will be still be working “in the same inefficient environment with the same barriers that keep us from developing better national security solutions today,” Barr said.
But at UMUC, von Lehmen and Carswell hold a positive outlook on cyber education and solving what they perceive is a manpower crisis.
“From everything that we read and hear, this is a deep and urgent workforce need,” von Lehmen said. “As we look out, we think this is going to be a long-standing area of need and therefore of opportunity for graduates in these fields.”
“If anything, I wish we had the capability to double our capacity in terms of meeting the needs out there. People are clambering — some company’s growth is limited by the number of professionals that they can bring online. … Every indication that I have is that there is a bright future for cybersecurity education.”