The now-dead Cybersecurity Act of 2012 included provisions to beef up a federal workforce of experts to defend against cyberattacks. But it's not too late. Wisely, federal agencies are not waiting for legislation to build their cyber geek squads. Still, more steps must be taken.
James Brooks, Kodiak Daily Mirror/AP
Finding enough qualified men and women to protect America’s cyber networks stands as one of the central challenges to America’s cybersecurity. Even in the computer age, people are essential. In the field of cybersecurity, they are also lacking.
Cybersecurity breaches cost America billions of dollars a year. Meanwhile, cyberattacks on America’s critical infrastructure increased 17-fold between 2009 and 2011. To defend the cybersecurity of both private businesses and government agencies, it is time for a serious geek surge.
Right now the lack of qualified cyber experts is hamstringing US efforts to secure cyberspace. Last month, Jeff Moss, a prominent hacking expert who sits on the Department of Homeland Security Advisory Council, told a Reuters conference, “None of the projections look positive… The numbers I’ve seen look like shortages in the 20,000s to 40,000s for years to come.” A study earlier this year by industry group (ISC)2 found that 83 percent of federal hiring managers surveyed said it was extremely difficult to find and hire qualified candidates for cybersecurity jobs.
In 2009, the Department of Homeland Security announced plans to recruit 1,000 cyber professionals in the next three years. As of 2011, DHS had only managed to hire about 260. “We need analysts. We need people who are engineers. We need people who are experienced in intelligence as it relates to the cyber-universe,” Secretary of Homeland Security Janet Napolitano recently told CNN.
Congress just missed an opportunity to help solve this problem. The now-dead Cybersecurity Act of 2012 included a federal cyber-scholarship-for-service program and continued training for federal employees working on cyber issues. The bill also would have helped build clearer and more rewarding career paths for cyber experts employed by the federal government. And it would have established national and statewide competitions to help identify and recruit cyber talent for the next generation.Such programs would be both valuable and politically uncontroversial, and they merit inclusion in any future cyber legislation.