Our nation is under attack. Every day, thousands of entities – private enterprises, public institutions and individual citizens—have their computer networks breached, their systems hacked and their data stolen, degraded or destroyed. Such critical infrastructure impacts the cyber-sanctity of our banking system and electric power grid, each vital to our national security. We believe systemically developing more skilled cybersecurity defenders is the essential link needed to protect our nation from ‘bad actors’’ who would exploit our vital systems.
The president has promised to sign an Executive Order calling for a government-wide cybersecurity overhaul. We implore him to address the most critical component of that infrastructure: The significant shortage of skilled cyber professionals who defend us from these attacks.
In its latest global survey, the Information Security Certification Consortium (ISC²) projects a cybersecurity talent shortfall of as much as 1.8 million professionals by 2022. This shortage in skilled cybersecurity professionals means that all data and digital systems are at risk. Closing the cyber talent gap will require sustained and concerted efforts of government, the private sector, and educational institutions at all levels.
In our view, it starts and ends with education. This means continuing support for science, technology, engineering and math (STEM) programs, starting at the K-12 level but with emphasis on cybersecurity. Just as there is a shortage of skilled cyber defenders, there is a concomitant shortage of cybersecurity teachers. If we expect to improve the quality and quantity of the cyber workforce, we will need many more of them.
Our nation’s institutions of higher learning may be the most important element in a cyber workforce strategy. Traditional college majors such as computer science and electrical engineering may include cybersecurity skills development, but cybersecurity is not typically viewed as a discipline in its own right. The federal National Initiative for Cybersecurity Education’s (NICE) Cyber Workforce Framework, as well as curriculum guidelines promulgated jointly by the National Security Agency and the Department of Homeland Security, have provided a great foundation for teaching cybersecurity courses but for the most part each college or university is left to translate the guidelines into their own courses and curriculum.
The state of Florida has created an innovative way ahead. Three years ago, Governor Rick Scott and the state legislature established the Florida Center for Cybersecurity (FC²), at the University of South Florida, to harness the cybersecurity capacity and intellectual energy of the 12 public universities of Florida’s State University System (SUS). This center has successfully partnered with the private sector, tapping into a wealth of cybersecurity talent by creating pathways for veterans leaving the military to begin new careers.
The private sector should not wait for the “invisible hand” of the labor market to eventually increase the supply of cybersecurity black belts. With sufficient privacy and intellectual property protections, cybersecurity firms should share their expertise with students and faculty and each other.
It will take federal leadership, starting with the president, to mobilize the nation to develop the skilled cyber workforce we so desperately need. We urge the president to consider addressing the nation’s critical shortage of cybersecurity professionals in his promised executive order.