Yesterday, a group of private and government entities, led by Center for Strategic and International Studies (CSIS), unveiled the U.S. Cyber Challenge, a program aimed at recruiting and training 10,ooo cybersecurity professionals.
The program deemed a “national talent search and skills development” program, brings together several programs under the CSIS umbrella, including the following:
- The Forensics Challenge, a program funded by the US Department of Defense Cyber Crime Center, that is a competition in digital forensics that pushes competitors to uncover evidence on digital media. Think TV crime show for the government. The program, which started in 2006, currently has nearly 600 teams competing.
- The CyberPatriot Defense Competition, run by the Air Force Association, is a high-school competition in computer network defense and security. Competitors assess a network, discover threats, and then respond to the threats while keeping the network running, much likes system administrators across businesses, agencies, and other entities do every day. The program is actually in its second year.
- Netwars Capture the Flag Program, run by the non-profit SANS Institute, focuses on vulnerability discovery and exploitation.
Winners of these programs will be invited to compete in elite national challenges held at the University of Texas at San Antonio, NYU Polytechnic, and other schools.
With this announcement, it seems that the cyberworld has taken a page from their brethren in the robotics space by reaching out to youth to develop the next generation of professionals. The announced programs, while not necessarily new, are attempting to capture the energy of the National Robotics Challenge and the FIRST Robotics Competitions. Conceptually, the program is a great idea. As the Partnership for Public Service found in its report Cyber In-Security, Strengthening the Federal Cybersecurity Workforce, “the pipeline of potential new talent” for federal cybersecurity jobs “is inadequate.” While the report focused on the federal government space, the lack of trained cyber professionals is lagging equally in the private sector and non-profit space.
The U.S. Cyber Challenge folks should also be given a nod for recognizing that cybersecurity is not a narrow field, but requires professionals with various talents and skills. By bringing in one place three programs that hit upon the trifecta of cybersecurity – system administration, vulnerability assessment, and forensics expertise, the program is taking a comprehensive approach to the issue. That is not to say there isn’t room for future expansion that would include other efforts such as building stronger systems, more robust detection sensors, and evaluating cyber offensive efforts – all of which are being done today in both the private sector and government.
If cyber is following the robotics path, it would be interesting to see the federal government, working with the private sector, develop the equivalent of a DARPA Grand Challenge for cybersecurity. DHS, through HSARPA, would be an excellent place to house the program. HSARPA could use a strong and interesting program to rejuvenate its efforts.
While there is a lot of positives with the U.S. Cyber Challenge announcement, the program does some drawbacks. It is not clear, from reading the materials, whether the programs are making concerted efforts to reach out to community colleges, which have mobilized in recent years to lead the efforts to train the cybersecurity workforce. Those behind the programs and at CSIS may want to consider how to better integrate this important group (if they haven’t already).
Also, these programs are not the first attempts to shore up the federal government’s cybersecurity workforce. For years, the government has run the Scholarship for Service and DoD’s Information Assurance Scholarship Program. NSA (later joined by DHS) for years have designated numerous universities and colleges as centers of excellence in information assurance and cybersecurity.
These programs have provided mixed-results to the federal government, with many fantastic candidates finding themselves searching for jobs as they were routinely told they were overqualified or unneeded at agencies. In addition, the pay being offerred to skilled researchers and cyber professionals often is lagging compared to what they could get in the private sector. These issues were all raised in the Partnership for Public Service’s report as needing to be addressed.
In sum, better-trained cyber professionals, developed at a young age, is not a new idea. Attention to the issue has ebbed and waned, often following in the same pattern as our federal government’s prioritization of cybersecurity. Hopefully, the energy and dedication by many in the cybersecurity space will push these efforts forward in a meaningful and (increasingly expansive) manner.