As the need for cybersecurity intensifies, education is a top priority, according to a report published in April by the Institute for Critical Infrastructure Technology, a Washington, D.C.-based nonprofit.
The Bureau of Labor Statistics projects information security analyst employment is growing much faster than the average occupation, showing an 18% increase between 2014 and 2024. In fact, a 2015 report from the market research firm Frost & Sullivan predicts a talent shortfall of 1.5 million for the cybersecurity industry by 2020.
“We see this as an opportunity to attract young talents in the security area,” said Mengjun Xie, associate professor in computer science at University of Arkansas at Little Rock and director of the Center for Academic Excellence in Cyber Defense Education.
Xie is also adviser of the school’s Cybersecurity Club, which sprung from the group’s participation in the National Collegiate Cyber Defense Competition four years ago.
Cybersecurity experts are very specialized, he added. Extensive training, in addition to real-world experience is required.
“In the next decade we need millions of people. Demand will create millions of job positions, and our education system cannot meet that kind of demand,” he said.
At the same time, he said organizations and colleges are taking initiatives to create programs to address the issue.
CyberPatriot, created by the Air Force Association, aims to inspire K-12 students toward careers in STEM (science, technology, engineering and math), especially cybersecurity. It runs summer camp programs and the National Youth Cyber Defense Competition for high school and middle school students, in addition to cyber education initiatives for elementary children.
GenCyber, funded by the National Security Agency and the National Science Foundation, also offers camps for high school and middle school. The National Institute of Standards and Technology’s National Initiative for Cybersecurity Education is a partnership among government, private sector and academia that focuses on curriculum creation, which can be tricky given the fast-changing nature of the subject, according to ICIT.
Though he’s encouraged by the national efforts, Xie would like to see more programming on the state and local levels.
“Arkansas is really behind the average.”
There is no recent BLS data on employment of information security analysts in Arkansas, because it was one of two states that didn’t report data on the subject in May 2016.
Xie said UA Little Rock lacks the resources, i.e., faculty, to offer a cybersecurity bachelor’s degree program, but he thinks that would be beneficial. Demand is there, said Xie, who as a cybersecurity experts is approached by a number of businesses and programs. Now, UA Little Rock offers a minor in information assurance, which standing alone is not adequate training for a career in the field.
“You cannot expect them just to take a few courses and become a professional,” he said.
Xie is making efforts to improve education. Last year, he was awarded a $276,000 grant from the NSF to develop a cloud-based platform for security education and research using OpenStack. The platform will offer a wide variety of learning modules for varying knowledge levels.
Ron Darbeau, dean of the College of Science, Technology, Engineering and Mathematics at the University of Arkansas at Fort Smith, believes a greater focus on diversity can help the cybersecurity talent gap. As in the rest of STEM fields, the cybersecurity talent pool is primarily white and male.
“We need to be farming minorities and girls” for this industry, starting at an early age, and “combating implicit bias” at every level, including within the individual, Darbeau said.
Cybersecurity represents one of the biggest problems plaguing society, as it “threatens national, academic and personal security,” he added.
“What I like about this nation is that it is a nation of problem-solvers. We sent a man to the moon,” he said. “It’s just a matter of awareness and intention. We need to be bold and deliberate.”
SECURITY A BASIC TENET OF CODING
Including cybersecurity as a key fundamental under the computer science education umbrella is an important step to take in terms of creating more secure systems in general, Xie said, so that “It’s not only about coding. It’s about how to make that code secure.
“It’s just like you build a car. It needs to undergo rigorous testing before you take it out on the road,” Xie said.
The risks associated with cybersecurity only increase as the internet of things (IoT) becomes more prevalent, experts say.
“There are so many important physical infrastructures, not just computers, that can be affected,” including the power grid and dams, for example, whose control systems are connected to the internet, Xie said.
Speaking directly of the recent WannaCry ransomware attacks that hit an estimated 200,000 Windows computer systems, Xie pointed to the vulnerability of the medical care industry. Another facet of cybersecurity education is to raise awareness within various industries and also the general public and to encourage best practices across the gamut of electronic device use.
As individuals buy “smart” appliances and other systems, they need to ensure they are taking the same security measures and precautions with those devices as they do with their smartphones and computers, including keeping software up to date, Xie said.
Security options are improving, and many breaches occur when the operator doesn’t follow instructions, never logs off the system, or doesn’t have a strong, secure password, he added. Businesses are laying out better protections, Xie said. Policies that regulate the way employees store and access data on the company network and protect them from access to certain internet sites can reduce the risk of a hack.