US Must Increase Pipeline to Face Cybersecurity ‘Cold War’

The U.S. may be facing or even in the midst of a cybersecurity “cold war,” said Dr. Mark Hagerott, chancellor of North Dakota University System, at a West Governors’ Association event entitled, “Solving the Cyber Workforce and Skills Shortage.”

On the heels of the White House kicking out 10 Russian diplomats in retaliation for cyberattacks, cybersecurity experts today pointed out the need to ramp up the industry workforce and educational pipeline that feeds it.

“There’s a crisis of getting talent to the ramparts right now,” Hagerott urged, and the U.S. needs to build up this talent to man the defense walls that protect us from such cyberattacks through building up the workforce to meet them.

“This is an epic time, our society and economy are digitizing,” he said, and the “cyber problem” is not going to go away with the future shift to everything running by digital signals. “The show-stopper is the security of these signals” and robust cybersecurity is the only way we can secure privacy and intellectual property in our systems is to take “control of the digital revolution.” 

But building up the currently spotty cybersecurity workforce is the immediate crisis, Hagerott said, not the long-term one that the U.S. needs to meet. And that is having the continuous education and talent pipeline to feed “the regeneration of that workforce.” 

There first needs to be a “standardization” for the common and “interoperable” approaches to cybersecurity education from K-12 into the workforce, said Rodney Peterson, director of the National Initiative for Cybersecurity Education. According to Peterson, the Education Department sees the career awareness begin in elementary school, career exploration in middle school and high school as career preparation – whether the student decides to go into an apprenticeship program, community college or university, or straight into the workforce. 

Yet panelists cautioned looking at it as a “pipeline” that only funneled through in one direction. There has to be multiple ways of being able to come into a cybersecurity career, especially for those who don’t even see it as an option, said Dominique Walsh, program manager of the Closing the Skills Gap apprenticeship program at Cybersecurity Center for Business. As opposed to a Registered Apprenticeship, this industry-accepted apprenticeship program allows people from all walks of life, even high school dropouts, to begin training or upskilling into a cybersecurity career. This program starts people “from scratch” to feed the entry-level roles, she explained, which then feed the top-level talent pools.

Calls for “beefing up” the U.S. cybersecurity efforts through its “quarterback” Cybersecurity and Infrastructure Security Agency have been resounding in the wake of last year’s SolarWinds hack which led to the recent retaliation.

Russia’s “prolific use of cyberattacks on a regular basis” is one of the reasons Dr. Dawn Beyer, senior fellow at Lockheed Martin, pointed out to show the need for the U.S. to beef up its own. Beyer also mentioned other actors like North Korea and Iran’s “sophisticated cyber capability,” which apparently is “exploring military uses…to disrupt [US] missile defense systems” among other defense operational communications. The Chinese military, she added, developed specific cybersecurity offensive and defensive teams dedicated to “coordinating and executing electronic warfare, space and counterspace cyberwarfare activity.”

China, she pointed out, sees US cyber assets as “very vulnerable.” 

In January, Rep. John Katko, R-N.Y., mentioned “the “gigantic disparity” on how much the U.S. invested in its offensive cyber capabilities in comparison to these bad actors. However, it seems CISA has taken momentum. In February, the agency announced a cybersecurity services provider partner in its Enhanced Cybersecurity Services program, global communications company Viasat, which will send out early flags on cyberattacks. More recently, CISA announced its oversight of the .gov top-level domain, as preempted by the DOTGOV Act of 2020 “shifting” it from the General Services Administration to the cybersecurity watchdog.