Senate field hearing addresses cyber workforce shortage
- By Zach Noble
- Sep 04, 2015
Editor's Note: This story originally appeared on FCW.com
With the Great Plains as an unlikely setting, cybersecurity experts gathered and took stock.
The issue is not technology, they agreed, because that was racing ahead whether they liked it or not. The issue was training young people to someday be the guardians of that technology.
Sen. John Thune (R-S.D.) hosted an on-the-road hearing of the Senate Commerce, Science and Transportation Committee at Dakota State University on Sept. 3, with a focus on cybersecurity training.
"Federal agencies need help, especially when it comes to improving their own cybersecurity practices," Thune told the assembled experts and students at DSU.
The university has a robust cybersecurity program, supported in large part by CyberCorps scholarships funded by the National Science Foundation. The scholarships promise paid tuition, generous stipends and guaranteed post-graduation employment with federal, state, local or tribal agencies.
But that's not enough, the hearing participants said.
Jeremy Epstein, director of NSF's Secure and Trustworthy Cyberspace program, noted that the nationwide deficit of trained cybersecurity experts -- in the private sector and the government -- is expected to reach the millions in the next few years.
"You're all going to be employed when you graduate," he told to the students.
Josh Pauli, director of DSU's CyberCorps Scholarship Program, said CyberCorps funding represents less than 0.5 percent of NSF's budget each year, and he urged the agency to increase its commitment.
"What we're dealing with mostly is a people shortage," he said. "We have everything in place needed to fix this."
DSU is able to award scholarships to only 10 students a year out of 700-odd students. But Pauli said 25 qualified for the scholarships each year and another 25 would be qualified for government work.
"Think of a funnel," he said. "What we need to pop out of the end of the funnel is a higher quantity and higher quality of graduates. We don't need anything else."
He cited the GenCyber summer camps run by NSF and the National Security Agency as a valuable investment. The camps seek to introduce middle school and high school students to cybersecurity.
"We need to expand GenCyber," Pauli said. "Widen the funnel, dump more kids into the top when they're 10 and 12 years out, so when they pop out at 23 they're ready."
And once those kids are freshly graduated and ready to work, the federal agencies must ensure that they'll actually make it onto Uncle Sam's payroll.
Pauli lamented the dismal federal hiring process, saying many of his former students go to the private sector after getting no response to their USAJobs applications.
"They don't hear anything for six months" after applying for a federal job, Pauli said. The calculation that leads them to the private sector becomes inexorable, and they say, "I haven't heard anything and I need a job."
As the Internet of Things brings ever more vulnerabilities and American industry becomes increasingly dependent on the Internet, connecting Pauli's funnel to Washington will only become more important. And cybersecurity concerns will permeate many disciplines and industries.
"I think all STEM education should add a [cyber]security component to it," risk analyst Eric Pulse told Thune.
The Department of Homeland Security might list 16 critical infrastructure sectors, but Kevin Streff, chairman of DSU's Cyber Operations and Security Department, said only two truly matter: energy and IT. All the other industries depend on those two.
And as threats proliferate -- "What today's nation state can do, tomorrow's teenage hacker can do," Epstein said -- the students in the DSU auditorium and thousands like them nationwide could potentially turn the tide of the ongoing cyber war.
"There are a lot of bad people out there who want to do a lot of bad things," Thune told the students. "We just want to make sure all of you play for the good guys."
Zach Noble is a former FCW staff writer.