Editor’s Note: University of Maryland University College (UMUC) Global Media Center launches its coverage of National Cybersecurity Month with an article by Dr. Emma Garrison-Alexander, which is reprinted here in its entirety from the current issue of the UK-based publication “Cyber Security Practitioner,” retaining its original British conventions of spelling and editorial style. Learn more about this publication at the article’s conclusion. The image used on the cover graphic and within the article is credited to Evstratov / Unsplash.com.
Until recently, cyber security was mainly discussed and dealt with in the domain of technical professionals working in information technology, computer science and engineering. Today, it has emerged from this select group into the clear view of the public worldwide. The cyber security threat is greater than ever given the proliferation of smart phones, tablets and computers, all interconnected via the internet, as well as the growing popularity of connected home security systems, thermostats, appliances and vehicles. Even those working in critical infrastructure sectors, such as health care and public health, ﬁnance and transportation, now recognise that the cyber threat extends to their business areas. Technological advances around the Internet of Things (‘IoT’), mobility, cloud computing and data analytics, are transforming the landscape, with companies and organisations fast recognising the need for highly skilled professionals to ensure the protection of their assets and data.
The Target Corporation breach in 2013 brought the cyber security threat to prominence. It affected more than 70 million customers, not only having a negative impact on the proﬁts of this second largest discount retailer in the US, but also in making the threat real for the average person going about their daily life. The ensuing US Office of Personnel Management (‘OPM’) breach in 2015 that affected 20 million personnel, in addition to the WannaCry ransomware attack in 2017 with its worldwide impact, further prompted corporations, governments and individuals to be aware and take protective actions.
Sustainable solutions start with education
When it comes to hiring the best and brightest in the cyber security ﬁeld, competition is ﬁerce and the demand great. According to Cyberseek, in the US alone, we see a demand for more than 280,000 cyber security professionals. Meanwhile, the ‘Information Security Workforce Study’ by ISC1, reports that by 2020 the global demand will have expanded to 1.8 million2.
Cyber crime and data breaches are not going away. The adversary is relentless – primarily motivated by ﬁnancial gain3. Based on personal experience as a former Chief Information Officer, current Vice Dean of Cybersecurity and Information Assurance at University of Maryland University College (‘UMUC’) and as a scholar-practitioner in the ﬁeld, I see clearly that as more systems and devices become reliant on the internet, the current threat landscape will continue to grow. Having also served on the OPM ‘Tiger Team’ that developed the ‘Federal Cybersecurity Workforce Strategy,’ a plan of government-wide actions to advance the Federal Government’s ability to recruit, develop, and maintain a pipeline of cyber security talent, I understand that the need to develop cyber security talent at an accelerated pace is vital to national security.
A recent study by the National Cyber Security Alliance addressed the talent shortfall in the global cyber security industry, ﬁnding that the lack of even a basic awareness of potential opportunities in the ﬁeld was a fundamental problem4. Most students learn about careers in the ﬁeld during their formative high school years and, unfortunately, many do not receive any insight into how to pursue a cyber career. Student knowledge of the cyber security ﬁeld and exposure to those in the profession is lacking. Often those who are interested have not obtained the requisite skills to enter this ﬁeld of study; addressing education and workforce development is one of the key pillars of a secure cyber domain. Creating an educational environment that builds awareness and develops student interest in cyber security careers from an early age will help build the foundation for a robust talent pipeline.
But how do we build and sustain a talent pipeline of cyber professionals who are trained to effectively combat the growing threat of cyber crime? Colleges and universities are at the forefront of educating current and future cyber leaders. Through partnerships with elementary, middle and high schools, grades K-12 (and corresponding levels/years of study globally), the learning process starts well before a student’s college journey begins. In the US, institutions of higher learning that have been designated Centers of Academic Excellence5 in Cybersecurity and Information Assurance by the Department of Homeland Security (‘DHS’) and the National Security Agency are required to collaborate with K-12 students and teachers to ensure that interests are met and opportunities are made available to this population.
At the higher education level, we must make sure that cyber security education becomes part of other degree programs, such as human resources, health care, management and accounting. Interdisciplinary approaches are necessary to fill skill gaps and meet workforce needs. At UMUC, we view cyber security holistically. For example, we offer a cyber security technology program, cyber security management, policy and digital forensics program and a cyber investigation program. We recognise that cyber security is not just a technology problem, but multidisciplinary. Technology professionals do not work on a problem in isolation and then hand it over to the policy group, the legal team and to human resources. They must all come together as one multidisciplinary team to work on the problem and develop a comprehensive integrated solution.
The role of government in promoting education for a cyber pipeline
In the US, the Federal Government plays an important role in cyber education. The Cybersecurity National Action Plan (‘CNAP’) was implemented in 2015 to develop a strategy to ensure that citizens, businesses, governments and society as a whole have the tools, processes, technology, funding and education needed to protect their information and privacy6. The CNAP recognises the need to build a pipeline of professionals at the earliest opportunity. As part of the plan, the ‘Computer Science for All’ initiative for example, targets K-12 students across all 50 US states, giving students the opportunity to learn computer science.
Moreover, the DHS and the National Institute of Standards and Technology (‘NIST’) of the US Department of Commerce are spearheading these efforts to ensure a strong pipeline of future cyber security leaders. The DHS, for instance, has partnered with non-profit organisations; K-12 schools, universities and state school boards, to help incorporate cyber security concepts into our classrooms. For the past four years, the DHS has partnered with the National Integrated Cyber Education Research Center (‘NICERC’), a non-profit academic development centre to provide K-12 cyber security curricula and hands-on professional development for teachers. Through a grant, the NICERC has helped get cyber security thinking to more than 15,000 teachers, impacting 820,000 students in 42 states.
The National Initiative for Cybersecurity Education (‘NICE’) led by the NIST is a partnership between government, academia and the private sector. It works to promote cyber security education, training and workforce development by coordinating with government, academic and industry partners to build programs that help increase the number of skilled cyber security professionals.
Protecting a world where commerce, finance, healthcare, infrastructure, communication and transportation are all internet-enabled, requires the collective resources of industry, government, academia and others working in concert to combat a cyber threat landscape that continues to grow in size and sophistication. For decades we have acknowledged the problem, but today we are fast approaching a critical point where we must act across a broad front to secure our cyber systems and maintain the trust of those using them. Although there are many players, complexities and nuances that impact cyber security, we must acknowledge that education is the key common ingredient in any cyber solution that will provide what is needed now and for the long-term.
About Emma Garrison-Alexander
Prior to her role as vice dean, Emma Garrison-Alexander was chair and assistant collegiate professor of UMUC’s Cybersecurity Program, and an adjunct faculty member for the Cybersecurity Policy Program.
Garrison-Alexander has served as the assistant administrator for Information Technology (IT) and chief information officer (CIO) for the Transportation Security Administration (TSA) under the Department of Homeland Security (DHS). There, she led TSA’s IT organization with an annual budget responsibility of $400 million.
Before joining TSA, Garrison-Alexander served for 25 years with the National Security Agency. She holds a Bachelor of Science in Electrical Engineering, a Master of Science in Telecommunications Management and a Doctor of Management in Technology and Information Systems.
About Cyber Security Practitioner
The most recently launched monthly publication from Cecile Park Media, Cyber Security Practitioner provides a multi-disciplinary view on the cyber security challenges facing global businesses and delivers insight into operational change. This publication brings together the technical, business and legal issues relating to cyber security and provides valuable insights into how the top global businesses are operationalising the legal and regulatory requirements shaping cyber security.
Cyber and data security remain a serious challenge for global businesses with the potential to damage reputations and customer trust, and result in sanctions from regulators.