Desperately seeking cyber skills

Efforts to recruit young people into government cybersecurity roles could benefit everyone.

These days, not all new recruits to national defense need to drop and do a hundred one-armed push-ups on the command of some sadistic drill sergeant. Computer security is as important to protecting the country as physical security, and Uncle Sam wants you even if you’re spindly and asthmatic — that is, if you have the cyber skills.

The U.S. Cyber Challenge is one of the key recruiting efforts for the next generation of cybersecurity leaders. Led by the Center for Strategic and International Studies, a Washington think tank, the competition seeks to find 10,000 young Americans with the skills to be cybersecurity practitioners, researchers, guardians and cyber warriors. Participants will get training, recognition and a chance to win scholarships.

The Defense Department’s Cyber Crime Center, the Air Force Association and the SANS Institute are all involved with the challenge, which is aimed primarily at high school students.

Experts say there is an urgent need to expand the federal cybersecurity workforce. The Partnership for Public Service and Booz Allen Hamilton recently released a report that states that the government will be unable to combat cyber threats without “a more coordinated, sustained effort to increase cybersecurity expertise in the federal workforce.” The report adds that the “pipeline of potential new talent is inadequate.”

Those are chilling words when you consider that experts estimate hackers are trying to break into or otherwise disrupt U.S. government computers millions of times every day. The attempts usually fail, but a recent round of attacks used an old-fashioned, distributed denial-of-service strategy to temporarily disrupt Web sites at several agencies.

The Obama administration’s cyber administrator, a position created to oversee cybersecurity and other information technology policy issues in the government, will not be enough to meet the needs, said Max Stier, president of the Partnership for Public Service.

"If we don't have a federal workforce capable of meeting the cyber challenge, all of the cyber czars and organizational efforts will be for naught,” he told the Associated Press.

The challenge could be a good thing for the government and talented but bored kids, said Wesley McGrew, at the McGrew Security blog.

McGrew posted a screen shot of a message from a hacker who was upset that while he was trying to steal passwords from other computers, he received an unsigned note through the file-transfer program he was using, letting him know that someone was on to him.

The hacker wrote: “im [sic] sick of being hacked ive [sic] done nothing wrong expect [sic] steal about 200 passes.”

“Maybe in the near future,” McGrew mused, “activities like the U.S. Cyber Challenge will get people like this on a productive path before they wind up getting into trouble.”

Leila Brillson, writing at Switched.com, agreed. “If you ask us, the government's on to something here,” she wrote. “Not only do these projects promise to protect our government, but they could also bring young, would-be hacker computer geniuses over from the dark side.”

Rob Enderle, writing at blog “Dark Reading,” laid the blame for the shortage of cybersecurity professionals at the government’s feet.

“Obama laid out a strong, five-point cybersecurity plan that included a substantial education program designed to keep pace with technology, and to attract, and retain, the experts needed to protect the nation from these very real threats,” Enderle wrote. “It sounded serious. It sounded like this time there would be results. It sounded like this president understood the threat and was going to move against it. Unfortunately — as is often the case — politics got in the way, and the end result was largely status quo: U.S. citizens and businesses remain largely unprotected by the government that was supposed to serve them.”