Oct. 29, 2015 —
Q: How prepared is the nation for the growing cyber threat against not just national security systems, but critical infrastructure and the economy?
Overall, the nation is not well prepared for the present and future cyber threat. Certain pockets within government and industry have deep expertise, but not in sufficient numbers. Various studies show that the number of skilled cybersecurity experts needed to meet the nation's demand is 600,000+ positions and growing. The output of academic degree programs and professional certification programs is not meeting the growth of the existing or predicted future demands. As a result, it is a "sellers' market"; people with the skills are in high demand and can negotiate for higher salaries and benefits. Luckily for NSA, many people stay because we have very interesting problems to solve in cybersecurity that can't be done elsewhere.
Q: What is NSA doing to help prepare the next generation for the growing cyber threat?
NSA has programs addressing the need for cybersecurity expertise at several levels. We have the College of Cyber within the National Cryptologic School, to provide cyber-related education and training needed by our present workforce. The demand from the NSA/CSS workforce grows by about 50 percent each year.
We have the National Centers of Academic Excellence in Cyber (two-year, four-year, graduate and research programs in cyber defense, and four-year and graduate programs in cyber operations) that get colleges and universities involved in providing curricula to educate tomorrow's cybersecurity workforce. Currently, 191 colleges and universities have been designated as one of these schools, and that is still not enough to meet the growing demand.
And we have the GenCyber program, which intends to help grow and develop the cybersecurity workforce for the "day after tomorrow," by increasing the interest in cybersecurity among middle and high school students through sponsoring cybersecurity-focused summer camps at colleges and universities around the country. In 2015, we sponsored 43 camps at 29 universities in 18 states that involved approximately 1,400 students and 300 teachers who will hopefully integrate what they learned into their school curricula this coming academic year.
Q: How is STEM education a national security issue?
STEM is the foundation of cyber. The products and systems of the future will be built by the computer scientists and engineers of tomorrow. A strong foundation in STEM with the appropriate understanding of cybersecurity is needed to make those future systems more secure. These are systems that are pervasive in our work and personal lives; work systems – in both government and industry; critical infrastructure systems in all sectors (e.g., energy, transportation, finance); on-line shopping systems; home banking systems; home automation systems; systems in our cars; our personal communications systems (cell phones, tablets, mobile devices); and everything that will eventually be envisioned and connected to the internet of things, and for what has not even been envisioned yet – so that security is a design principle and not an inexpedient afterthought.
Q: How equipped are teachers in America to train and educate students in cybersecurity?
We need many more teachers with the appropriate knowledge to teach cybersecurity at the grades that they teach. Students should get exposed to cybersecurity, at least to provide sufficient awareness so they can keep themselves safe on-line, as soon as they start using cyber systems. The vast majority of the school systems in the country, from K-12, do not have the teachers or facilities to provide even this fundamental awareness to the students that they serve (or are not serving) in this area.
Q: Where do you see cybersecurity careers headed in the next 20 years?
Career opportunities in cybersecurity are going to continue to grow into the foreseeable future. As the number of systems grows, as the number of devices grows, as the number of users grow, as new technologies are created and adopted, they all exacerbate the problem. Each contributes to increasing complexity, or providing new avenues for adversarial attack. Thus, the problem continues to grow, and the workforce to address them has to grow in expertise and in numbers.
Q: What does the growth of cybersecurity careers mean for NSA? For the Intelligence Community?
Cyber is now a major – and growing – component of the NSA and the Intelligence Community (IC) missions. NSA and the IC will need increased numbers of cybersecurity professionals in the future. Cyber will continue to grow around the world and we will need the workforce sufficient and capable to take advantage of that. We need to increase our investment in the education and training of our existing cyber workforce. We need to increase our investment in the education and training of the future cyber workforce. To do this, we need to evolve our education and training activities constantly; to provide the right learning opportunities, to the right people, at the right time, and in the right form.
Q: How does America compare to other nations in terms of cyber education and preparedness?
Fortunately for us, and unfortunately for the rest of the world, we are at the forefront of cybersecurity education. We started the National Centers of Academic Excellence (NCAE) program in the late 1990s. We've had great success in getting 191 schools providing curricula in some aspect of cybersecurity. At a cybersecurity symposium this past June, Dr. Ray Vaughn, the Vice President for Research at the University of Alabama – Huntsville, stated that without the CAE program cybersecurity education in the U.S. would not be anywhere near what it is today.
But, there is still a long way to go. We have to increase the numbers of schools that are providing cybersecurity curricula, and the numbers of students that are going to university to study cybersecurity. Addressing the numbers of students starts early, in elementary school, before students "turn off" to STEM. Studies show that many students turn off to STEM before they even reach high school, and once they do, it is almost impossible to get them back.