The Pentagon is looking for more geeks to wage
cyberwar. Problem is, they don’t exist — at least not enough of them.
While the Pentagon plans to add 4,000 troops and
civilians to the U.S. Cyber Command, cybersecurity experts say the total need
is much greater. Many people consider themselves cybersecurity professionals,
but as for the truly advanced operators — sometimes called “hunters” and “tool
builders” — there’s a real shortage, said Alan Paller, founder of the SANS
Institute, a cybersecurity training school in Bethesda, Md.
These are the people who can identify cyberattacks
and then quickly build the tools needed to rewrite a network’s defenses,
sometimes several times a day, said Paller, who last summer co-chaired the
Homeland Security Advisory Council’s Task Force on CyberSkills.
There aren’t that many of them in the country and
everyone wants to hire them, he said. “Every other critical part of the economy
also needs the same people: the banks, the power and telecom companies, defense
contractors, civilian and state government, hospitals — the hunger is real.”
The bar is even higher for the Defense Department
and other agencies doing clandestine work, since they need U.S. citizens who
can get security clearances, which shrinks the pool even more, said Ernest
McDuffie, head of the National Initiative for Cybersecurity Education.
Paller estimates the Pentagon has about 2,000 of
these people in place but that it needs a total of about 10,000.
In other areas — whether it’s managers, policy
analysts, auditors, counterintelligence or compliance specialists — DOD may be
overstaffed by as many as 20,000 people, Paller said. But only about 15 percent
of this group has the foundational skills to make the shift to become a hunter
or tool builder, he said.
Workers reaching that level of sophistication need
at least about 5,000 hours of hands-on training, he said.
Meanwhile, U.S. Cyber Command plans to grow from
today’s 900 personnel to 4,900 troops and civilians, The Washington Post
reported Sunday. The military’s effort to increase its cyber workforce is
constrained by budget pressures, but it’s mostly limited by the available pool
of people with the right training and experience to do the more sophisticated
jobs.
The problem has not gone unnoticed on Capitol Hill
and that is certainly amazing.
No comments:
Post a Comment