I’m privileged to lead a group of Intel Security leaders to the annual Aspen Security Forum this week. This event is among the most prestigious gatherings of its kind. Dozens of government leaders, tier one journalists, and private-sector companies like ours connect in Aspen each July to discuss the most pressing national security issues facing the United States. The candid, diverse and direct discussions cover a broad array of topics of concern to our industry and yield helpful insights both to our team and the officials we meet.
I’ll be participating on a panel discussing the role of cybersecurity in our national security apparatus. CNN Justice Correspondent Evan Perez will moderate the discussion, and I’ll be joined on the panel by Assistant Attorney General for National Security John Carlin, Michael Daly of Raytheon, and Vinny Sica of Lockheed Martin.
While there are many issues of concern, I look forward to discussing the global cybersecurity talent deficit, and the potential national security ramifications of failing to address it.
The Looming Cyber Workforce Shortage
Not everyone may be willing to define thousands of unfilled tech jobs as a national security crisis, but we are. This week, the Center for Strategic and International Studies (CSIS) released a report supporting our assertion. It surveyed public and private IT decision makers on the quantity and quality of cybersecurity professionals in Australia, France, Germany, Israel, Japan, Mexico, the United Kingdom, and the United States.
The study reveals a global cybersecurity skills shortage, and it is allowing malicious actors to inflict real, quantitative damage to public and private interests alike.
Eighty-two percent of all survey respondents report a shortage of cybersecurity skills. Seventy-one percent say the talent deficit has hurt their organization. One in four blame it directly for data loss and reputational damage.
Whose problem is this? Public and private entities, including institutions of higher education, share blame for not doing enough to sync the supply of cybersecurity skills with soaring demand. In our survey, three out of four respondents criticized their governments for inadequate cultivation of cyber talent.
These decision makers fault colleges and universities for failing to develop and market attractive cybersecurity coursework. They view the standard four-year college degree as insufficient, and praise the value of hands-on experience, including gaming and hacking exercises.
A National Security Crisis?
Countries lacking the human beings to adequately protect their most vital data, national secrets, financial markets, and ground-breaking intellectual property are unlikely to be economically competitive with those nations who can. But, beyond the economic implications of the shortage, consider the billions of connected devices coming online throughout the critical infrastructure that increasingly run our world.
From train systems, to water utilities, to smart power grids, to first responder communications, as the Internet of Things becomes ubiquitous, digital attacks now threaten physical damage. If we do not address the shortage of cybersecurity professionals soon, nations could find themselves unable to maintain adequate cybersecurity postures to protect and defend their critical infrastructure.
Automation and Unpredictables
The survey reveals across-the-board confidence that automation technology solutions will prove up to the task of mitigating ongoing cybersecurity threats. It’s true that the next phase of the cybersecurity era will redefine the symbiotic relationship between automated solutions and their human managers, analysts, and decision makers. The incoming cybersecurity workforce will adapt to increasingly automated environments, from “human in the loop” to “human on the loop” processes.
Moving Forward with Solutions
This week in the Rockies, we expect to hear sober talk from America’s best and brightest about encryption, ISIL threats, spyware, foreign espionage, extremist propaganda, and more. All well and good. Having enough smart, discerning professionals on deck to manage these issues, however, is just as pressing a concern. It should, in fact, be near the top of the list.
The CSIS survey delivers a clear call for more public investment in cyber education by higher education institutions – and more ongoing learning programs for private sector workers. While the private cybersecurity industry continues to innovate, our expertise shortage is an essential national security challenge that cannot be solved in the private sector alone.
Just as we have in past conflicts, government and private industry must collaborate, set priorities together, recruit talent, and seriously invest in skills development to address the cybersecurity workforce shortage facing our nation.
Fore more, watch ‘Cyber’s Role in America’s Security Arsenal‘ panel with John Carlin, Assistant Attorney General for National Security, Evan Perez, Justice Correspondent, CNN, Vinny Sica, Vice President, Defense and Intelligence Space Ground Solutions, Lockheed Martin, Michael Daly, Chief Technology Officer, Cybersecurity and Special Missions, Raytheon and myself.