By Jonathan Sholtis
U.S. federal agencies have increasing concerns about cybersecurity -- and rightly so. Recently, the Department of Defense faced criticism about its preparedness for a cyber-attack. A December 2016 report from the Office of the Director, Operational Test and Evaluation stated: “DOD personnel too often treat network defense as an administrative function, not a war fighting capability. Until this paradigm changes…the Department will continue to struggle to adequately defend its systems and networks from advanced cyber-attacks.”
While critical feedback can sometimes be warranted and even beneficial to drive improvement, this characterization does not reflect current efforts.
Both former Defense Secretary Ash Carter and current Secretary James Mattis have been explicit in their view that cyber is a key part of our national defense and should be classified as part of the war-fighting domain. The likely elevation of U.S. Cyber Command to combatant command status will put it on equal footing with commands like U.S. Central Command and U.S. Special Operations Command, clearly advancing cybersecurity as a priority for DOD leadership.
The critique of the DOD also overlooks their focus on providing specialized cybersecurity training. These efforts are taking people already drawn to public service and shaping them into the cyber experts needed to help secure our military and protect our country. It takes an investment of time, training and testing to build a battlefield-ready military force, and the same is true for a fully-fledged cyber force. Why is there a different expectation for cyber warriors to enter the DOD battle-ready?
Fortunately, the time necessary to create a steady stream of cyber talent can be shortened considerably with well-crafted private-sector partnerships. CSRA’s Cyber Institute is one of a growing number of such efforts. Its largest active cybersecurity training program is with the Defense Cyber Investigations Training Academy, which trains close to 15,000 DOD personnel each year, and the curriculum aligns to the National Initiative for Cybersecurity Education and the DOD Cybersecurity Workforce Framework.
This sort of rigorous training, combined with the ability to leverage knowledge from experienced civilians and contextualize their cyber knowledge in a framework that is relevant to military operations, can prepare the DOD’s cybersecurity teams for the most challenging of cyber-attacks.
Many federal agencies believe that finding cybersecurity talent is a difficult challenge. After all, in a field where talented cyber engineers can make more than three times the federal pay scale in the private sector, what incentives would compel them to choose public service? Yet there are ways to address this issue.
Last November, for example, CSRA opened the Integrated Technology Center in Bossier City, La. This state-of-the-art IT facility was designed exclusively to help solve the federal government’s most difficult technology challenges and combat the continual threat of cyber terrorism. And by partnering with nearby Louisiana Tech University -- home of the first four-year cyber engineering degree program in the country -- ITC helps to enrich student curriculum with real-world knowledge and hands-on experience. Such partnerships can support job creation, create educational opportunities and cultivate a pipeline of cyber talent to ensure we meet this growing demand.
As debate continues over DOD’s cyber capabilities, a paradox continues to unfold: Some people expect the Pentagon to be solely responsible for the security and defense of all U.S. networks, but also criticize them for lacking cyber preparedness. But throughout our nation’s history, the ability to protect our citizens and vital resources has relied on collaborative efforts -- not only between government agencies, but also between the military, civil society and the public and private sectors. Current threats in the cyber realm are no different and deserve a similar unified front.
To truly combat tomorrow’s cyber threats, we must take a multi-pronged approach that integrates education, professional training, and collaboration. Let’s start by nurturing cyber education and training as early as possible. We also need to ensure that cyber training is part of a life-long development process for IT professionals.
Lastly, we must leverage existing public-private partnerships while fostering cooperation between the DOD and other government agencies. Only then, with all of these building blocks in place, will we have the resources needed to deploy truly comprehensive and effective cybersecurity.
No comments:
Post a Comment