As Cyber-Attack Threat Grows, Cybersecurity Industry Booms
By Beth Panitz
January 12, 2012
For three days straight the attacks continued. A relentless team of hackers ruthlessly infiltrated the computer network--attempting to steal information, disrupt services, and modify key files--while computer science student Neil Banerjee and his fellow "cyber warriors" from California State University, San Bernardino, worked to thwart the attacks.
Welcome to the Collegiate Cyber Defense Competition (CCDC), where students compete in a "cyber-war game" scenario to help prepare them for work in the growing cybersecurity industry. Teams defend a fictitious company's network, while skilled cybersecurity professionals stage attacks.
Banerjee's stellar performance in the 2011 Western Regional of the CCDC landed him a job upon receiving his bachelor's degree as an enterprise risk services consultant for the Los Angeles office of consulting company Deloitte & Touche. "Cybersecurity is exciting, fast-paced and essential for the industry," says Banerjee, whose work includes data mining for anomalies that could indicate security breaches. "I like thwarting the bad guys; it makes me feel like James Bond."
Preparing for the 'Next Pearl Harbor'
With growing global reliance on information technology, comes increased risk for cyber-attacks that could compromise military intelligence, rob financial institutions, take down power grids and steal personal information. In 2007, the Baltic republic of Estonia experienced the seriousness of cyberwar, when its government, financial and media computer networks were paralyzed by a series of attacks. In the U.S., corporate giants like Citigroup and Google have faced security breaches.
President Barack Obama has declared that the "cyber threat is one of the most serious economic and national security challenges we face as a nation" and that "America's economic prosperity in the 21st century will depend on cybersecurity." Last year, Defense Secretary Leon Panetta, then CIA director, testified before the House Permanent Select Committee on Intelligence that "the potential for the next Pearl Harbor could very well be a cyber attack."
Securing the Nation's Crown Jewels
As the most wired nation, the United States also has the most targets to defend against cyber attacks, which translates to a booming cybersecurity industry. Government and industry alike are ramping up their cybersecurity operations, says Ed Kanerva, vice president of consulting heavyweight Booz Allen Hamilton, and are also turning to agencies like Booz Allen for their expertise in securing systems.
"The Internet is the place where companies and governments keep their crown jewels - their intellectual capital, their financial information, their people's private information," says Kanerva. "Because the Internet is growing, there's an exponential growth in the need for cybersecurity experts."
The serious threat of cyber attacks prompted Booz Allen to launch a cyber campaign four years ago on the advice of Vice Chairman Mike McConnell, who served as director of national intelligence under President George W. Bush. The company, headquartered in McLean, Virginia, expects to hire 1,700 cyber professionals this year alone.
Cyber Opportunities
"There are opportunities in the cybersecurity industry for everyone, from blue-collar jobs, to positions for those with a Ph.D. in mathematics or physics," says Larry Cox, senior vice president and general manager of the Cyber & Information Solutions Business Unit of McLean, Virginia-based Science Applications International Corporation (SAIC), a leading consulting company in the area cybersecurity. "The industry is three-tiered, with people who install the infrastructure, people who maintain and operate the systems, and people who invent new ways to protect the systems."
In the federal government, jobs abound in cybersecurity, with the Federal Information Security Management Act of 2002 requiring each agency to develop, document and implement an agency-wide program to provide information security. The demand is especially high in the military, intelligence, and homeland security arenas, where security is critical, says Cox.
The U.S. Bureau of Labor Statistics projects an increased demand of 30 percent for computer network, systems and database administrators from 2008 to 2018, attributing part of the growth to "the increasing need for information security. As cyber attacks become more sophisticated, demand will increase for workers with security skills." according to the "Occupational Outlook Handbook, 2010-11 Edition," the most recent edition.
Developing Cyber Warriors
To meet the digital age's demand for security specialists, universities are developing programs in cybersecurity, with some focusing more on policy and management and others emphasizing the technical component. In response to industry's need for high-level technical skills, the University of Maryland is launching a master's program in cybersecurity engineering this year, says Paul Easterling, director of educational development and communications for the university's Office of Advanced Engineering Education. Graduates will be prepared to "develop new protocols and new ways to defend systems."
While a cybersecurity degree is helpful, it's not a "deal-breaker" for advancing in the industry, notes Cox. Information technology professionals with a background in fields like computer science, engineering and mathematics can transfer their skills to the cyber field, especially with some additional training and certification, he says.
Banerjee, the CCDC competitor, is working to supplement his B.S. degree in computer science by becoming a Certified Ethical Hacker, which indicates expertise in using hacking for good, rather than evil. These professionals penetrate networks and computer systems to uncover and fix security vulnerabilities. He is also working to become a Certified Information Systems Security Professional.
Training the Workforce
Companies like Booz Allen are investing heavily in training their corps in cybersecurity. The company's Cyber University provides internal training to approximately 5,000 employees annually. Booz Allen has also teamed up with the University of Maryland University College (UMUC) to offer three online graduate certificate programs in cybersecurity.
With some training, even those without a technical background can support the burgeoning industry. Caitlin Moore, a senior consultant at Booz Allen, came to the company less than three years ago, fresh out of college with a bachelor's degree in psychology. Moore serves in IT workforce development, ensuring that employees have proper training in cybersecurity. She earned her Security+ certification, which demonstrates knowledge in information security, and received a Foundations of Cybersecurity graduate certificate, through the partnership with UMUC. "Even if you're working on the softer side of the field, you need to have some of the technical knowledge," says Moore.
Cox projects continued job growth in the field. "The threats will only increase," he says. "It's an intellectual game of mind against mind, attacker against defender, and it will continue for a long, long time."
