If you've seen recent headlines about cyber attacks, you've had to consider some troubling questions: How real is the threat? How serious are the consequences? How prepared are we?
In a recent speech, U.S. Secretary of Defense Leon Panetta described a dire scenario--a "cyber Pearl Harbor". He outlined what would happen if a coordinated cyber attack derailed trains filled with lethal chemicals, shut down air traffic control screens while thousands of planes were in the air, and brought our financial trading systems to a standstill. In the blink of an eye, the world would become a bleak place.
Unfortunately, scenarios like these are backed up by the facts. And we're not as prepared as we should be.
A clear and present danger.
Cyber warfare isn't just a future threat; it's happening right now. On August 21st, the Huffington Post Fact of the Day highlighted a 680 percent increase in cyber security breaches against the federal government in the last six years. A recent, blatant attack by the Chinese on sensitive Google networks--which followed other attacks on the New York Stock Exchange and the Pentagon--has led to escalating concern about our cyber security. Concern isn't the only thing that's growing: In fiscal 2011 alone, Washington spent $13 billion to protect information technology from attack. And this number doesn't include the amount spent in the defense budget to increase digital warfare capacity.
And the U.S. isn't just concerned about cyber defense; many are exploring the offensive potential of cyber attacks. The New York Times reported that the U.S. debated using cyberwar tactics in Libya, with the goal of disabling Libyan communications networks and preventing their early warning systems from detecting NATO warplanes.
Other nations have been the targets of cyber attacks as well. The best-known salvo in the cyber wars was Stuxnet, a computer virus that attacked Iranian nuclear centrifuges. But Stuxnet has morphed into Flame, Gauss, and Duqu--all variants of the Stuxnet code. Flame and Gauss were targeted at the Middle East, capturing personal data and invading bank accounts in Lebanon, while Duqu appeared to be aimed at power plants and oil refineries.
Cyber warfare takes many forms, and its impact is far reaching. To preserve our security, we need IT professionals who are up to the challenge.
A new kind of war needs a new kind of "army."
So how do we prepare for cyber war? Past wars involved recruiting young men to fight in foreign lands. Now the enemy is in virtual space and must be fought everywhere. In previous conflicts, we needed soldiers who were tough enough to succeed in battle. But physical strength is no longer a requirement; instead, the fight requires a sophisticated knowledge of computer security and code. Cyberwar has different requirements--requirements that we can meet by capitalizing on things we already have in place. Here's how:
- Increase the number of IT professionals with security certifications. Information-security credentials like the CISSP® and CISM® represent the minimum level of training that cyber security warriors will need. And it's the key place to begin. IT Trainers like InfoSec and Secure Ninja are the boot camps where cyber warriors gain the fundamental skills for battle. For those who want to go beyond, intensive college and university programs are the next step. At some institutions, certificate holders can earn credit for prior learning for the certificates, streamlining their path toward a degree.
- Develop more IT leaders with cyber security expertise. After 9/11, many including security advisor Richard Clarke pointed out the need for more cyber security professionals. Since then, the National Security Agency and the Department of Homeland Security laid out stringent criteria for cyber security education programs--and recognized institutions that met these criteria as National Centers of Academic Excellence in Information Assurance Education (CAEIAE). Many are now following the National Initiative for Cybersecurity Education (NICE) framework, guaranteeing even more alignment with the security standards needed by government and industry. Graduates of these Centers are working to help the NSA and DHS, as well as many corporations, with the cyber security issues they face today. But more graduates are needed.
- Draw upon current military personnel. With proven leadership abilities and valuable security clearances, military service members are in a unique position to support the cyberwar effort. By gaining high-level cyber security knowledge, these experienced professionals can provide valuable insights to a variety of government agencies. For this group in particular, online institutions are a great fit because they offer flexibility, including the ability to complete courses from far flung locations. And because some online schools have earned CAEIAE designations, they offer military service members both convenience and quality.
Building the skills. Finding the will.
In the U.S., we have the people, the talent, and the technology to meet the cyber security threat head on. Now we need the will to recognize the size of the challenge--and leaders willing to transition our current military spending to this new way of preparing those who will defend us.