U.S. Faces Cyber Security Gap Without Training, Education
Homeland Security's cybersecurity director, Richard Marshall, warns that universities aren't turning out enough cybersecurity experts and urges greater scholarship funding.
WASHINGTON -- As discussions about the federal approach to cyber security continue to percolate across the highest levels of government, one of the most important steps policymakers can take is to nourish the education and training of a new crop of security experts, a senior administration official said here at the FOSE government IT show.
Working in concert with the government, the private sector has made significant strides in improving software security and ferreting out vulnerabilities in the supply chain, but the flow of cyber security experts graduating from the nation's universities with advanced degrees remains anemic, according to Richard Marshall, the director of global cyber security management at the Department of Homeland Security.
"No matter how successful we are in those two elements, we are going to fail if we don't invest more money, time, attention and rewards to educate the workforce," Marshall said. "That's our legacy-to-be."
DHS and the National Security Agency (NSA) jointly sponsor the Centers for Academic Excellence, a consortium of universities that focus on advanced information security education. While participation in the program has snowballed, federal funding for scholarships has not kept pace.
Marshall appealed for both federal and private investment in higher education programs that could provide tuition assistance to draw students into cyber security programs, noting that a free education is a powerful lure.
"Look at all the great football and basketball programs. They're all on scholarships. They're not playing for fun -- they're playing for money," he said. "We need to do the same thing with our computer science students."
Shortly after Marshall's address this morning, lawmakers began work marking up a sweeping cyber security bill that, among other things, would enshrine into law several measures to boost cyber security education and swell the ranks of security staff in federal agencies. The bill would establish a Scholarship for Service program at the National Science Foundation (NSF), providing tuition money for students who pursue a cyber security curriculum and enter public service upon graduation.
The Cyber Security Act, co-sponsored by Sens. John Rockefeller (D-W.V.) and Olympia Snowe (R-ME), would also channel more federal support to the NSF for cyber security research and development, an area left sorely deficient under current funding, according to Marshall.
"The United States as a people spends more money on astrology -- the zodiac stuff -- than the United States as an entity spends on basic research," he said. "That is disturbing."
The administration's proposed budget for fiscal 2011 contains significant increases in funding for cyber security research.
Without mentioning the Rockefeller-Snowe bill by name, Marshall praised lawmakers for generally showing an increasing appreciation for the seriousness of the cyber threat.
President Obama elevated the issue early on in his administration when he commissioned a comprehensive review of federal cyber security activity, a process that culminated in a White House address that accompanied the release of the commission's report.
In his speech, Obama said that cyber attacks and crime are as much an economic challenge as a security threat. In that spirit, when he installed Microsoft veteran Howard Schmidt as the White house cyber security coordinator, he gave him a seat on both the national security and economic councils.
Speaking this morning, Marshall echoed the economic urgency of the government's cyber security mission.
"The IT industry provides a one trillion -- with a 'T' -- dollar contribution to the U.S. gross domestic product," Marshall said. "If you're looking for a metric for cyber security, money is a good metric."
"Economic security and national security are joined at the hip," he added.