Sputnik offers a lesson on cybersecurity workforce

On Oct. 4, 1957, the Soviet Union launched a small basketball-sized satellite called Sputnik into orbit around the Earth. Sputnik was a wake-up call.

By Fred Chang

Fred Chang
Fred Chang

Exactly 60 years ago, on Oct. 4, 1957, the Soviet Union launched a small basketball-sized satellite called Sputnik into orbit around the Earth. Sputnik was a wake-up call, and Americans feared that our nation did not have the workforce to win the space race. Congress acted, and in September 1958, President Dwight D. Eisenhower signed into law the National Defense Education Act that over four years directed more than $1 billion toward improving science curricula. The response to Sputnik helped to inspire and train a new generation of American students in math and science, and many would subsequently pursue careers in science and technology.

So here we are six decades later, and today's cyber threat represents a modern challenge of a very different sort. But fear of a data breach or a cyber disruption doesn't drive the same kind of visceral reaction as fear of losing the space race. I believe that it should. Today's anniversary should remind us that, as we address a contemporary workforce shortage, we do not have enough trained and qualified cyber defenders to protect U.S. cyber assets now and in the future.

Many of you are reading this column on a smartphone or tablet. We take the internet, high-speed communication links, the cloud and our mobile devices for granted. But cyberspace is more than a platform for convenience, social media and sharing videos. From financial services to health care  to retail to government and much more, we depend on a reliable, scalable and defensible cyber infrastructure.

Large data breaches are commonplace today. Who hasn't received a notice that their Social Security number and other personal information may have been compromised? I fear that people will increasingly begin to see these incidents as merely inconvenient annoyances, or accept that cyber insecurity is the new normal, rather than a fundamental threat.

Cyberspace technology is young and changing at a stunning rate of speed. We have hard experience showing just how vulnerable we are to malicious attackers. We have a better understanding of the consequences of these security vulnerabilities to us personally and professionally, and to our national security. This is why it is so vital to have a trained workforce to defend us in cyberspace.

The difference between the trained cyber workforce we have and the workforce that we need is large and growing. According to one estimate, the size of the global cyber skills gap is expected to grow to about 1.8 million people by 2022. Organizations large and small are having difficulty hiring cyber talent, and many positions are going unfilled.

It would not be fair to say the nation is ignoring this situation. Scholarships, STEM programs, cyber competitions and cyber summer camps for pre-college students are important, but we must do more to fill the gap. Today's students will be responsible for tomorrow's cyber infrastructure. We need a large and capable pool of men and women to staff these positions for the future.

Terrific university students around the country are graduating every year to pursue careers in cybersecurity. But their numbers barely make a dent in closing the cyber skills gap. It feels like we are trying to fill a swimming pool with an eye dropper. Additional talent will most certainly come from many unexpected places within the existing and future workforce, and technologies will be developed that will augment human capability.

Terrific university students around the country are graduating every year to pursue careers in cybersecurity. But their numbers barely make a dent in closing the cyber skills gap. It feels like we are trying to fill a swimming pool with an eye dropper. Additional talent will most certainly come from many unexpected places within the existing and future workforce, and technologies will be developed that will augment human capability.

Even so, we need to expand, substantially, postsecondary programs that specialize in training this sophisticated workforce. Public and private sector funding of university cybersecurity institutes and centers should amplify these needed cyber programs and create important industry relationships in the local communities. We also need to motivate and challenge many more K-12 students to pursue the math and science basics to prepare them for fascinating cyber-related careers that they may not know exist.

It's tragic when a talented student who wants to attend college is unable to because he or she lacks the motivation, awareness or financial means to pursue a challenging career. But it will be dangerous for us all if we do not find a way to direct and financially assist many more potential cyber defenders to fill this large and growing cyber skills gap.

Fred Chang is executive director of the Darwin Deason Institute for Cyber Security at 黑料老司机and a former director of research at the National Security Agency, and he testified before a congressional subcommittee in September on the cybersecurity workforce. He wrote this column for The Dallas Morning News. 

# # #