The space race that took place between the United States and the Soviet Union during the ‘50s and ‘60s did much more than put Apollo 11’s Neil Armstrong and Buzz Aldrin on the moon. The United State’s achievements in space inspired important scientific advances, created a new generation of workers and captured American’s imaginations. As a nation, we took the lead in exploring the final frontier.
We have a similar opportunity today in cyberspace. Federal agencies possess the right combination of knowledge, capabilities and technologies to allow for the creation of a strong cyber defense system that is the gold standard for the world. We have the chance to create successful cybersecurity programs that can be used both across the government and by industry. Like Armstrong, we can plant a flag that claims our leadership in this area.
To get there, we must make cybersecurity a national priority. Remember that the space race was won when everyone — from the president on down — became organized around a single initiative: to put a man on the moon. This was a national effort that put man on the moon and created never dreamed of technologies and even entire industries. The benefits of the investments are still boosting our economy and lives. We need the same attitude, vision and commitment to win the cyberspace race. The entire country, including its citizens, must be united around the concept of becoming a dominant cybersecurity force. Who knows what benefits we will derive above the direct goals of securing our communications?
We can do it, but first, we need to tackle two big hurdles standing in the way.
Turning apathy into energy
Recently I attended a cybersecurity-themed dinner. The overriding sense among attendees was that Americans have become inured to breaches. These days, when someone’s credit card information is stolen, they simply get a new card and continue about their day. The cost to them is slight aggravation and business as usual. Your data is stolen in a breach, you take note, do nothing and move on. It’s the new normal.
Overcoming this apathy is critical. Most Americans do not understand or recognize the dire consequences of what is happening. CyberSecurity Ventures estimates that cybercrime will cost the world $6 trillion by 2021. Nobody has more to lose than the U.S. economy, the largest and most advanced in the world. Imagine if there was no national effort to fight cancer, leading to increased mortality rates? At what point does the general population step in, recognize the problem, and advocate for a national effort that leads to a solution?
It’s one thing to talk about tens of billions of dollars being lost from an Office of Management and Budget breach; it’s another to explain that such a breach effectively compromises billions of taxpayer dollars. Commercial breaches have similar consequences as they ultimately increase the costs of goods to the consumer.
It is incumbent upon those in power and within the federal government to articulate these consequences. They must make it a part of everyday conversation, like healthcare or the economy. Only then will people sit up and take notice. Getting the public invested in the fight and organized behind the banner of better cybersecurity for everyone is the first crucial step in this effort.
Attracting — and keeping — top-tier talent
Rallying public support may also help to solve the second big hurdle: the growing cybersecurity talent gap. The Center for Cyber Safety and Education estimates there will be a global talent shortage of 1.8 million by 2022. Meanwhile, a report by the Commerce and Homeland Security departments noted an estimated 299,000 active openings for cybersecurity jobs in August 2017.
With demand so great, and supply so short, talented cybersecurity professionals have the option of choosing where they want to work — and many are choosing the private sector over the public. Why? Pay, benefits and culture. Regardless of the importance of the mission, the allure of service to one’s country simply cannot compete with the higher paychecks, catered lunches and innovative atmospheres of Silicon Valley start-ups. This is especially true in times of continuing resolutions, sequestration and government shutdowns.
Yet the training that federal agencies provide is unparalleled. Someone fresh out of college who is interested in learning about cyber defense can spend a couple of years learning everything they need to know from the Department of Defense or the Department of Homeland Security. They can be exposed to some of the latest risk monitoring technologies and strategies and gain a fundamental understanding of changing threat vectors. The jobs can be performed from almost anywhere as they are not tied to geographic locations, like more traditional parts of the economy. This flexibility opens opportunities up to an entire workforce — a national workforce.
Unfortunately, today a lot of those people are taking that valuable education and parlaying it into well-paying corporate jobs. This leads to a large-scale brain drain that leaves the public sector scrambling for additional resources.
The government is moving in the right direction to address this challenge. Efforts like the National Cyber Strategy, which proposes the creation of a “superior cybersecurity workforce,” are appropriate. So is the Office of Personnel Management’s guidance to help agencies identify cybersecurity skills gaps.
Even more can be done. For instance, the government could consider the creation of a “Cybersecurity National Guard” comprised of students who commit to a set number of years of government service in exchange for cybersecurity training. Or, the government could retrain workers from other industries to become cybersecurity experts.
The private sector is unlikely to take the initiative in this campaign; it does not have the financial incentive to do so and is too decentralized. That leaves a void that the only a national effort is able to fill.
It will only do so if we all commit to making cybersecurity a top priority. Just as we did in 1960s, the United States government has a chance to implement yet another moonshot — a cybersecurity moonshot — and set the standard for the rest of the world to follow; a technology-based “moonshot” that will once again benefit all mankind.
Eric Trexler is vice president of global governments and critical infrastructure at cybersecurity firm Forcepoint.