With research showing a vast shortage of skilled talent to fill cybersecurity jobs, it may be time for the United States to make cybersecurity a national imperative in much the same way it did with aerospace technology, nuclear science and biotechnology.
That’s according to Sam Visner, vice president and general manager of CSC Global Security, who said that while attention is being brought to the issue through programs like the National Initiative on Cybersecurity Education, or NICE, as well as the National Institute of Standard’s and Technology’s recent cybersecurity framework, not enough is being done or coordinated to truly make those efforts effective.
“We have uncoordinated initiatives, but not a national strategy coupled with a national program,” Visner told Wired Workplace. “We have in the case of NICE a broad statement of policy but not what I would consider to be the level of programmatic strategy and resources to be a national imperative.”
Visner pointed to the draw for skilled IT workers to create and advance new technologies, rather than focus on the need to secure those advances. With technology being developed at such a rapid pace, it’s nearly impossible for even a well-trained cybersecurity workforce to keep up, he said.
“The advance of the cybersecurity capability to keep up and secure broadly is asymmetrically slow,” Visner said. “We don’t have nearly enough people to secure those environments. It’s interesting when we say cybersecurity is a high national priority and yet focus more energy on things that need to be secure and less on securing them.”
It’s unclear which individual, organization or federal agency would own the creation of a national imperative for cybersecurity, but Visner said some possibilities would be the National Academy of Sciences, the Homeland Security Department or NIST. Regardless of the agency or organization, most important would be having a White House and executive leadership spotlight on the issue, he said.
“If you think about what was done in the nuclear era, investments were made in the educational process,” said Visner, who pointed to the work of his father on the Manhattan Project. “Certain young people were spotted, academic careers were facilitated and the industry fought to get them. That’s what we’re talking about with cybersecurity.”