If you want to solve the IT skills gap, fix the gender gap

Dana Grinshpan — Wed, 28 Nov 2012 14:57:49 -0500

In October, Defense Secretary Leon Panetta gave a speech at the Intrepid Air and Space Museum in New York where he stated “cyberspace is the new frontier.” Ears really perked when he said that cyber actors have already infiltrated America’s critical infrastructure, including the computers that operate chemical plants, the electric grid, and water facilities. Such collective attacks could result in a cyber Pearl Harbor, he said.

The candor with which government leaders are referring to the cyber threat isn’t surprising. There have been countless memoranda, reports, and speeches detailing the need to bolster the cybersecurity workforce as a result of continued cybersecurity breaches in federal IT systems. In the coming year and beyond, agencies want to hire more cybersecurity professionals to fill this growing need.

But agencies face a big problem – the shortfall of skilled professionals. A recent report by the Homeland Security Department’s cyber skills task force detailed the need for 600 new cybersecurity professionals in the near term who have mission critical skills. Finding these professionals is difficult given that agencies have to compete with government contractors and others in the private sector to hire them. While the DHS cyber skills report largely focused on the need for technical competencies, another report released by the Government Accountability Office in November 2011 found that nearly every agency has experienced difficulty in hiring cyber workers.

Agencies across government will need to train or hire more people with the right skills in the coming year and beyond. To make up for this shortfall, most experts recommend creating a pipeline of applicants by starting early in the primary school grades to get students interested in STEM fields.

But there’s another challenge associated with recruiting skilled workers: Most of those going into STEM fields are men. Only 13 percent of the US cybersecurity professionals are women. Further, the number of women enrolling in computer science degrees is actually decreasing. In 1985, 37 percent of computer science graduates were women; in 2005, women only made up 22 percent. Despite the growing need for cybersecurity professionals, female enrollment in the fields necessary to get into these jobs continues to decrease. In fact, in 2010 only about 18 percent of undergraduates in STEM fields were women.

Women, being about half the population, are a largely untapped resource for cybersecurity recruitment. In a recent study, women claimed they encountered more institutional barriers to entering cybersecurity fields. For example, the largely male-oriented “hacker” culture prevalent in IT can be hard for girls and women to penetrate and leaves them with fewer opportunities for building mentor-mentee relationships. A lack of interest in STEM fields also attributes to low participation numbers. Perhaps attributed to the lack of women in science and math teaching professions, the gap exists in middle school and increases in high school.

Creating a pipeline of cybersecurity applicants will involve more than scholarships and competitions to recruit the professionals the government will need. Addressing the barriers to entry for women would open up a group of potential applicants largely overlooked in the past.

Find more insights and trends that the federal IT community will be facing in 2013 and beyond in a recent study released for the Government Business Council. And visit Nextgov Prime on December 3^rd to continue the conversation with leading thinkers, members of Congress and other experts in technology.

]]>

Could Cyber Warfare Nullify Nuclear Weapons?

Dana Grinshpan — Wed, 19 Sep 2012 21:07:57 -0400

Is it outrageous to believe that cyber weapons, such as malware or computer worms, have the capacity to render nuclear war a relic of the past? Recent cyber attacks, including Stuxnet and Flame, have not only made governments reassess their security vulnerabilities, but have invited an important question: Could cyber warfare supplant nuclear warfare? Cyber weapons have the capacity to stop or delay a nuclear attack before launch. And if this is possible, countries may need to start stockpiling cyber weapons.

If you’ve ever bought security software from Symantec or Norton Anti-Virus then you know that any computer connected to the Internet is susceptible to a computer virus. Be that as it may, computer systems can be comprised without being connected to the Internet. Stuxnet, for example, was reportedly developed by the United States and Israel with the aim of infecting the Natanz uranium enrichment facility in Iran. The Natanz facilities, however, were not connected to the Internet. Therefore, someone had to upload the computer virus from within the Iranian nuclear complex -- intentionally or not, likely using a memory stick -- in order to infect the system. Upwards of about 5,000 spinning centrifuges used to clarify uranium apparently were destroyed, perhaps setting the program back several years.

Recently, Flame, a virus used to mine documents and communications for sensitive information, penetrated the computers of high-ranking Iranian officials. In August, Kaspersky Lab said it discovered a new cyber weapon, named Guass, which targets computers in the Middle East. Apparently, Guass is a complex data-mining toolkit designed to collect sensitive information like browser passwords and online banking credentials. Guass, believed to be a descendant of Flame, has infiltrated Lebanese banks.

The development of cyber weapons is not reversing. Many of the most highly publicized are state-sponsored and appear to be very effective. Great power warfare has traditionally been dominated by the threat of nuclear attacks and the notion of mutually assured destruction or strategic stalemate; could cyber weapons displace that threat, transforming nuclear weapons into radioactive paper weights? The United States and the former Soviet Union operated under a nuclear deterrence triad that included land, air, and sea launch capabilities. Each of these avenues would need to be susceptible to viruses for cyber weapons to neutralize nuclear threats. As seen in Iran recently, the facilities that develop land-based intercontinental ballistic missiles can be compromised -- even when they are not connected to the Internet. Recently in India, another computer virus -- spread through another memory stick -- infected the navy’s Eastern Naval Command, which is responsible for testing India’s first ballistic missile submarine. This is a new phenomenon without clear implications. Still, if cyber weapons can be relied upon to stop nations from developing or launching nuclear weapons, that would be a good thing.

]]>

Nextgov/FCW - Authors - Dana Grinshpan

If you want to solve the IT skills gap, fix the gender gap

Could Cyber Warfare Nullify Nuclear Weapons?