CSIS - A Human Capital Crisis in Cybersecurity. Technical Proficiency Matters
Center for Strategic & International Studies (CSIS), Washington, 2010. By Karen Evans and Franklin Reeder
Terrorists and organized crime groups are actively exploiting weak U.S. security and extorting money used for criminal purposes and to buy terrorist bombs. In October 2008, for example, Express Scripts, one of the nation’s largest processors of pharmacy prescriptions, reported extortionists had threatened to disclose personal and medical information on millions of Americans if the company failed to meet payment demands.
A critical element of a robust cybersecurity strategy is having the right people at every level to identify, build and staff the defenses and responses. And that is, by many accounts, the area where we are the weakest. "There are about 1,000 security people in the US who have the specialized security skills to operate effectively in cyberspace. We need 10,000 to 30,000."
The problem is both of quantity and quality especially when it comes to highly skilled “red teaming” professionals. We not only have a shortage of the highly technically skilled people required to operate and support systems already deployed, but also an even more desperate shortage of people who can design secure systems, write safe computer code, and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.
The cybersecurity workforce to which we speak in this report consists of those who self-identify as cybersecurity specialists as well as those who build and operate our systems and networks. That workforce includes not only workers on government payrolls, but also those contractors who operate as part of the extended government workforce. It also includes those who build and maintain the critical infrastructure on which the public and private sectors have come to rely.