Cybersecurity is an exciting field of study that is in high demand all over the world. Cybersecurity is often understood as protecting computer hardware, software and data from any threat ranging from hackers and terrorists to earthquakes, or power failures. The Department of Homeland Security, Cyber-Infrastructure Security Agency defines cybersecurity as, “…the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information.”
In essence, cybersecurity is the protection of all digital data. Information security, sometimes referred to as information assurance, protects ALL data in general. This would include files and hard copies stored in an office environment. These two terms are often used synonymously, as both cybersecurity and information security overlap in the need for physical protection of data. The physical aspect of cybersecurity includes all of the infrastructure (e.g. networks, devices, internet, etc.) that enables digital data to function.
Common Types of Cybersecurity Threats
Cyber-attacks come in several forms. Some attacks are identity theft of data that could be used to open up fake credit card accounts. Other attacks leak proprietary information from companies. More severe attacks, commonly called Denial of Service (DoS) attacks, can shut down entire networks. The purpose of a DoS attack does not often include theft, but rather to cost the organization money by shutting down their websites or networks. Ransomware threats are more sinister, in which the perpetrator hacks into the company and encrypts all the data – thus holding it hostage. The victim must either pay a ransom fee or risk losing all of their data. Organizations such as hospitals even law enforcement agencies have been hit by ransomware, resulting in millions of dollars in damages.
The recent rush of high-profile attacks is indicative of how vast and vulnerable our economy is to these threats. In May of 2021 the Colonial Pipeline corporation, which supplies 45% of the oil and natural gas to the eastern seaboard of the U.S., was hit by an attack, which resulted in gas shortages throughout the southeast United States. In June 2021, JBS inc., the largest meat processing company in the world, was hit with an attack that shut down all of its U.S. based meat packing plants causing shortages to grocery stores and highlighting the vulnerability of our food supply to cyber threats. Finally, the SolarWinds hack was a direct attack on 12 federal agencies including the Department of Defense (DoD), NASA, DHS, and the Federal Aviation Administration (FAA) to name a few. As a seemingly technologically advanced country, the U.S. is particularly vulnerable to these cyber threats.
The High Costs of Ignoring Cyber Threats
The modern global economy relies on fast, accurate digital information to maintain supply chains, and financial markets. This means that computers are connected through the internet exchanging data and currency to keep this system running smoothly. Security of this data is absolutely essential.
The United States heavily relies on such cyber communication for all of its major industries such as financial, entertainment, transportation, shopping, and medicine. Critical industrial systems consisting of power grids, food production facilities, critical manufacturing, water treatment facilities, and nuclear reactors all run with computer systems. All of these systems are connected to a network or directly to the internet. That makes these systems vulnerable to attack by criminals, terrorists, or possibly the vulnerability of a natural disaster. The Department of Homeland Security has estimated over 7,000 critical infrastructure systems within the United States are at risk of cyber-attack. The costs of these attacks are staggering. The current estimate of cybercrime costs the world $6 trillion dollars and that number is expected to nearly double in the next four years. Worldwide, industry spends $170 billion dollars on security to prevent such attacks and it is clearly not enough.
Developing a Cybersecurity Workforce for the Future
The wide range of dynamic and evolving cyber threats requires an agile and technically-skilled workforce to respond. Cybersecurity is one of the most vital job fields globally. Current estimates indicate that there are one to three million job vacancies in the cybersecurity field just within the United States. A Cisco Annual Security Report (CASR) indicates that there is a global shortage of IT security professionals in both the public and private sector. The lack of qualified candidates in the cybersecurity field is a major security challenge for the nation.
The Department of Homeland Security recruiting website states, “As technology becomes increasingly more sophisticated, the demand for an experienced and qualified workforce to protect our Nation’s networks and information systems has never been higher.”
The solution to the expanding threats and the lack of qualified job candidates within the cyber field is education. Every citizen within the country should be provided adequate education on the threats and vulnerabilities from cyber-attacks. Understanding how to protect themselves and their devices from these threats is imperative. Additionally, recruitment of more candidates within the cyber profession requires educational programs at the secondary and post-secondary level. More graduating professionals are needed for this ever-growing field. There is a solution, public school systems have the opportunity to initiate cyber programs early to inspire young students to enter the industry, supporting our growing need of cyber workforce.
To become a cyber professional requires years of study and an intense curiosity of problem solving. Cyber professionals are, in essence, detectives attempting to find clues to protect computer systems and our nation’s cyber infrastructure. The key to success in any cyber related field of study is obtaining industry certifications. These certifications prove a certain level of competency in an individual’s cyber skill sets. The more certifications the more depth and breadth of knowledge the individual can obtain. Integrating industry into the public education system can assist educators in identifying what certifications are in demand and begin the process of training up future cybersecurity professionals. While young students can obtain a college degree, a degree is not required to earn cyber security certifications and a career in the cyber industry. The process of earning certifications can start as early as middle school. If a cybersecurity Career and Technical Education (CTE) program is implemented for 7th – 12th graders, by the time students graduate high school they could earn all of the certifications necessary to obtain an entry level cybersecurity job upon graduation.