So you think since the Cold War is over and America won the arms race that you can relax. Think again, and be ready to go to work.
According to experts, the face of war is changing from bombs, planes and troops to computers, the Internet and hackers. Sure, we’ll always have skirmishes here and there around the world. As long as there are terrorists who believe that guns and bullets and bombs will take down America, we’ll have to deal with them.
However, the big ones, the battles that can cause the most extensive damage to lives and infrastructure, will be fought on a different battlefield, one where the weapons of choice are a keyboard and a mouse. Terrorists are trading in their suicide bombs for computers.
We need an army of recruits who are experts in the field of cyberwarfare. Although the military will require thousands of these highly trained soldiers, most of the new cyberwarriors will never put on a uniform. Corporations hire employees to protect them from the onslaught of hackers and terrorists who are even now in cyber training camps around the world. Get used to some new words: cyberterrorism, cybersecurity, cyberwarrior, cyberweapons, cyberattack and others.
We’ve seen the movies, read the books and heard the stories of cyberterrorists who infiltrate the most highly protected corporate, government or military computer systems and wreak havoc. Stealing a few million names and Social Security numbers or disrupting corporate systems for a few days with denial of service will seem like small potatoes compared with what is just around the corner.
Experts generally agree that cyberterrorism must be more than minor disturbances. To be true cyberterrorism, an attack would result in death or injury to people, for example, explosions, water contamination, plane crashes or significant economic loss.
A MAJOR CYBERTERRORISM EVENT IN 2013
In a Jan. 4 article, Sean Gallagher, the information technology editor at Ars Technica, reported, “A sampling of computer security professionals at the recent Information Systems Security Association conference found that a majority of them believe there will be a ‘major’ cyberterrorism event within the next year.”
The survey found that 79 percent think that there will be some sort of large-scale cyberattack on some element of the United State’s infrastructure. These computer security professionals think that the power grid, utilities, the oil and gas industr ies and financial institutions will be the most likely targets.
Gallagher further went on to say, “That sentiment is supported by the data from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which responded to 198 cyber incidents in the 2012 fiscal year, with 41 percent of the them occurring in the energy sector.”
Cyberterrorism can occur from unexpected sources. For example, a disgruntled former contractor took remote control of Maroochy Shire, Australia’s sewage treatment system and spilled more than 200,000 gallons of raw sewage into local parks, rivers and the grounds of a Hyatt Regency .
CYBERARMS RACE WITH RUSSIA AND CHINA
In a recent Reuters article, Robert Windrem, senior investigative producer for NBC News, reported, “The United States is locked in a tight race with China and Russia to build destructive cyberweapons capable of seriously damaging other nations’ critical infrastructure.”
Scott Borg, CEO of the U.S. Cyber Consequences Unit, a nonprofit institute that advises the U.S. government and businesses on cybersecurity, said all three nations have built arsenals of sophisticated computer viruses, worms, Trojan horses and other tools that place them atop the rest of the world in the ability to inflict serious damage on one another or lesser powers.
“Russia is best at military espionage and operations. That’s what they have focused on for a long time. China is looking for crucial business information and technology. China’s main focus is stealing technology. These things (are) quite separate. You use different tools on critical infrastructure than you use for military espionage and different tools again on stealing technology.”
On March 11, Andrew Rafferty, staff writer for NBC News, quoted national security adviser Tom Donilon in an MSNBC.com article titled “Cybersecurity threatens US-China relationship.” “U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,” Donilon said. “The international community cannot afford to tolerate such activity from any country.
“And the United States is not alone. European countries have suspected China has infiltrated their computer systems as well.”
Corporations are breaking down walls and sharing data that heretofore would have been seen as disclosure of proprietary information. In a Feb. 28 article in USA Today titled “Companies share intel to sleuth out cyberthreats,” Byron Acohido reported, “There is a silver lining to the rash of revelations about cyberintruders cracking into the networks of marquee U.S. corporations. … Some large organizations have begun proactively gathering intelligence about what the bad guys are up to. They are doing this by stepping up the use of cutting edge tech security systems.”
Acohido quotes Kelly Bissell, a Deloitte & Touche LLP security and privacy principal: “Just a short time ago, companies and third-party service providers were extremely reluctant to share any information for fear of airing dirty laundry or revealing any potential weaknesses. Now there is a grass-roots, band-of-brothers kind of approach with the good guys.”
An upstart website called ThreatConnect.com is an online exchange where 150 security researchers and 45 organizations convene 24/7 to share data and brainstorm. According to the website, “ThreatConnect is a community-enabled security intelligence solution that gives you the resources you need to adequately guard your precious data.”
WHITE HAT HACKER
To combat these threats, a whole new cadre of job descriptions has been created that didn’t exist just a few short years ago. Who has heard the phrases “white hat hacker,” “certified ethical hacker” or “penetration tester?” These are not household words, yet they are jobs that are in demand today.
A certified ethical hacker is a professional designation for hackers who perform legitimate services for IT companies and other organizations. A certified ethical hacker is hired to locate and repair application and system security vulnerabilities to pre-empt exploitations by black hat hackers and others with potentially illegal intentions.
A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and assess their security. White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers can detect and exploit them. Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them.
A black hat hacker is a person who attempts to find computer security vulnerabilities and exploit them for personal financial gain or other malicious reasons. A penetration tester tests, measures and enhances established security measures on information systems and support areas.
CYBERSECURITY JOBS TO EXPAND 50 PERCENT
Experts expect the demand for cybersecurity jobs to expand by more than 50 percent by 2016. Graduates from colleges and institutions that prepare them for this challenging new field can expect almost guaranteed employment upon graduation.
Spending by the Defense Department, intelligence agencies and civilian agencies for cybersecurity is expected to increase from the current $9.3 billion to $14.1 billion by 2016.
According to a 2012 Maryland Cyber Security Jobs report by CyberMaryland, the top five cybersecurity markets measured by job openings are:
n Palo Alto, Calif.: 17,570 jobs
n San Francisco: 13,710 jobs
n Baltimore region: 13,393 jobs (Maryland: 19,413 total jobs)
n Boston: 11,683 jobs
n Denver: 6,924 jobs
Although the search for recruits has begun in earnest, the list of qualified applicants is dismally short. Computerworld’s Jaikumar Vijayan wrote, “The Pentagon is planning to expand its cybersecurity force nearly fivefold over the next several years in a bid to bolster its defensive and offensive computer capabilities. The plan is to add about 4,000 more military and civilian employees to the existing 900 staffers in the Defense Department’s Cyber Command.”
However, Alan Paller, director of research at the SANS Institute, a leading computer security and training certification organization, says, “While the hunger for cybersecurity professionals with advanced skills is very real, the supply line is near empty.
“If the (Pentagon) wants to meet its expansion goals, it will have to find innovative ways to find talent.”
Examples of the demand on the civilian side that will compete heavily with the Defense Department are companies that creatively search for cybersecurity professionals. Software development companies such as Microsoft and Apple compete with each other in hiring teams of white hat hackers, whose jobs are to try to destroy or infiltrate software in the development stage before it is released to the public.
Microsoft’s Vista operating software was delayed when Microsoft’s white hat hackers , by means of penetration testing, discovered vulnerabilities in the program that would have resulted in a field day for malicious hackers. The leading white hat hacker who discovered the weaknesses was hired away from Microsoft by Apple, which also has a history of hiring white hat hackers and jailbreak hackers to test its software.
Raytheon, a major defense and aerospace systems contractor, has 250 positions open for engineers, information security professionals and business development managers. According to its website, “Our Raytheon cyberwarriors play offense and defense, and know how the adversary thinks and can adopt their perspective. They understand the real engineering beneath the interfaces. They also can design and create new software, as well as reverse-engineer and analyze software and hardware created by someone else.”
Raytheon offers this challenge: “Code breaking excites you. Reverse-engineering seems pretty straightforward. And you like to break down information security systems just to build them back, stronger and better. You seem to be the kind of person we look for at Raytheon: a cyberwarrior who can help us protect the world’s most critical data from breach, fraud, theft and sabotage.”
Think you have what it takes? Raytheon offers a challenging test at http://rtncyberjobs.com/. “Conquer these hidden challenges and crack the code to gain restricted access to a secret message — just for cyberwarriors like you.”
A search through major online job boards such as Monster.com, Indeed.com and Careerbuilder.com discloses thousands of cybersecurity job openings .
Your appetite is whetted. You can find the training to become a cyberwarrior at the Education Portal at http://tinyurl.com/educationportal. Here you will find the top cybersecurity schools in the U.S. Leading the list are UCLA and the University of Iowa at Ames, Iowa. The website identifies schools across the country where a solid education focused on cybersecurity can be obtained. Some of the top schools offer certificates in cybersecurity while others offer full bachelor’s and master’s degree programs.
Online programs are offered by many other universities and schools listed on the portal.com website such as: Walden University, Capella College, Baker College, Southern New Hampshire University, Kaplan College and Colorado Technical University among others.
In Las Vegas, the University of Phoenix offers bachelor’s degrees in information system security and criminal justice administration cybercrimes. ITT Technical Institute has bachelor’s degrees in cybersecurity and information systems/cybersecurity.
The field of computer security is wide open and expanding rapidly. Demand for skilled employees will far exceed supply. For a generation raised with a laptop in your bag and an iPhone in your hand, who have reached the pinnacle of accomplishment in “World of Warcraft,” your dream job may just be to become the cyberwarrior you didn’t know you were training for.