Top Officials Call for More Education and Jobs to Counter Cyberthreats

Strategies include cybersecurity apprenticeship programs and scholarships for students who agree to work in Virginia after graduating.

by Tamara Dietrich, Daily Press (Newport News, Va.) / September 22, 2016 0
Cybersecurity research and education just got a big boost at Columbus State University. Nate Grigg via Flickr CC 2.0 Wikimedia Commons

(TNS) — Anyone can fall victim to an online data breach — even a federal security expert who specializes in preventing data breaches.

In fact, Ron Ross of the National Institute of Standards and Technology said he was swept up in several breaches just last year.

The "big one," he said, was when hackers broke into government computers of the U.S. Office of Personnel Management. The records of nearly 22 million people were exposed, including intelligence operatives, Defense Department employees and Ross, with his top secret clearance.

"Next to the Snowden breach, this is one of the worst ones we ever had," Ross told participants Wednesday at the Cyber Physical Systems Summit being held at Jefferson Lab in Newport News.

Another breach was at Anthem Inc., which exposed the identities and medical records of government employees like Ross, and of their families, like three of the five children of Virginia Gov. Terry McAuliffe.

Then came a third hack.

"The only good news," Ross said dryly, "was that I was not part of this one. Thank goodness."

He clicked on a PowerPoint slide that said "Ashley Madison," and the audience burst into laughter.

Ashley Madison is the name of an online dating site for married people. Last summer, hackers published the names of millions of its customers.

"I bring these three up because I want to give you a sense of behind the scenes," Ross said. "Why these three breaches were so important. Why they were so critical. The folks who entered these databases really wanted to target (particular) individuals.

Last December, bad guys using stolen usernames and passwords managed to take over the control systems of three power distribution companies.

Company employees watched helplessly as the cyberattackers took over their control panels and, in a matter of minutes, shut down power to some 225,000 customers.

Last December, bad guys using stolen usernames and passwords managed to take over the control systems of three power distribution companies.

Company employees watched helplessly as the cyberattackers took over their control panels and, in a matter of minutes, shut down power to some 225,000 customers.

"This isn't about credit card protection or all the things you might see. They wanted a list of all the people who have top secret clearances, who may have embarrassing health care issues and also are cheating on their spouses. And that's a target list for espionage. And the only time you'll ever see the results of this breach is when you're sitting in Panera Bread and somebody comes up to you and says, 'Hey, Ron, I know something about you. It's a little embarrassing. We can make it go away if you do X, Y or Z.'

"This is the nature of cyber today. Cyber operates below the radar. And you don't have to defeat a superpower with cruise missiles or classic kinetic things, anymore. You can defeat a superpower by attacking through cyber."

And it's a target-rich environment, Ross said. Today, about 6 billion devices from smartphones to tablets to cars to children's toys are on the so-called internet of things. And every day, several million more are added.

The summit to address cyberthreats is the first of its kind in the state, drawing registrants from all levels of government, academia, industry, the military, research and other areas. It's being held Tuesday through Thursday.

The driving force behind the event is McAuliffe, who made cybersecurity the mission of his year-long term as chairman of the National Governors Association.

The governor said he wants all states to become harder targets for hackers, but he has even bigger plans for his own.

"My goal is to make Virginia the cybercapital of the United States of America," McAuliffe told the summit Wednesday morning.

Part of what drives that goal, he said, is sequestration, or across-the-board budget cuts imposed by Congress, that sucked $9.8 billion in defense spending from Virginia from 2011 through 2013.

Another round of sequestration could begin in October 2017, the governor said, unless "the new president and new Congress get their act together and deal with it."

If not, he said, the next cuts "will be much worse than what we faced in '11 through '13. Devastating cuts."

Meanwhile, cybersecurity is exploding as a source of good-paying jobs that also fill an urgent need.

So far this year, McAuliffe said, the state has identified about 53 million cyberattacks, and stopped 47,000 instances of malware.

Yet there still aren't enough cyberwarriors to wage a proper fight, he said.

Virginia now has 37,000 open positions in the high tech industry, he said, including 17,000 in cybersecurity alone. Cybersecurity jobs come with an average starting salary of about $88,000.

To help fill those positions, he said he wants to change the education system.

"You ought to know the minute you walk into fifth grade that we have all these cyberjobs open, starting pay $88,000," McAuliffe said.

High schools can be redesigned to push science, technology, engineering and math classes early on, he said, and to match a student's skill set with the right jobs.

McAuliffe has already pushed through initiatives to increase the number of colleges and universities designated National Centers for Academic Excellence in Cyber Defense, to offer a scholarship to students in a cyber-related field if they return to work in Virginia, and to fund a virtual "cyber range" for students in high school through college to apply and test their cybersecurity skills.

On Wednesday, McAuliffe formally announced the launch of that cyber range, intended to position students to enter the cybersecurity workforce directly.

In March, Tidewater Community College became the third community college in the state and the first in Hampton Roads named a CAE in Cyber Defense by the National Security Agency.

Also on Wednesday, McAuliffe announced the NSA just chose Northern Virginia Community College as a regional resource center for the CAE.

Finally, he announced the state's first partnership under his cybersecurity apprenticeship program is in Hampton Roads, between Tidewater Community College and the Yorktown-based Peregrine Technical Solutions.

McAuliffe promised more "major announcements in cybersecurity" to come, after his recent trip overseas.

©2016 the Daily Press (Newport News, Va.), distributed by Tribune Content Agency, LLC.