Universities push to turn out cyber guards as demand explodes
U.S. agencies face a shortage of professionals to protect America’s computers and networks from assault, warns the head of Carnegie Mellon University’s Information Networking Institute.
“The government needs 1,000 people every year,” said Carnegie Mellon’s Dena Haritos Tsamitis. “Higher-ed institutions across the country aren’t even close to providing enough.”
Without them, the United States remains vulnerable to cyber attacks, said Tim McManus, a vice president at the Partnership for Public Service, a Washington-based nonprofit that published a report last year on the national cyber corps shortage. One example: An incursion uncovered in 2004 when Chinese-backed hackers infiltrated NASA and military labs.
Federal civilian computers alone withstand potential cyber attacks about every nine seconds, according to EINSTEIN 2, the Department of Homeland Security’s intrusion detection system.
“Every day, U.S. military and civilian networks are probed thousands of times and scanned millions of times,” writes William J. Lynn III, deputy secretary of the Department of Defense, in the current issue of Foreign Affairs, a nonpartisan, nonprofit journal of international relations.
So in 2001, federal officials began trying to avert the crisis. They set up two university scholarship programs for students to become cybersecurity experts for government agencies.
In nine years, government scholarships funded by the National Science Foundation and the Department of Defense have produced only about 1,400 cyber guards.
Lack of awareness, the lure of high private-sector salaries, persistent lack of interest in math and science, and too few dollars for the science foundation’s scholarship contributed to the slow growth of an American cyber brigade, experts say.
“There’s not enough emphasis and work at colleges and universities to get people to pursue cybersecurity training,” McManus said. “And because of the shortage, much of the work is being done by contractors, so it costs taxpayers more money.”
A National Security Agency official who spoke on condition of anonymity said that at the end of 2009, only 47 percent of Defense personnel occupying information assurance positions had earned appropriate certification.
For some years, schools participating in the government programs, including Carnegie Mellon and the University of Pittsburgh, found it difficult to award all of the available scholarships.
“In general, that’s the case for all the programs throughout the country,” said James Joshi, a Pitt computer science professor and head of both scholarship programs at the school. “It’s not as highly competitive as we’d like to see.”
Part of the problem is that many potential candidates are not aware of the scholarships until after they embark on a cybersecurity career path.
Neither Ed Schwartz, 25, a Carnegie Mellon computer science doctoral student, nor Lyndsi Hughes, 27, a Pitt information security master’s student, knew about the science foundation’s scholarship before applying to their respective programs.
“I did my internship with the Department of Defense while earning my master’s (at Carnegie Mellon),” Schwartz said. “I got to talk to all kinds of interesting people. They told me they need people with Ph.D.s who can do research and get security clearance.
“They’re working on some really cool problems. But they’re classified, so I can’t talk about them.”
Hughes said she knows government officials look for people with her abilities.
“You hear all the time about people getting their e-mail hacked. So they need to hire good people,” said Hughes, who interned this summer at Carnegie Mellon’s Software Engineering Institute.
Signing bonuses and higher paychecks offered by companies such as Google and Yahoo! deter qualified candidates from accepting offers, said Haritos Tsamitis, who heads both of Carnegie Mellon’s scholarship programs.
“They have no problem finding jobs,” Haritos Tsamitis said. So turning down a two-year master’s degree scholarship worth about $100,000 isn’t so daunting, she said.
To overcome that hurdle, Homeland Security officials seek students motivated by factors other than money, said Bobbie Stempfley, director of the agency’s national cybersecurity division.
“I want people motivated by ambition and passion,” Stempfley said. “To spark that, we show them how exciting it is to learn what the threat environment looks like and how to implement strategies. We show them the breadth of cybersecurity issues we’re dealing with.
“It’s about putting that puzzle together. We find the ones motivated by solving that puzzle.”
Homeland Security holds job fairs specifically for the science foundation’s scholarship students, Stempfley said.
Victor Piotrowski, director of the foundation’s scholarship program in Washington, knows the financial realities.
“While tuition has been rising, we have the same budget as we did 10 years ago,” Piotrowski said.
In July, the Senate Appropriations Committee recommended increasing the scholarship fund from about $13 million to $45 million a year, he said. A cybersecurity bill introduced last year by Sen. Jay Rockefeller, D-W.Va., and Sen. Olympia Snowe, R-Maine, proposed an increase to $50 million in 2010 and annual increases until capping at $70 million per year in 2014, Piotrowski said.
Air Force Lt. Col. Rene White, a Pentagon spokeswoman, said the Department of Defense’s scholarship budget is about $5 million annually.
Regardless of funding, the number of science foundation scholars who find a job shows the program to be a success.
Carnegie Mellon has had 113 foundation scholarship graduates, and “we’ve had a 100 percent placement rate,” Haritos Tsamitis said.
How it works
The National Science Foundation and the Department of Defense offer scholarships for students pursuing cybersecurity careers.
In exchange for money to obtain a master’s degree in information security — and sometimes a doctorate — a student agrees to work for a U.S. agency for the number of years it took to complete the degree.
The recipient is virtually guaranteed a job, perhaps as a software developer, cybersecurity policy analyst or information infrastructure architect for employers such as the departments of Homeland Security or Defense or the National Security Agency.
Source: Tribune-Review research