US scholarships aim to close cybersecurity gap

Sep 29, 2012 by Rob Lever
Analysts at the National Cybersecurity & Communications Integration Center (NCCIC) in Arlington, Virginia, in 2010. Full tuition, expenses and a stipend will be paid by the US government at any of dozens of universities for students to get specialized cybersecurity training, in exchange for an equal number of years working for a federal agency.

For students seeking to become cyber warriors, the US government has a sweet deal.

Full tuition, expenses and a stipend will be paid at any of dozens of universities for students to get specialized cybersecurity training, in exchange for an equal number of years working for a federal agency.

The CyberCorps program launched in 2000 highlights how desperate the US government is to get people with the special skills to keep secure.

Backers of the program say it is having a modest impact in meeting the country's growing cybersecurity needs.

"We have a large number of people who are students of cybersecurity, report writers, analysts," Alan Paller, research director at the SANS Institute and head of a task force advising the on cyber skills.

"And we have a very small group who are the hunters. They are the ones who find out how the bad things happen and how to stop it."

Paller said there is intense competition for the small number of highly trained individuals.

"Every single company is searching for these hunters," he said.

Since the program was launched a decade ago, more than 2,000 students have received scholarships from the program, which is now available through 46 US universities.

Victor Piotrowski, program director for the CyberCorps, said the effort is aimed at boosting a "very small pool of people who have cybersecurity training."

The program funded through the National Science Foundation currently provides graduates around 150 students each year. But that is small compared with China which trains "a thousand times more" people, according to Piotrowski.

It is difficult to find people with science and technology background, but cybersecurity adds more requirements—those working for US government agencies must be US citizens, without any criminal records.

Piotrowski said each year some 40 to 60 federal agencies compete for about 150 graduates, virtually ensuring a job for each.

"I can't think of any other profession which attracts so many agencies," he said.

Highlighting the shortage, Piotrowski said some graduates—who are required to work in government for the same number of years for which they receive a scholarship—sometimes get job offers from the private sector which allow them to bypass that requirement by paying back the government.

But Piotrowski said it's not necessarily bad if students move on to the private sector.

He said a large number of graduates go to top-secret jobs at places like the National Security Agency, but that all organizations need cybersecurity, from the Federal Reserve to utility companies.

"The argument is that defending cybersecurity is not only a government effort," he said. "We are only as strong as the weakest link. So by that reasoning it is not a loss."

The program offers aid similar to that of Reserve Officer Training Corps, which offers student aid for those going into the military.

Andreae Pohlman, a recent graduate of the program at George Washington University who is set to begin a government job, said the training included real-life attack and defense simulations which included some surprises.

In one competition, "We didn't know there were already back doors in our machines. We thought we were winning the whole time."

This offered a valuable lesson, she said: "It's important to get experience and exposure about the type of exploitation tools out there."

Mischel Kwon, another George Washington cybersecurity graduate who went on to head the US Computer Emergency Readiness Team before starting her own consulting firm, said awareness is a major issue.

"A lot of the problem is understanding we have a problem," she said.

"The workforce needs to grow and I think CyberCorps is a great way of doing that. We need to educate executives and company boards and help heads of agencies understand this is a priority that needs to be funded."

Patrick Kelly graduated from the GWU program and now teaches there in addition to his work at a federal agency.

Kelly said he tries to get students to learn about a range of possible threats like "phishing" e-mails, physical attacks and data thefts from portable thumb drives.

But he said the bad guys are constantly changing tactics.

"It's getting more severe," he said. "There is now an ability to automate attacks. The number of attacks and successful ones are going up exponentially, you're always playing catch-up."

Piotrowski said that the program has little trouble securing funding from Congress. In fact, he said lawmakers added $20 million to the $25 million requested a year ago.

"We don't have a problem defending the program," he said.

Paller said there is a growing concern that "the next war will be in cyberspace" and that the US is ill prepared.

We are pretty darn good at figuring out how to do attacks," he said. "But we are much more vulnerable to these attacks than everyone else."

Explore further: Digital dilemma: How will US respond to Sony hack?

add to favorites email to friend print save as pdf

Related Stories

Report: Shortage of cyber experts may hinder govt

Jul 22, 2009

(AP) -- Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

US senators call for cybersecurity czar

Apr 01, 2009

Two US senators introduced legislation on Wednesday aimed at creating a powerful national cybersecurity advisor who would report directly to the president.

Germany opens cybersecurity centre

Jun 16, 2011

Germany's interior minister opened Thursday a new cybersecurity centre to protect the country's infrastructure from what he said was a growing menace posed by hackers.

Recommended for you

Digital dilemma: How will US respond to Sony hack?

22 hours ago

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

defactoseven
1 / 5 (1) Sep 30, 2012
Where do I sign? Wait, Do I have to be younger than 60?
alfie_null
not rated yet Sep 30, 2012
Need a better name. Prefixing anything with 'cyber' imbues a superficial, tabloid-like quality.
"What's your job?"

"I'm a cyber-warrior!"

"Oh - really. Do you have a costume?"

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.