Thursday, December 6, 2012

Cybersecurity: Playing Defense and Offense in Cyberspace and the Economy

In the early years of cyberattacks, organizations would wait to be attacked before they developed a comprehensive plan and response to the attacker. The attack would render the organizations' network presence useless and down for days. Several reasons cyberattacks could severely cripple a network in the early days of this malicious behavior are not enough concentrated research on defending and preventing and the lack of a coordinated effort between private industry and the government.


Since the first well known and wide spread cyberattack in the mid-1990's, many professionals in public and private organizations have diligently been studying and working on the problem of cyberattacks. Initially security companies like Norton, McAfee, Trend Micro, etc. approached the problem from a reactive posture. They knew hackers/malicious attackers were going to strike. The goal of what is now called Intrusion Detection Systems (IDS) was to detect a malicious attacker before an anti-virus, Trojan horse, or worm was used to strike. If the attacker was able to strike the network, security professionals would dissect the code. Once the code was dissected, a response or "fix" was applied to the infected machine(s). The "fix" is now called a signature and they are consistently downloaded over the network as weekly updates to defend against known attacks. Although IDS is a wait and see posture, security professionals have gotten much more sophisticated in their approach and it continues to evolve as part of the arsenal.


Security professionals began looking at the problem from a preventive angle. This moved the cybersecurity industry from defensive to offensive mode. They were now troubleshooting how to prevent an attack on a system or network. Based on this line of thinking, an Intrusion Prevention Systems (IPS) called Snort (2010) was soon introduced. Snort is a combination IDS and IPS open source software available for FREE download. Using IDS/IPS software like Snort allows security professionals to be proactive in the cybersecurity arena. Though IPS allows security professionals to play offense as well as defense, they do not rest on their laurels nor do they stop monitoring the work of malicious attackers which fuels creativity, imagination, and innovation. It also allows security professionals that defend the cyberworld to stay equal or one step ahead of attackers.


Cybersecurity also plays an offensive and defensive role in the economy. In its cybersecurity commercial, The University of Maryland University College (2012) states there will be "fifty-thousand jobs available in cybersecurity over the next ten years." The school has been running this commercial for more than two years. When the commercial first began running they quoted thirty-thousand jobs. They have obviously adjusted the forecast higher based upon studies as well as the government and private industry identifying cybersecurity as a critical need to defend critical infrastructure.


Cybersecurity can play economic defense by protecting these jobs which deal with national security concerns and must remain the in the United States. The cybersecurity industry is driven by national security in the government realm and intellectual property (IP) in the private industry space. Many U.S. companies complain to the government about foreign countries hi-jacking their software ideas and inventions through state sponsored and organized crime hackers. Given that foreign countries condone state sponsored national security and intellectual property attacks, it would be to the benefit of companies to find human capital within the shores of the United States to perform the duties and tasks needed.


On the offensive side, Cybersecurity can spur development and increase the skill sets of residents in counties like Prince George's County, Maryland which sits in the epicenter of Cybersecurity for the state of Maryland and the nation. Prince George's Community College is the home of Cyberwatch and the central hub for cybersecurity training and best practices that gets pushed out to other community colleges that are part of the consortium. The goal of these community colleges is to align the education offered to students with skills that companies say are needed to be "workforce ready." It is also a rich recruiting ground for tech companies across the country to identify and hire human capital to put on the front lines of the U.S. fight in cybersecurity. As Maryland Senator Barbara Mikulski (2012) says, the students are trained to be "cyberwarriors" and in turn workforce ready.


In conclusion, cybersecurity has come a long way since the publicized hacking cases of the 1990's (Krebs, 2003). These cases brought awareness to the need for the best and brightest to enter the field of computer and network security with the purpose of devising strategies and techniques to defend against "bad actors" that would use technology to commit malicious acts. Because computer and network security require STEM (Science, Technology, Engineering, Math) skills, the pool of U.S. born applicants is presently small. This presents an economic development opportunity for locales that use their community colleges as technology training grounds that are closely aligned with technology companies who need the human capital. The overarching goal of the stakeholders is to produce "workforce ready" students.


Reference


"Cybersecurity Degree". University of Maryland University College, Adelphi, MD. WRC-TV, Washington, DC. 12 Oct. 2012


Krebs, B. (2003). A short history of computer viruses and attacks. Washington Post. Retrieved from http://www.washingtonpost.com/wp-dyn/articles/A50636-2002Jun26.html


Mikulski, B. (2012, February 23). General format. Retrieved from http://www.youtube.com/watch?v=nWNTOi3pEhg


Snort. (2010). About snort.

0 التعليقات: