The urgent and massive need for computer security professionals has caught the government, industry and education sectors quite unprepared. Corporations such as Target are suddenly finding that large-scale compromise of their information systems is not just an embarrassment, but a significant threat to their commercial viability.
Are corporations in Washington state, across the spectrum from the commercial to the technology sectors, any better prepared and any less vulnerable to cyber-attack than Target?
If the information systems of an organization with the resources and expertise of Target are vulnerable to attack, how can smaller companies and even individuals feel safe in their use of the internet?
The internet has enabled enormous change in our lives and increased productivity through electronic commerce, access to information and social networking. But we are now all hooked! We are all dependent on the internet and computers for commerce, entertainment and control of our infrastructure. However, the convenience, efficiency and ease of access afforded by the internet make us all vulnerable to attack.
Furthermore, we are engaged in a continuing arms race. Attackers continue to find new vulnerabilities in software and systems, leading to new ways to compromise our privacy and trust in our computer systems. Although the computer systems and software that we all commonly use have become more robust and resistant to attack, there is a need for constant vigilance and re-evaluation, as recently demonstrated by the "heartbleed" bug found in widely-used open source encryption software.
This is the challenge of cybersecurity: how do we continue to enjoy and prosper from the wonderful opportunities and resources available to us on the internet without incurring unacceptable risk? From this challenge has emerged a whole new profession in computer and information systems security.
Certainly, large corporations have had computer security experts on their staff for decades, but in the past they mainly concentrated on physical perimeter security and disaster recovery. The new breed of computer security professional needs expertise in computer operating system and network configuration, cryptographic techniques and tools, and defense mechanisms such as firewalls and intrusion-detection systems.
These are not the attributes of typical computer science graduates, who are already in short supply for the state's information technology and software development industries. This is a whole, relatively new, field of study. There is currently a need for thousands of suitably qualified computer security professionals, but very few colleges and universities in the nation have the faculty and academic programs to make a significant impact on this shortage in the workforce.
However, Whatcom County is well served in the training of computer-security practitioners. The established, accredited two-year Cybersecurity program at Whatcom Community College has now been joined by a second two-year program at Western Washington University, together culminating in a bachelor's degree in Computer and Information Systems Security.
This combined four-year program has been designed specifically to help address the urgent need for graduates with specialist knowledge and skills in computer security. This is the opportunity of cybersecurity: our local technology industry could exploit this rich source of expertise right here, in our own community.
Few companies can afford to hire full-time computer security specialists, but even fewer companies can afford to neglect security and accept the risks of cyber-attack. The burgeoning computer security industry provides expert service to clients, drawing on exactly the skills and knowledge gained by students in the new security programs.
Cybersecurity presents a huge challenge for the whole community but could provide a lucrative opportunity for Whatcom County.
ABOUT THE AUTHOR
David Bover is the associate dean of Western Washington University's College of Sciences and Technology and the former chair of Western's Computer Science Department.