As part of the administrations continuing efforts to actually do something tangible to improve the security posture of US critical infrastructure and to better deal with a severe lack of technical talent the CSIS (Center for Strategic and International Studies) announced the US Cyber Challenge (here) to identify and develop 10,000 cyber security specialists.
One of the fundamental deficiencies of the current US critical infrastructure protection programs (there are many of them), is the astonishing lack of qualified technical security specialists. This program aims to develop the next generation of technically advanced cyber warriors and security specialists.
The United States Cyber ChallengeThe US Cyber Challenge is a national talent search and skills development program. Its purpose is to find 10,000 young Americans with the interest and skills to fill the ranks of cyber security practitioners, researchers and warriors. Some will, we hope, become the top guns in cyber security. The program will nurture and develop their skills, and enable them to get access to advanced education and exercises, and where appropriate, enable them to be recognized by employers where their skills can be of the greatest value to their nation.
Improving our private and public sector security posture will be an ongoing process as we adopt new technology innovations and as the dynamic global environment shifts between hostile and friendly actors. Recruiting the next generation of technically advanced security specialists and developing the skills today to deal with tomorrows threats is key to ensuring we have a population of talent to enable continued growth and prosperity of the United States and its citizens. Like so many times in our history, the hopes of an aging nation rest on the shoulders of America’s youth.
The US cyber challenge has provided some details on three-large scale competitions that will drive the identification process
For high school students(1) CyberPatriot, the High School Cyber Defense Competition conducted by the Air Force Association: a competition in computer systems and network defense – where the competitors attempt to analyze the security state of the competition network and then must secure the systems while maintaining services and responding to attacks by a hostile Red Team. This is a preparatory program that encourages students to continue their security training in college and to compete in the National Collegiate Cyber Defense Competition.
For the top high school students and for college and graduate students(2) The DC3 Digital Forensics Challenge conducted by the DoD Cyber Crime Center (DC3): a competition in digital forensics where, in increasingly challenging scenarios, contestants attempt to uncover evidence on digital media, just like you see on all the crime scene investigative shows on TV. Whether it is an intrusion by a nation state, or a child pornography investigation, digital forensics is the key to answering the who, what, where, when, why, and how questions.
(3) The Network Attack Competition conducted by the SANS institute: a competition in network vulnerability discovery and exploitation. This program will include substantial ethical and legal instruction. An essential tenet of the emerging US national strategy for cyber security is that offense must inform defense. Perhaps the single most important reason that America’s computers are so easily exploited is that the government and the companies in the critical infrastructure relied for security guidance on individuals who were not intimately familiar with how cyber attacks work.
Promising candidates will be immediately recognized and will be invited to attend regional “camps” at local colleges, run jointly by college faculty and cyber security experts from the community, where they will develop their skills more fully and participate in additional competitions. The students who rise to the top in these regional programs will be invited to live national challenges like those conducted by the University of Texas at San Antonio an NYU Polytechnic.
Greatly promising candidates from these programs will be given either Federal Service grants or SANS Institute scholarships to study advanced cyber security programs and may earn scholarships to colleges and graduate programs at participating schools.
Finally, the best of the candidates will be brought into federal agencies like the National Security Agency, the FBI, DoD DC3, US-Cert, and the US Department of Energy Laboratories, all of which are helping to make this program effective.