It’s Time for e-Sputnik

Lessons from the space race would go a long way in shoring up today's cyber defenses.

The metaphors most often used when people talk about improving cybersecurity are "cyber 9/11" or "digital Pearl Harbor," in which a surprise attack on the United States wakes us from our collective slumber and mobilizes us to confront a new threat to national security.

But these metaphors draw on the wrong examples from history.

A better analogy would be the Soviet Union's launch of the sputnik satellite in 1957-an event that shook U.S. confidence in our presumed technological superiority and had grave implications for our economic and national security.

Metaphors matter because they affect the way people contemplate a challenge and how seriously they take it. More important, the wrong reference can lead to the wrong strategy and the wrong outcome.

Both Pearl Harbor and 9/11 led to military strategies focused on the nation's defense. Sputnik, and the space race that ensued, led to massive investments in science, technology, engineering and math, resulting in both national security and economic outcomes that gave the United States a decisive advantage in the Cold War. We have to frame our cybersecurity challenges similarly.

The most significant hurdle in protecting critical infrastructure and information systems is recruitment and training. The nation is not producing enough computer science graduates. Cybersecurity might come across as a technology issue, but at its heart it's a people issue. We simply don't have enough of them going into the field.

Education Department statistics show U.S. universities and colleges are turning out only about 9,000 computer science graduates annually. By comparison, the department reports there are about 25,000 graduates in parks, recreation, leisure or fitness majors every year, and 55,000 English grads.

The trend is going in the wrong direction. We're producing fewer computer science graduates now than we did in 2000, and when we need them more.

Drill deeper into Education's numbers and the discrepancy becomes clearer still. Among those 9,000 computer science graduates, only 700 were computer and information systems security majors. During that same period, Booz Allen Hamilton, for example, posted openings for more than 1,000 computer security specialists.

The corresponding political and economic implications are deep, vexing and persistent.

We faced a similar challenge in the late 1950s and early 1960s, and that experience provides us with a valuable lesson for making our way forward-in which all sectors work together for a common goal that produces a diverse range of beneficial outcomes.

To better understand our current predicament, we have to go back to 1957. The Soviet Union became the first nation to enter space, via the launch of sputnik. The satellite rattled American confidence in significant ways. The United States was supposed to be the world leader in science and technology. In a post-USSR era, such thinking might seem quaint, but at the time it was dead serious.

Sputnik became a catalyst for change.

In less than a year, the National Defense Education Act was signed into law providing, in current value, billions of dollars in scholarships and grants to enable U.S. students to pursue degrees in science, mathematics, engineering and foreign languages. The initial intent was to stimulate a stream of graduates with skills that were applicable to national defense and related priorities-including the launch of NASA-but it also had another effect.

The science revolution NDEA made possible, and the dollars underpinning it, laid the foundation for the semiconductor industry, in which titans such as Intel, Microsoft, Apple and many others emerged.

Don't look for Andrew Grove, Bill Gates or Steve Jobs to doff their hats to NDEA any time soon, but the connections are clear. The law fostered an environment where science and technology mattered, with far-reaching economic, geographic and social benefits across the public and private sectors, the nation and the world.

We had our sputnik movement. Now we need an e-sputnik movement. To be sure, we are not starting from a standstill.

Some promising elements already are in place, such as the Comprehensive National Cybersecurity Initiative and the National Initiative for Cybersecurity Education. Agencies are heightening public awareness as well-the Education, Defense, and Homeland Security departments; the Office of Science and Technology Policy; the Office of Personnel Management; and the Office of the Director of National Intelligence.

Even so, these initiatives represent a mere down payment on where we need to be. The level of budgeting devoted to these federal efforts amounts to little more than rounding when compared to other national spending, especially in the defense and national security sectors.

Where we're investing tens of millions of dollars in grants and scholarships for computer science and network security majors, we need to be investing hundreds of millions of dollars. Sound excessive? Consider this: One F-22 fighter aircraft costs more than $200 million.

Such a change and all the good it can bring will require new ways of thinking, not just in government, but perhaps even more so in the private sector. This isn't about bending metal, or building a new platform, or the contract cycles associated with those things. It's about something more important, and also more scarce-people.

It's critical to draw from the lessons of the recent past and adapt them to meet our needs today and in the future. National security might be the impetus for change, but the economic, financial and societal benefits defy categorization.

Patrick Gorman is a senior director for cybersecurity at Booz Allen Hamilton. Previously, he was associate director of national intelligence at the Office of the Director of National Intelligence.

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
FROM OUR SPONSORS
JOIN THE DISCUSSION
Close [ x ] More from GovExec
 
 

Thank you for subscribing to newsletters from GovExec.com.
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.