A new nonprofit, with roots at the Kennedy Space Center, wants to be the facilitator for the security industry. Dan Kaplan reports.
If one were to map where the nation's brightest science, technology, engineering and mathematics minds are concentrated, the epicenter might fall somewhere along an eastern stretch of central Florida known as the Space Coast.
The region is best known for the Kennedy Space Center, the launching site of every human U.S. space flight since 1968. June 28, however, will mark the space shuttle program's final mission, when Discovery propels into orbit. Any future voyages of that nature will be conducted by private firms, with NASA choosing to focus on deep-space exploration, with the eventual goal of landing on Mars.
The retirement of the shuttle means the end, for now, of the dramatic liftoffs and landings, tragedies and triumphs that have come to define America's fascination with outer space. But it also signifies the end of something more tangible – the technology here on Earth that has emerged because of NASA's scientific research.
The agency is credited with scores of innovations, ranging from smoke detectors and power tools to crop dusters and chips for breast biopsies. Some of the most intellectually gifted Americans built those products – and now about 8,000 of them are expected to be out of a job.
But the aerospace industry's loss may be the cybersecurity market's gain, believes Deborah Kobza, president and CEO of the recently launched nonprofit Global Institute for Cybersecurity + Research (GICSR), founded last August.
The goal of the nonprofit, located just across the street from the Kennedy Space Center, in a business center known as Exploration Park, is to advance cybersecurity education, innovation and research by providing the coordination of key players, and generating recommendations and actionable policy solutions.
Not only is GICSR focusing on helping NASA workers transition to a career in cybersecurity – their skill sets make them a ripe fit for a career in network defense – but the group also views its mission as much broader. If successful, GICSR, enabled by the resources available at Kennedy Space Center, may help generate a new source of American pride that could have as lasting benefits as the innovations that grew from the space program.
“One global industry and technology sector that represents urgent and critical research and workforce education needs and career opportunities across industry, government and academia is cybersecurity,” Kobza says. “In addition to defining next-generation cybersecurity research, trusted tools and technologies, the demand for skilled security professionals is growing dramatically as businesses and governments continue to invest heavily in cybersecurity.”
It is no surprise that education is the chief component of GICSR's strategy. Studies have shown that there is a startling shortage of skilled cybersecurity professionals, both in government and the private sector. And those who do already work in the industry often lack the necessary skills to best do their jobs. Federal officials have estimated that the U.S. government alone needs up to 30,000 security professionals, but only about 1,000 are capable right now.
“We don't have a national cybersecurity workforce...”
– Deborah Kobza, president and CEO of the Global Institute for Cybersecurity + Research
“We don't have a national cybersecurity workforce,” Kobza says. “We have a very small number of people that have expertise in cybersecurity.”
Kobza says part of the problem is that the information security industry lacks clearly defined roles, responsibilities, functions – and perhaps most important of all – career paths.
That means people such as Gene Fredriksen, who serves as an executive vice president at GICSR, finds difficulty distinguishing candidates when they apply for positions at Tyco International, where he runs security.
“Today we're not exceptionally granular,” he says. “In a normal organization, you have a junior senior analyst and a junior senior engineer. That's probably as granular as you get. But when you get into the government with multilayers and multidisciplines, understanding the competencies required in a position is critical.”A competency model
GICSR is leading a national initiative to develop and implement a global critical infrastructure cybersecurity education framework that will help define learning and career paths of the information security industry. The goal is to reach not only laid-off space shuttle workers, but also the current IT security workforce and students from kindergarten through college.
The group already is working on a framework for health care – NASA can lend resources because it is well versed in handling electronic health records of employees – with plans to extend across all critical infrastructure sectors.
To achieve its objectives, GICSR is working in concert with a slew of government entities, including NASA, the National Institute of Standards and Technology, the U.S. Department of Homeland Security and the National Security Agency, as well as security certification companies and academia.
At the school level, GICSR is beginning in its home state of Florida, where the organization is leveraging advanced technology to reach several hundred high school and community college students. The hope is that Florida will become the model for the national cybersecurity workforce, Kobza says.
The group is partnering with SAIC, a scientific, engineering and technology applications company, to take advantage of a10-week CyberNEXS pilot training program, which provides a networking environment that simulates real-world operations.
According to a recently released survey from the National Cybersecurity Alliance and Microsoft, 81 percent of school administrators believe their districts fail to adequately prepare students around online safety and security. It is no surprise then, according to GICSR officials, that many students fail to consider IT security as a viable career path.
“There are fewer and fewer kids that are going from the high schools into technical degree programs.”
– Duke Ayers, VP and program manager for CyberNEXS at SAIC
“There are fewer and fewer kids that are going from the high schools into technical degree programs,” says Duke Ayers, vice president and program manager for CyberNEXS at SAIC. “Even though we see a lot of folks coming over here from other countries, they often find the cost of living [too high]. They take all the knowledge back home with them.”
“There are no state university systems that have dictated or mandated any cybersecurity training at the high school level to be mandatory,” Ayers adds. “They've got shop and they've got gym, but they don't have information security.”
The pilot also will be introduced to students in Manitoba, Canada, a sign of GICSR's desire to extend international dialogue and cooperation.
“We're getting the kids,” says Richard Zaluski, executive vice president, international programs and services at GICSR. “They're the grassroots. They're the ones who are going to change behavior going forward.”
Ayers says he hopes the simulated training has a cascade effect on the certification bodies to begin providing mandatory performance-based testing instead of exams largely concentrated on rote memorization.
“If you just read and take paper-based examinations, you don't have any of that tactile involvement with the knowledge,” Ayers says. “But CyberNEXS provides that immediate feedback emulating exactly what they would expect in the real world.”
Kobza says an integral component of GICSR's mission is to help protect critical infrastructure, which is essential to “international security, public health and safety, economic vitality and way of life.” Core to that mission is the cultivation of an educated, skilled workforce.
“[Organizations] can look at [our framework] and say, ‘OK, I need to hire a privacy professional that needs to be part of my workforce,'” she says. “Then they can look at this competency model and it will show the types of roles and responsibilities a privacy professional would have. Schools can then look at it and say, ‘Our curriculum addresses this, but we've missed this.'”Turning to NASA
The space agency has both a lot to gain from and provide to GICSR. For starters, Kobza says, the group is supporting the transition of space shuttle workers, through collaboration with the Space Center, local workforce and academic organizations, training providers and certification bodies.
In addition, NASA's location across the street from GICSR is providing a synergy that could yield valuable research and development for the security industry. The NASA Center for Lifecycle Design, best known for modeling and simulating space launches, also can extend to other industries.
“Modeling and simulation is a cross-cutting technology that could be used for training, analysis and operations in a number of fields, including cybersecurity,” says Priscilla Elfrey, a senior specialist in modeling and simulation outreach at Kennedy Space Center. “What [Kobza] is trying to do and what we're trying to do is really parallel. Our charter is not only to support aerospace but to see where our technology can support other advanced technologies.”
The center will provide the lab infrastructure to build programs that apply to cybersecurity awareness, education, training, as well as offer the possibility of validating future, innovative security solutions.
“It helps people become aware quicker,” Elfrey says. “It takes complex information and translates it into visual imagery that is easier to grasp.”
“...I think there's a pathway to find jobs.”
– Priscilla Elfrey, a senior specialist in modeling and simulation outreach at Kennedy Space Center
Some of what comes out of the Center for Lifecycle Design is expected to be included at planned CyberDiscovery exhibits at museums across the country. Kobza says she currently is awaiting word on a $900,000 grant proposal to develop the first CyberDiscovery at the Orlando Science Center.
Elfrey says the partnership with GISCR enables NASA to build on its highly developed workforce to identify areas in security where new technology is needed. This, in turn, raises awareness around the need for qualified security professionals.
“If we can make people aware of cybersecurity as an employment field, and make it clear what it is you need to know to do that, and have GICSR with connections to people who hire, then I think there's a pathway to find jobs,” she says.
For the past decade, the security industry heavily has leaned on partnerships among private, government, nonprofit and academic organizations to answer the call of today's challenging and sophisticated threat landscape. In a number of cases, however, the calls for collaboration have been heavy on recommendations and scant on execution.
Perhaps they just needed a boost from a facilitator. Kobza hopes that by GISCR adopting a no-nonsense approach – connecting key players at a global level to achieve a common purpose – actions will result.
“What we see with GICSR is that we really are moving forward with projects and initiatives to make a difference,” she says. “We're not reinventing the wheel. It's about bringing experts together to leverage what's already been developed to see what's missing and to institute best practices moving forward.”
And it just might be the key to keeping the Space Coast as a fundamental stronghold for the nation's most intellectually gifted – 43 years after Apollo 8 launched from Kennedy Space Center and became the first manned flight to leave the Earth's orbit.
“It's almost another opportunity for another Silicon Valley,” Kobza says. “There's a tremendous amount of economic incentive."
National security: Information sharing
The nation's critical infrastructure is an expansive beast. The nonprofit Global Institute for Cybersecurity + Research (GICSR) wants to ensure that it covers those components being overlooked from a situational awareness perspective – but which are crucial to Americans' daily lives.
GICSR has launched the Global Situational Awareness Center (GSAC) to provide services for a National Health Information Sharing and Analysis Center (ISAC), which was stood up in January.
ISACs for aerospace and agriculture are due to open later this year and early next year, respectively. More could be planned for the future.
“We looked at the critical areas that weren't being covered,” says Deborah Kobza, president and CEO of GICSR. Members decided to start with health care because of the proliferation of electronic medical records and health information exchanges.
“There has to be an ISAC to support cybersecurity threat and vulnerability monitoring,” she says.
Among the capabilities of the GSAC, located at Exploration Park, across the street from the Kennedy Space Center, are:
- 24/7 physical and cybersecurity situational awareness monitoring and analysis
- GIS, satellite imagery
- Two-way information sharing
- Modeling and simulation for mock disaster exercises
- Alert/warning notifications
- Incident response, countermeasure solutions
- Communications and crisis information management solutions
- Security protection best practice solutions and education
Photo: (left to right) Gene Fredricksen, executive director, North America; Deborah Kobza, executive director/CEO; and Richard Zaluski, executive director, international programs and services, Global Institute for Cybersecurity + Research (GICSR). Photos by Riku.