Threat Management, Threat Intelligence

Cyberspace: An endless highway without a patrol

Today’s columnist, Sean McDermott of RedMonocle, says that companies should use the NIST 800-53 security and privacy controls to help find cyber risk blind spots. After that, companies need to fund and then fix the security gaps.

Much like highway systems worldwide, we built cyberspace into a massive, useful tool that supports commerce and the transfer of information. We must protect this asset, which has rapidly become an avenue of choice for criminals and even state actors. While the motivations for cyberattacks vary, with some focused on financial gain and others done to gather intelligence, we only need to look at the massive breach of Microsoft’s Exchange servers and the recent SolarWinds hack to get a sense of the scope of new threats. Now operationalized, cyberspace has evolved from a new arena of human innovation into a broad landscape where forms of power and influence are applied by scores of entities.

Countries employ state-supported highway patrols to maintain order because they recognize that someone breaking the rules of the road puts everyone at risk. If we’re willing to invest resources and personnel to keep physical roads safe, we should acknowledge it’s time to take the same approach – on a global scale – to defend the millions of pathways in cyberspace.

The challenge we face is that cyberspace has become a road that’s expanded faster than we can adequately patrol it. That’s why nations need to establish elite cyber forces with the expertise required to identify threats and tackle emerging problems before we’re forced to shut down our digital roadways. We should not accept that cyberspace will become a lawless domain where anything goes.

Well-trained cyber forces will not solve all our problems in cyberspace, but preparing a larger group of students now will put the pieces in place to help us address threats in the future. To be clear, progress will not happen overnight. We would not expect special operations military personnel to conduct a high-stakes mission without years of training, and we cannot simply send people through a cybersecurity crash course and expect satisfactory results.

Developing a cyber workforce takes strategic investments and years of study by committed people willing to serve. As the former Chief of the Israel Defense Forces (IDF) Cyber Staff, I saw first-hand the benefits of targeted investments in cybersecurity personnel and world-class training. Cybersecurity education begins early in Israel, and we should approach cyber literacy just like we do with many other academic subjects.

Through a nationally concerted commitment to human resource development at scale, Israel offers cyber education programs in schools at a young age, and screening processes help discover talent. For example, several years ago, Israel established a national Cyber Education Center (CEC) to give students the onramp they need to develop the latest technical skills and prepare people to work with cyber teams. Investments also include training centers and concepts different from university education, with real-life scenarios, such as simulations, workshops, and wargaming. I have seen this ongoing learning cycle pay dividends for many students during military service and in their business careers.

The specifics of developing a cyber workforce will vary by country, but we already have other examples to guide us. In the United Kingdom, the “Cyber Discovery” initiative, a multi-million-pound government investment, engages thousands of teenagers with more than 200 fun challenges and games that promote interest in cybersecurity. At the university level, the United States government uses its National Centers of Academic Excellence in Cybersecurity program to encourage academic institutions to pursue designations focused on cyber defense education, research, and operations. The program aims to establish curriculum standards and integrate cybersecurity across academic disciplines.

If we are to adequately defend cyberspace, we need to prepare tomorrow’s cyber experts. Doing so on a global scale will elevate our collective ability to collaborate, attribute attacks more quickly, and implement logical rules and consequences to deter bad actors. We can do this through a global organization like a Cyber-WHO, which would be especially useful to provide developing nations with the advice, and potentially the financial assistance they need to establish their own training programs. Working together, countries can enhance training of the necessary security experts and bring order to the highways and backroads of cyberspace.

Yaron Rosen, co-founder and president, Toka

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.