U Cyber Challenge: Finding the people who canwin in cyberspace? Alan Paller Director of Research, AN Institute apaller@sans.org
Gen. Alexander speaking at CI in June, 2010 One of our greatest challenges will be successfully recruiting, training and retaining our cyber cadre to ensure that we can sustain our ability to operate effectively in cyberspace for the long term
etting the tage ubcommittee on Emerging Threats, Cybersecurity, and cience and Technology April 17, 2007 Chairman: Jim Langevin "We don't know who's inside our networks. We don't know what information has been stolen. We need to get serious about this threat to our national security." tate Dept witness: Don Reid, enior Coordinator for ecurity Infrastructure Commerce Dept witness: Dave Jarrell, Manager, Critical Infrastructure Protection Program
A Tale of Two Departments Commerce Department 1. No idea when it got it in, how it got in, or where it spread 2. Took 8 days to filter (ineffective) 3. Unable to clean the systems; forced to replace them 4. Do not know whether they have found or gotten rid of the infections tate Department 1. Detected it immediately 2. Put effective filter in place within 24 hours; shared filter with other agencies 3. Found two zero-days 4. Helped Microsoft and AV companies create patches and signatures 5. Cleaned infected systems, confident all had been found
What enabled tate to perform so much better than Commerce? Was it tools? No Almost the same commercial tools Commerce actually had more expensive and newer commercial IP/ID Was it skills? Yes Commerce staff s only experience was firewall operations not even firewall engineering. No training other than ecurity+ and CIP. Managers were policy and compliance people - no handson security skills. tate staff had experience and training in forensics, vulnerabilities and exploits, deep packet inspection, log analysis, script development, secure coding, wireless, Windows, Linux, and reverse software engineering. Plus counter intelligence. And managers with strong technical security skills. (Notice the MIX of skills remind you of anything?)
Mission focus -> -> -> Technology focus The Four Quadrants of ecurity kills
Mission focus -> -> -> Technology focus The Four Quadrants of ecurity kills III. Academic security researchers: 2,000 I. ecurity policy analysts, auditors, compliance specialists: 70,000 IV. Hunters and tool builders: 3,000 II. Operators: IP and firewall administrators, security ops center staff, penetration testers, forensics analysts, more: 45,000
Mission focus -> -> -> Technology focus The Four Quadrants of ecurity kills III. Academic security researchers: 2,000->2,000 I. ecurity policy analysts, auditors, compliance specialists: 70,000- >60,000 IV. Hunters and tool builders: 3,000->10,000 II. Operators: IP and firewall administrators, security ops center staff, penetration testers, forensics analysts, more: 45,000->50000
Is Any Country Investing Heavily In Developing These kills? Wicked Rose Key weapons in future wars will be people with advanced, technical cyber security skills
Technical mastery (depth of understanding of the technologies and their security weaknesses) How will military services, contractors, Cyber Command and DH all fill the gaps? III. Academic security researchers: 2,000->2,000 I. ecurity policy analysts, auditors, compliance specialists: 70,000- >60,000 IV. Hunters and tool builders: 3,000->10,000 II. Operators: IP and firewall administrators, security ops center staff, penetration testers, forensics analysts, more: 45,000->50000
Can we expand the pipeline? What are colleges teaching? The sports pipeline model
Can the Cyber Challenge find highly talented young people?
U Cyber Challenge Activities TEP 1 TEP 2 TEP 3 TEP 4 Cyber Foundations (UCC and CKF.org) CyberPatriot (AFA) Cyber Quests (UCC) CCDC (UT an Antonio, DH and others) Forensics Challenge (DoD DC3) NetWars (AN) Cyber Camps Courses and exercises Tournaments Internships cholarships Connect with employers Talented Cyber ecurity People
The Bottom Line The shortage is uneven proven skills of operators, testers and hunters are the critical need alaries are shifting rapidly but the pipeline is still empty The sports model, as implemented by the U Cyber Challenge, may expand the pipeline quickly Making geeks as cool as sports stars