As more and more federal agencies rely upon mobile devices, cloud computing and social media, their need for well-trained cybersecurity professionals can be expected to increase. That’s according to the latest survey of 145 C-level Federal managers polled by the cybersecurity education and certification organization, (ISC)2. The survey is part of the 2011 Global Information Security Workforce Study conducted by California-based Frost & Sullivan that examines trends and characteristics emerging in the information security profession worldwide.
In spite of calls on Capitol Hill for reduced spending at many government agencies, C-level managers surveyed believe the number of federal information security professionals is expected to more than double by 2015 to more than 61,000, compared with 27,000 employees in 2010, according to Hord Tipton, executive director of (ISC)2.
“This reflects a need for people from several different skill bases,” Tipton says, “and goes all the way from ‘super-gurus’ to folks who have to do basic implementation and adhere to good policies in the places where they work.”
In recent years, the challenge has been recruiting and retaining enough of the college-trained cybersecurity professionals both the private and public sectors need, in part because of lagging enrollment in the science and mathematics programs that are at the core of most cybersecurity professional’s educations. In addition, relatively low compensation and the lack of professional development and advancement opportunities have been cited as reasons for the shortage of workers. But recent highly publicized cybersecurity breaches such as the WikiLeaks incident, along with instances in countless businesses and government agencies, have helped change opinions about the need for improving circumstances for cybersecurity workers.
“Finally, there are supporters that are trying to come forward with some of the resources that are needed. What that’s telling us is that people are now seeing that all these [data] breaches are important and that they are having a significant impact on the business of government, and all the critical functions that are at risk. They’re also seeing that the salaries of the people that are required to take care of these functions are increasing, and they’re increasing across the board,” Tipton says. As in past years, he adds that the ability to certify cybersecurity experts, and confirm that they have the skills to do the job are more important than ever.
The survey of 145 C-level federal IT managers indicates that mobile computing devices and the vulnerabilities of the accompanying applications are two new areas of concern. Tipton points to the iPad and iPhone, devices with over 300,000 applications currently available, many of which provide regular and sometimes frequent updates, and questions how a cybersecurity worker manage those devices. “It’s not something that’s easy, and there are so many different choices out there,” he adds.
While cloud computing has been touted as a means to utilize government computing resources more effectively, responders to the (ISC)2 C-level study remain concerned about the implementation of cloud computing in the federal agency enterprise. Ninety-four percent of survey respondents said they are concerned about the exposure of sensitive information that result from sensitive data loss/leaks, with 90 percent troubled about unauthorized systems/personnel gaining access to that data.
Half of the government respondents said they are uneasy about the explosion in the use of social media by agencies. However, the Frost & Sullivan survey indicated that one-fifth of respondents related that their agencies have no official policies regarding the use of social media by federal staffers, suggesting a potential venue for cybersecurity breaches.
Tipton says that while it is laudable that federal government CIOs and CISOs are embracing new technologies and applications such as social media sites, the activity emphasizes the need for stepped up cybersecurity vigilance now more than ever.
He points to a new report from Verizon indicating that, “we keep introducing, promoting and deploying technologies that are simple to exploit. The Verizon report noted that 92 percent of the breaches that occurred last year were done with simple tools, and 96 percent of those could have been prevented by simple, straight-forward security controls.”