The vulnerability of the U.S. energy infrastructure to outside intrusion from hackers was exposed by the Department of Homeland Security (DHS) during a briefing on Monday. The agency’s warning about a cyberattack on electrical grids underscores a cybersecurity worker shortage and a brewing national security issue of protecting critical infrastructures.
The Wall Street Journal reported that Russian hackers have come close to disrupting critical services with stolen credentials from trusted vendors. According to DHS’ Jonathan Homer, they were within reach of causing catastrophic electrical blackouts and their threat signals the potential for an attack in the future. The DHS did not say whether a cyberattack was imminent.
The DHS warning comes at a time when U.S. companies are struggling to fill available cybersecurity positions. 40,000 jobs went vacant last year and the IT governance nonprofit organization ISACA estimates that two million cybersecurity positions will be open by 2019. At WorkingNation’s Town Hall event on bridging the gap in cybersecurity employment, experts explained why addressing this skills gap should be a priority as it is becoming a matter of national security.
PSEG Services Corporation’s Vice President of Information Technology and CIO Joseph Santamaria was asked about how the energy company sources its cybersecurity workforce. Because of the sensitive nature of the work, Santamaria said that PSEG must operate within increased regulatory guidelines to find workers and ensure its infrastructure is secure from outside interference.
Santamaria added that protecting an electrical grid and the people is a mission that cybersecurity workers can “connect” with and can help draw people from within PSEG’s region to come work for the company. He said that PSEG also utilizes third-party vendors for routine and entry-level tasks because of the need to scale this work.
While the DHS noted hackers’ infiltration of outside vendors, there was no mention of the specific utility companies which were affected during last year’s campaign. Santamaria’s comments illustrate how complex the energy infrastructure is and the oversight currently in place. But the DHS’ latest warning about how hackers can penetrate networks while under the guise of trusted vendors shows that no network is “airtight” and that companies must maintain constant vigilance.
Increasing awareness of cybersecurity threats requires more communication and cooperation between decision-makers whether they are involved in releasing a digitally-connected product or securing an electrical grid. Town Hall panelist and cybersecurity expert Dr. Ari Juels advocated for a holistic approach to teaching cybersecurity skills so that CEOs down to product managers understand the implications of a costly data breach or system interference.
Attracting people to take on cybersecurity roles such as the “translator” he mentioned is difficult considering the overall lack of awareness of cybersecurity jobs and the salaries that skilled workers can command. According to a recent survey from the University of Phoenix, 80 percent of Americans have not considered a cybersecurity career.
It will be up to policymakers and private industry to work together to develop solutions to bring this training to scale. Public-private partnerships can help expand awareness of well-paying and in-demand jobs in cybersecurity and the information technology sector as a whole.
We are seeing evidence of this in the Creating IT Futures’ initiative from CompTIA. The accelerated training program teaches the foundational skills for entry-level IT positions in several U.S. cities. Students can earn their CompTIA A+ certifications and continue on an upward career path and rise through the ranks with their companies.
CompTIA also has an interactive map called CyberSeek created in partnership with Burning Glass Technologies which details where cybersecurity jobs are located and what certifications are needed to access them. Burning Glass Technologies’ Will Markow said that this map shows which states have the most demand, based on the analyzed data from online job boards.
The American public, though mostly unaware of the career pathways in cybersecurity, are no doubt aware of the increasing problem of hacking and identity theft. There are programs out there that are helping them make the connection that they can do something about it. They do not have to be computer experts to use the tools which have been developed to combat network intrusions. They just need the training and security mindset to deploy them effectively.
Join the Conversation: Have you considered taking on a role in cybersecurity? Tell us why or why not on our Facebook page.