SPECIAL SERIES:Cybersecurity: The Next Great Battlefield
In this series of articles running through July, RealClearPolitics and RealClearDefense take an in-depth look at the intersection of cybersecurity, technology, and warfare in the 21st century. Below is Part 5.
Start with a truism: There is a gap between the demand for technical skills in the modern economy and the supply of workers who possess those skills. Employers cannot find enough qualified applicants to fill a growing number of jobs that require such skills. It has been called the “STEM crisis.”
This is true across domains — from science and engineering to finance and health care — in part because information technology is beginning to infuse all aspects of the economy. One of those domains is cybersecurity.
Which brings us to a second truism: Cybersecurity is among the major challenges facing today’s public and private sectors, and one that will only grow as our economy becomes ever more digital. It is already daunting, given the ubiquitous data-sharing that defines our social-media age. Nearly every person has a computer in his or her pocket -- often linked up to the cloud and various social media -- making just about every employee a potential cyber target. Cybersecurity is no longer a specialized issue of concern to one’s IT department, but something that impacts nearly everyone. Consider that Facebook has over 2 billion users worldwide.
Moreover, with the advent of the “Internet of Things” and “cyber-physical systems” — in which software, smart technology, and connectivity are embedded into physical infrastructures — traditional industries, including transportation and manufacturing, will face the same cybersecurity challenges as Silicon Valley tech companies.
Yet, despite this, it has taken several high-profile data breaches — Equifax, Facebook, and the federal government — and an accompanying public outcry to put serious pressure on lawmakers to act. But the difficulty of finding solutions is partly a function of the skills gap. What, exactly, is to be done?
Technology moves quickly. One of the challenges of cybersecurity is that compliance with existing security standards or regulations does not guarantee protection. Why? Because these standards and regulations are always playing catch-up to the technology. Of course, standards are necessary and important. And part of the solution may be to have more or better regulations. But “compliance isn’t cybersecurity,” said one former federal agent who worked in international cybersecurity before moving into the private sector. “A lot of companies don’t even know they’re being hacked”; they just assume they’re safe because they’re compliant. “Look at Equifax.”
The problem is that those who address cybersecurity breaches are only secure for yesterday’s threats and remain unaware of today’s, much less tomorrow’s. For companies — and government regulators — to anticipate and get out in front of new and emerging threats requires expertise. And that’s precisely what is so scarce in today’s economy.
The good news is that training people to become technically proficient is relatively easy. A broader societal emphasis on STEM is already reshaping education in colleges, secondary and even primary schools. “Coding” has become the watchword for today’s educators, spurring new curricula, organizations aimed at getting more women and girls into STEM, and even summer camps. These efforts will go a long way toward addressing the skills gap, even though it will take time for these students to finish school and take their place in the burgeoning tech job market.
"In a fully digitized economy, employees trained to think critically and synthetically — who can see the forest for the trees — will become more indispensable than ever."
The bigger problem may be what to do once they are populating the workforce. Discussions of the skills gap in STEM fields tend to focus narrowly on technical skills. Although this “present gap” is real, it’s actually easier to solve than the “future gap,” said the same cybersecurity professional. What will be needed are workers who are proficient, if not fluent, in technical skills, but who can manage those who are fluent. This is partly a cultural problem. Engineers are not well known for their interpersonal skills and communication talents, while humanities majors are well known for being intimated by or condescending towards their mathematically inclined peers. This dynamic was captured perfectly in C.P. Snow’s “The Two Cultures” (published way back in ancient times: the 1950s). More importantly, though, in a fully digitized economy, employees trained to think critically and synthetically — who can see the forest for the trees — will become more indispensable than ever.
It is a historical fallacy to assume that just because a new technology is transforming a large sector of the economy, most future jobs — even those directly related to tech — will require mastery of that technology. Imagine if educators in the mid-19th century had assumed that by the 20th, most people would be railroad engineers. New technologies create jobs, destroy others, and spur entire new industries and services in their wake.
To be sure, many of the new jobs, industries, and services created by our digital economy will (and already do) rely on software, making cybersecurity utterly essential. But consider the historical analogy once more. Railroads needed not only conductors and engineers but also managers, porters, designers, and urban planners — to say nothing of the other supporting industries — to manufacture, scale up, and safely deploy a whole new and vast infrastructure. Similarly, it may be that in the near future we will need not just coders and software engineers but employees throughout the economy who can understand and work with techies and not be blindly dependent on their expertise.
This is especially true when it comes to dealing with a problem as multifaceted as cybersecurity, which brings together not just engineering and management, but also policy, regulation, politics, and ethics. As in many other areas of today’s economy, from biotechnology and drone warfare to social media and health care, sweeping technological changes create challenges that are not merely technical. Cybersecurity is no different. Before we can decide what standards to create or enforce, we will have to decide what the ethical norms are when it comes to such complicated matters as digital privacy and international conflicts between “digital vigilantes” who are “hacking back” in retaliation for data breaches.
When it comes to educating today’s workforce to prepare for tomorrow cyber threats, we will need all hands — not just coders’ — on deck.
M. Anthony Mills is the editor of RealClearPolicy.