The Center for Strategic and International Studies (CSIS) has released a study explaining the nation’s need to substantially increase the number of highly skilled cybersecurity specialists.
The report, Human Capital Crisis in Cybersecurity: Technical Proficiency Matters, cites a 2007 House Homeland Security Committee hearing to illustrate agency need for cybersecurity staff. Witnesses from the Dpeartments of State and Commerce testified that their respective systems were penetrated by “zero-day” attacks (exploiting vulnerabilities for which there was no patch). The Commerce witness stated he did not know when the attack first ocurred and it “had spread to at least 32 systems, all of which were connecting to servers in China.” By contrast, the State Department official testified that the attack on his agency’s systems was detected moments after it occured, the system was cleaned and the attack was stopped.
The report goes on to state that the Commerce Department witness testified that his organization met FISMA compliance requirements but the attack got through because it used a zero day vulnerability. The State Department official stated that, in addition to meeting FISMA compliance requirements, he “had built a team of network forensics investigators, deep-packet-analysis experts and security programmers who could find and eliminate problems.”
The CSIS Report is attached.