By Marlene Cimons, National Science Foundation
When President Obama spoke about the federal budget in a speech at Northern Virginia Community College (NOVA), he talked specifically about a mostly community college-based program called CyberWatch that trains students for computer network security jobs, an increasingly important field in a world where people do almost everything online.
The President highlighted the program, saying: “Everybody in America should be able to get those skills at a community college like NOVA. And companies looking to hire should be able to count on these schools to provide them with a steady stream of workers qualified to fill those specific jobs.”
Program officials were thrilled when Obama stressed the importance of a cybersecurity workforce, stressing “there is real growth potential in this field,” says Casey O’Brien, director of CyberWatch and associate professor in the network technology department at the Community College of Baltimore County. “We teach our students how to create the networks and how to secure them.”
Every business that uses a cyber network needs to worry about security. Every individual who uses the Internet or a cell phone to pay a bill, renew a library book , or access a medical record also is vulnerable. Hackers are poised to steal personal passwords and credit card numbers, or company trade secrets, or simply take over one or more computers to attack many others.
“You’ve got to plan security from the first day you are planning a system, since the problem is very, very serious,” says Robert J. Spear, principal investigator at CyberWatch. “To deal with this, you need a general workforce knowledgeable about the risks, and a technical workforce that can guard against the risks to go on the offense when needed. There is a great need, and if you get a degree in cybersecurity, I can guarantee you will be employed.”
In recent years, enhancing cybersecurity has become a critically important issue with a growing sense of urgency. There has been an escalation in computer security attacks within the last decade, from so-called “phishing” scams that lure people into revealing sensitive and private information, to Internet attacks that crash popular websites.
Even worse, large-scale cyber attacks potentially could topple widespread systems, destabilizing national and economic security and paralyzing key resources, such as power and water. These can come from enemy foreign governments determined to attack U.S. networks, as well as from independent terrorist groups and hackers.
“These days, more and more stuff is being connected; you can pretty much do everything from your cell phone,” O’Brien says. “As more and more devices and more and more data become available from interconnected devices, we need more and more people who know how to protect them.”
Training students to work in the cybersecurity industry is the goal of CyberWatch, a National Science Foundation (NSF) Advanced Technological Education (ATE) Center based at Prince George’s Community College in Largo, Md. The program, which began in 2005, has received a total of $6.2 million in NSF funding.
Since its inception as a consortium of ten institutions in the Washington metropolitan area, CyberWatch has expanded to 88 institutions, including 47 community colleges and 41 universities, across 28 states and Washington D.C.
CyberWatch also has submitted a proposal to NSF to become a national ATE center for cybersecurity education, which would expand its mission to a national audience.
The number of community college students enrolled in its programs has grown from 307 in 2005, before CyberWatch formally began, to 4,617 in 2010.
While the primary focus is at the community college level, CyberWatch has programs that span elementary school through graduate school, including a program for K-12 students with a curriculum track for high schoolers, summer camps, after-school programs, students contests and workshops. At the college level, the program designs model curriculum, trains faculty and works with students on career development. The program has built several major labs, including the Montgomery College Virtual Lab and the University of Maryland Digital Forensics Lab.
Also, it sponsors major student competitions, including the Mid-Atlantic Regional Collegiate Cyber Defense Competition, and the Digital Forensics Challenge, in collaboration with the Department of Defense Cyber Crime Center.
“There is no better way to get students interested and committed than to put them on teams and through competitions,” says Vera Zdravkovich, a senior advisor to CyberWatch, and its first director. “The program brings in security professionals who act as ‘hackers,’ and the students have to do everything they would do if they were working for a bank, or a hospital or business, to protect the network.”
Zdravkovich is working with other institutions to establish additional CyberWatch programs around the country, both as part of the PG-based consortium, or as separate ATE centers. CyberWatch West, another ATE center at Mt. San Antonio College, a community college in Los Angeles, began in January 2012.
In addition to Mt. San Antonio, its partners include California State Polytechnic University at Pomona, California State Universities at Dominguez Hills and San Bernardino, and Whatcom Community College, in Bellingham, Wash. NSF is funding the California center with $3 million over its first four years. It is the nation’s fourth NSF cybersecurity center--others are near Chicago and in Tulsa, Okla.--and the only one based in the Western United States.
“I believe one of the strengths of CyberWatch is that we help the growth of consortia, like CyberWatch West,” she says. “These are spinoffs that are very important. The ultimate goal is to spread cybersecurity education in both two- and four-year institutions throughout the country.”
The training approach focuses on defense, rather than offense. That is, students learn how to protect existing networks, rather than to break into them. There are such jobs in government, in, for example, intelligence gathering. “We do teach a course called ‘ethical hacking and systems defense,’ because the best defense is a good offense,” O’Brien says. “But it is to show students how attackers take advantage of weaknesses in software.”
Typically, students earn a two-year degree, “which is enough for an entry level technician,” O’Brien says. “But we encourage our students to pursue more,” because some employers only will hire graduates who hold baccalaureate degrees. “That continues to be an issue,” Spear says. Even so, “I don’t know of anybody who has finished the program, and is looking for work.”
Cybersecurity: Training Students
CyberWatch spans all school levelsMay 29, 2012 RSS Feed Print
By Marlene Cimons, National Science Foundation