Cybersecurity education growing in Nevada as risks increase
LAS VEGAS (AP) — Those who step into this virtual world will face thieving cyber gangs who are on the hunt for electronic bikes in Europe.
Players assume the role of a cyber-detective: cracking codes and solving puzzles to prevent thefts and protect vulnerable systems.
Are you up for the challenge?
Officials at the Desert Research Institute in Reno hope so. Through a pioneering internship program, DRI wants to make a dent in the dearth of trained workers to fill Nevada’s 1,633 cybersecurity job openings.
Globally, there’s an expected shortfall of 1.5 million cybersecurity professionals by next year.
“The problem is pervasive,” said Brandon Peterson, chief information security officer for DRI. “There’s just simply no way that the traditional education system can even pump out enough individuals.”
Educators like Peterson are trying to get students interested in a field that’s been stereotyped as a career for the socially awkward, nerdy, white male in different ways and at younger ages. DRI’s program — which combines a SANS CyberStart Essentials course, a certification exam and an internship — is one example of the options available for students in Nevada.
“We need to cast a wider net,” Peterson said. “We need to get women, we need to get minorities, and mostly, we need to get people who wouldn’t always necessarily think of a career in cybersecurity or in information technology to start with.”
Monique Moreno, who’s studying networking at the College of Southern Nevada, grew up around computers because her mother works in IT. But she’s aware of the stereotype — that cybersecurity and IT fields are reserved for men — and she’s used to being one of the only women in the room.
“It’s 2018, why do we still think that?” she said with a chuckle.
SOUND THE ALARM
The number and type of threats and data breaches to organizations — educational, financial, health care, public, retail, manufacturing — continue to grow. Mom and pop shops need protection just as much as countries and governments need to be aware of threats to critical infrastructure like electricity grids. In 2015, for example, Russia attacked the Ukraine’s power grid, cutting electricity off from a quarter-million Ukrainians.
“It took them several days to get the power restored,” Peterson said. “We have found in some of our power plants, some traces of those same malwares, but they haven’t been activated.”
Dave Riske, information technology instructor at Western Nevada College in Carson City, said the key to cybersecurity is having a defense structure to offer protection on several layers.
“If someone breaks the outer layer, they’re immediately faced with the next security implementation,” he said.
It’s similar to home security: the fence surrounding a house is the first layer, with the dog inside the fence as the next buffer. The third layer — motion sensor floodlights — hopefully slows the attacker and makes him second guess his next move.
Once the locks on the windows or doors are breached, the alarm sounds.
But, Riske said, there’s always someone who will try to break through.
“Is a thief really going to be thwarted by the lock? Probably not,” Riske said. “They’re going to find a way around it.”
And the tools that are used to breach computer systems can be easy to get and easy to use, said Arthur Salmon, cybersecurity program director for CSN.
But not enough companies, nonprofits or governments place cybersecurity top-of-mind, leaving room for exploitation.
“When are you interested in cybersecurity? The day after you’re front-page news,” said Margaret Taylor, chair of the computing and information technology department at CSN.
Southern Nevada governments and nonprofits are “very far behind” in addressing their own vulnerabilities, said Chris Stream, director of UNLV’s School of Public Policy and Leadership.
“I don’t think local governments, capacity-wide, are prepared for the kinds of attacks that could hit cities, hospitals and nonprofits,” he said.
Stream said tight budgets complicate the matter further.
“You don’t see citizens demanding cybersecurity,” Stream said. “They’re most likely demanding better roads and better schools.”
UNLV’s graduate certificate in cybersecurity, which launched in January, is focused on educating working professionals on how to manage cybersecurity in their businesses. The one-year coursework involves asking students to create a cybersecurity emergency management plan.
“How do you plan for it? How do you strategically invest in it?” Stream said. “Our argument is that it’s more than just an IT-department problem. It needs to be a top priority for the entire organization.”
Some of the biggest threats organizations face, Peterson said, are client-side attacks.
“A huge part of cybersecurity is training end users how to use email safely, how to browse the web safely,” Peterson said. “An attacker, rather than attacking a company’s website, can get into the company by sending an unsuspecting employee an email that entices them to give up their password. Or the employee opens something that contains malware, which allows the attacker to gain a foothold inside the organization.”
According to a February report from the U.S. Council of Economic Advisers, cybercrimes cost the U.S. economy between $57 billion and $109 billion in 2016.
“I would say that we’re behind, but we’re in good company because everybody’s behind,” said Brian Mitchell, director of the Governor’s Office of Science, Innovation and Technology.
In just the past couple of years, however, Mitchell said Nevada has made some “really great strides” in growing its cybersecurity workforce and making cybersecurity a top priority.
Last year, the state Legislature established the Nevada Office of Cyber Defense Coordination — a comprehensive strategy to deter malicious cyber activity against the state and its interests. A two-year strategic plan for the office was implemented on Jan. 1. In addition, OSIT has awarded nearly $630,000 to four organizations, including DRI for its internship program, with the goal of boosting the workforce.
CSN was one of the other recipients, and the college has used the funding to develop new courses like ethical hacking and penetration testing. Western Nevada College is beginning a course in ethical hacking this fall.
“It teaches you how to hack so you can think like a hacker, recognize patterns, and trends, and use them to solve them,” Mitchell said.
EDUCATION IS KEY
Meghan Collins, cybersecurity internship program manager for DRI, said cybersecurity professionals need to be problem solvers, and think through the different angles of a problem. It also takes persistence, curiosity and the ability to learn on the fly.
“In IT, there’s more information than anyone can learn,” Peterson said. “You can’t be expected to know everything. To be successful, you have to know where to go get the answers, or who to get the information from.”
Peterson said the game, which runs June 18-22, will identify those who have the aptitude to do cybersecurity, and hopes hundreds of people apply for the first rollout.
CSN is the first school in the state to be named a National Center of Academic Excellence in cyber defense education by the Department of Homeland Security and the National Security Agency.
While being first gives CSN students an edge over other schools, Salmon said it’s also disappointing.
“It’s really sad because there’s a high demand for workers in this field,” he said. “Part of our job as higher education is to make sure we’re fulfilling the job demand in our area. If CSN is the only one that has it, I think it’s a disservice to the industries.”
Taylor and Salmon were recently part of a team that wrote the standards for Nevada high schoolers to be able to earn career and technical education credit in cybersecurity that can be used for college credit. The first set of K-12 teachers will take part in a training session in June to learn the curriculum.
It’s welcome news to Fran Bromley-Norwood, a cybersecurity teacher at Cheyenne High School in North Las Vegas who has made it a priority to open her students’ eyes to the opportunities available in the burgeoning field.
“This is that one job area where you’ll never have a problem getting a job,” she said.
Prior to the CTE credit being approved, Bromley-Norwood wrote another course as a placeholder. Students voluntarily arrive at school at 6 a.m. — before the first bell — to learn more about cybersecurity.
On Friday morning, Ricardo Torres, 17, began working on a cybersecurity competition, which will serve as the final for the course.
“Every time I get my hands on a computer, I’m happy,” he said.
The first task on his plate in the virtual mock-up world is to install firewall protections for a fictitious company.
“Cybersecurity is really important because you have to handle the user’s data carefully, so that others don’t get it,” he said. “People don’t like their personal information that they give other companies that they trust being misused by other people.”
Bromley-Norwood also hosted a Girls Go CyberStart competition at Cheyenne, and the high school had the highest number of registrants — 290 — in the entire nation. The game gave young women the chance to discover their talents in cybersecurity and learn about careers in the field. In North America, women represent only 14 percent of the cybersecurity workforce, according to Mitchell.
“It was super exciting because there were girls who had no idea was cybersecurity was, or what it entailed . and they were phenomenal,” Bromley-Norwood said. “They had no idea what they were getting themselves into, and afterwards, they were super successful.”
Moreno said there’s a movement underfoot.
She’s part of a cybersecurity club that meets every Friday at CSN, and recently took part in a CyberTech Girls event at the college.
“It’s all about encouraging the younger generation or even women who have some interest to make the leap,” she said. “You just have to break the barrier.”
Information from: Las Vegas Review-Journal, http://www.lvrj.com