One of the most senior officials tasked with protecting U.S. critical infrastructure says that the lack of security professionals in the U.S. is one of the leading threats to national cybersecurity.
Speaking at TechCrunch Disrupt SF, Jeanette Manfra, the assistant director for cybersecurity for Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), said that the agency was making training for new cybersecurity professionals a priority.
“It’s a national security risk that we don’t have the talent regardless of whether it’s in the government or the private sector,” said Manfra. “We have a massive shortage that is expected that will grow larger.”
Homeland Security is already responding, working on developing curriculum for potential developers as soon as they hit the school system. “We spend a lot of time invested in K-12 curriculum,” she said.
The agency is also looking to take a page from the the tech industry’s playbook and developing a new workforce training program that’s modeled after how to recruit and retain individuals.
For Manfra, it’s important that the tech community and the government agencies tasked with protecting the nation’s critical assets work more closely together, and the best way to do that is to encourage a revolving door between cybersecurity agencies and technology companies. That may raise the hackles of privacy experts and private companies, given the friction between what private companies wish to protect and what governments wish were exposed — through things like backdoors — but Manfra says close collaboration is critical.
Manfra envisions that government will pay for scholarships for cybersecurity professionals who will spend three to five years in government before moving into the private sector. “It builds a community of people with shared experience [and] in security we’re all trying to do the same things,” she said.
Priorities for Homeland Security are driving down the cost of technologies so that the most vulnerable institutions like states, municipalities and townships or the private companies that are tasked with maintaining public infrastructure — that don’t have the same money to spend as the federal government — can protect themselves.
“When you think about a lot of these institutions that are the targets of nation sates… a lot of them have resources at their disposal and many of them do not,” said Manfra. “[So] how do we work with the market to build more secure solutions — particularly with industrial control systems.”
The public also has a role to play, she said. Because it’s not just the actual technological infrastructure that enemies of the U.S. are trying to target, but the overall faith in American institutions — as the Russian attempt to meddle in the 2016 election revealed.
“It’s also about building a more resilient and aware public,” said Manfra. “And adversaries have learned how they can manipulate the trust in these institutions.”