> Skip to content
FEATURED:
  • Student-Success Resource Center
Sign In
  • News
  • Advice
  • The Review
  • Data
  • Current Issue
  • Virtual Events
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Career Resources
    • Find a Job
    • Post a Job
    • Career Resources
Sign In
  • News
  • Advice
  • The Review
  • Data
  • Current Issue
  • Virtual Events
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Career Resources
    • Find a Job
    • Post a Job
    • Career Resources
  • News
  • Advice
  • The Review
  • Data
  • Current Issue
  • Virtual Events
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Career Resources
    • Find a Job
    • Post a Job
    • Career Resources
Sign In
ADVERTISEMENT
News
  • Twitter
  • LinkedIn
  • Show more sharing options
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
  • Copy Link URLCopied!
  • Print

Cybersecurity, Rising

Working to meet a national shortage of computer-safety personnel, colleges find customers and complications

By  Paul Basken
February 26, 2017
Cybersecurity, Rising 2
Illustration by Martín Elfman for The Chronicle

Once head of the Transportation Security Administration and deputy director of the FBI, John S. Pistole doesn’t have to struggle to explain the value of teaching cybersecurity.

Now president of Anderson University, in Indiana, Mr. Pistole notes that the computer systems of American companies both big and small are routinely getting hacked, costing them hundreds of billions of dollars annually. Hacking has also meant breaches of financial and personal privacy for millions of Americans. It is widely suspected of having played a key role in deciding the most recent U.S. presidential election. And right in Anderson, Ind., county-government leaders recently paid thousands of dollars in ransom to a foreign hacker who had shut down their computer systems.

We're sorry. Something went wrong.

We are unable to fully display the content of this page.

The most likely cause of this is a content blocker on your computer or network.

Please allow access to our site, and then refresh this page. You may then be asked to log in, create an account if you don't already have one, or subscribe.

If you continue to experience issues, please contact us at 202-466-1032 or help@chronicle.com

Cybersecurity, Rising 2
Illustration by Martín Elfman for The Chronicle

Once head of the Transportation Security Administration and deputy director of the FBI, John S. Pistole doesn’t have to struggle to explain the value of teaching cybersecurity.

Now president of Anderson University, in Indiana, Mr. Pistole notes that the computer systems of American companies both big and small are routinely getting hacked, costing them hundreds of billions of dollars annually. Hacking has also meant breaches of financial and personal privacy for millions of Americans. It is widely suspected of having played a key role in deciding the most recent U.S. presidential election. And right in Anderson, Ind., county-government leaders recently paid thousands of dollars in ransom to a foreign hacker who had shut down their computer systems.

“There’s a critical shortage” of the workers and skills necessary to confront such problems, Mr. Pistole says.

That realization is spreading among colleges. But they aren’t yet producing enough graduates or offering the broad training that many experts regard as essential to meet the growing threat. Cybersecurity job postings grew 114 percent from 2011 to 2015, with 86 percent of the jobs requiring at least a bachelor’s degree, according to Burning Glass Technologies, a job-market-analytics company. Colleges are meeting only about 24 percent of the entry-level demand for those with four-year degrees.

Institutions like Anderson are adding undergraduate and graduate programs, seeing opportunity in a field long dominated by technical schools. Just this academic year, the university has added majors in cybersecurity and computer engineering.

ADVERTISEMENT

Cybersecurity graduates can anticipate “negative unemployment as far as the eye can see in this realm,” says Joseph F. Sawasky, a former chief information officer at Wayne State University who now leads a cybersecurity training effort in Michigan.

Encouraged by federal incentives, many colleges are teaching computer code. But hacking is a crime that involves creativity, an understanding of human behavior, and expertise in the full range of endeavors that involve computers. A bachelor’s degree seems crucial to such training, and colleges are only beginning to identify what courses it should include.

“This is a serious shortcoming,” says Jeremy Epstein, deputy director of the Computer and Network Systems Division at the National Science Foundation. “Many people are saying we need to turn out more cybersecurity people. But we don’t agree on what ‘cybersecurity people’ means.”

The confusion stems from the history of the discipline. One of the organizational structures for teaching cybersecurity at the college level is the National Centers of Academic Excellence in Cyber Defense, run jointly by the National Security Agency and the Department of Homeland Security.

More than 200 American colleges have earned the Centers of Academic Excellence designation, which affirms to students and employers that their cybersecurity curriculum meets a set of detailed standards.

ADVERTISEMENT

The program was founded by the NSA in 1998 with an eye toward producing graduates for the agency’s specific needs — focused mostly on coding ability.

Its certification is enough for a university like Anderson to build a pipeline to government agencies, and to attract faculty members and students, Mr. Pistole says. It’s about “building a brand, frankly, which is an important thing for schools to do.”

ADVERTISEMENT

In recent years, the national program has started to adapt, shifting toward a more comprehensive idea of what cybersecurity training could mean, says Daniel R. Stein, who directs cybersecurity education and training at the Department of Homeland Security. The federal certification process now requires colleges to show that a wide range of students, not just those in computer science, receive some cybersecurity training, Mr. Stein says.

Among the institutions that are shifting to a more comprehensive notion of cybersecurity is Clemson University. Its Humans and Technology Lab conducts research aimed at making automated systems better reflect the ways people actually behave, with protections designed accordingly. Recent projects include studying how patients use electronic health records and exploring the risks to privacy posed by wearable devices.

Nationwide, colleges have a long way to go to incorporate that kind of broad approach into their educational and research agendas, says Kelly Caine, an associate professor of human-centered computing at Clemson, who heads the lab.

ADVERTISEMENT

But even for institutions still focused mainly on teaching code, extensive worker shortages mean that cybersecurity graduates will find jobs, especially if they come with a solid liberal-arts education. Companies are accustomed to taking entry-level workers with raw ability and teaching them additional skills specific to their jobs.

TAKEAWAY

Cybersecurity may be hot, but it’s still evolving as a field

  • Demand for cybersecurity graduates is strong and is running well beyond the ability of colleges to produce enough qualified graduates.
  • Companies want colleges to produce good technical coders, but they are also seeking graduates who have a big-picture, interdisciplinary sense of what it takes to ensure computer-based security.
  • Colleges could produce more-valuable graduates by providing a broader curriculum, and by arranging more internships, apprenticeships, and other real-world experiences.
  • Higher education has a long way to go to incorporate cybersecurity basics — identifying basic risks, for example — into virtually every academic field.

Lisa Cannon, director of the IT department in Madison County, Ind., takes that approach. After paying foreign attackers who held the county’s computer systems hostage — blocking access to official records for courts, tax collection, property deeds, and other services affecting 130,000 residents — she found a graduate of Ball State University to manage the county’s newly tightened computer systems.

With his education, the technician was “a jack of all trades and a master of none,” she says. A week of “boot camp” run by Cisco made him proficient in the specific skills the county needed, Ms. Cannon says.

The hackers’ attack happened less than two months after she was named director of technology, on the Friday evening before a scheduled Monday meeting to sign a contract establishing an off-site backup system. With more training, her predecessor might have recognized the need for the backup system, along with stricter rules that would have limited the access afforded to outside vendors — one of which accidentally allowed the attack.

Colleges can’t fight cybercrime alone. Incorporating holistic strategies requires incentives such as regulations and legal codes that put more responsibility on product designers for preventing computer-security problems, says Carl E. Landwehr, a cybersecurity research scientist at George Washington University.

ADVERTISEMENT

Researchers and product designers also need to look anew at computer languages, says Mr. Landwehr, who previously worked at the Naval Research Laboratory. Many products and systems rely on programming languages that are prone to mistakes and were not designed with security as a primary objective, he says.

“Right now,” Mr. Landwehr says, “we’re not building with very good lumber.”

Paul Basken covers university research and its intersection with government policy. He can be found on Twitter @pbasken, or reached by email at paul.basken@chronicle.com.

A version of this article appeared in the March 3, 2017, issue.
Read other items in this The 2017 Trends Report package.
We welcome your thoughts and questions about this article. Please email the editors or submit a letter for publication.
Paul Basken
Paul Basken was a government policy and science reporter with The Chronicle of Higher Education, where he won an annual National Press Club award for exclusives.
ADVERTISEMENT
ADVERTISEMENT

Related Content

  • Innovations in Cybersecurity Benefit Graduates and the Nation
  • Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Virtual Events
    • Chronicle Store
    • Chronicle Intelligence
    • Find a Job
    • Post a Job
    Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Virtual Events
    • Chronicle Store
    • Chronicle Intelligence
    • Find a Job
    • Post a Job
  • Know The Chronicle
    • About Us
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • DEI Commitment Statement
    • Accessibility Statement
    Know The Chronicle
    • About Us
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • DEI Commitment Statement
    • Accessibility Statement
  • Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Institutional Subscriptions
    • Subscription & Account FAQ
    Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Institutional Subscriptions
    • Subscription & Account FAQ
  • Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
    Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
1255 23rd Street, N.W. Washington, D.C. 20037
© 2023 The Chronicle of Higher Education
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin