If someone were to break into Lockheed Martin’s vaults, grab millions of plans, load them into a truck and make a getaway, it would be a major crime.
But when something like that happens in cyberspace, as it did earlier this week, it makes headlines, but causes few ripples outside the defense industry.
That’s about to change.
The U.S. government recently released a national cyber-security policy aimed at cracking down on cyber theft, and it just so happens that the policy could hold business opportunities for Colorado Springs.
The new policy calls for military action whenever a foreign government is suspected of hacking into a U.S. computer system — something the government said happened in 2006 when the Chinese allegedly stole millions of documents from the state department.
Brian Binn, president of military affairs for the Colorado Springs Chamber of Commerce, said Colorado Springs military assets house two cyber security elements.
Those assets include U.S. Northern Command at Peterson Air Force Base and the Space Command at Schriever Air Force Base. Those two agencies are key players in the new cyber security plan.
Helping to protect that sensitive national and business information could mean a boost to local business.
“It’s not going to be an overnight thing,” Binn said. “But it is coming. We have some important assets here — and we always let people know that those assets are here. It will create business, especially now that the continuing resolutions are over and we have a budget.”
The policy change could mean an onslaught of jobs. Companies won’t move here merely to be close to headquarters elements, Binn said. They’ll also want a highly trained, highly educated work force.
So far, however, there are far too few cyber security experts to meet the threats faced by the nation, according to a report from the Center for Strategic and International Studies.
“The cyber threat to the United States affects all aspects of society, business and government, but there is neither a broad cadre of cyber experts nor an established cyber career field to build upon, particularly within the federal government,” the report said.
Military and nuclear energy structures face “continuous attacks,” the report said.
“For the past six years, the U.S. Department of Defense, its nuclear laboratory sites and other sensitive U.S. civilian and government sites have been attacked many times.
“A critical element of a robust cyber security strategy is having the right people at every level to identify, build and staff the defenses and responses,” the report said. “That is, by many accounts, where we are weakest.”
The report says there are currently only 1,000 cyber security specialists — but there should be 30 times that many.
And that’s what the University of Colorado at Colorado Springs has been working toward since 1999. The university operates both a Center for Homeland Security, which offers some cyber education, and is also home to the National Institute for Science, Space and Security Centers.
In addition to performing major cyber research initiatives — some that include attempting to hack into their own high-tech server, bought with a U.S. government grant — the institute offers a variety of educational opportunities, from bachelor’s degrees to certificate programs to doctoral degrees.
“It’s interesting, overall, that computer science students are declining — it’s a national trend,” said Scott Trimboli, managing director of the institute. “But anecdotally, at least, we’re seeing more interest in information assurance programs.”
The programs stretch across discplines, as well, making it difficult to track how many students are involved. One track is the Bachelor of Innovation program, created and used solely at UCCS.
One of the tracks involves information assurance, or cyber security, Trimboli said. But that program also provides Colorado Springs residents with something else: the ability to start a ground-floor business immediately after graduation.
“We’re not only giving people the technical skills, we’re giving them business skills,” he said. “That’s going to have tremendous affect in the Springs — people who can run their own business, immediately.”
Other universities are interested in the B.I. program, but UCCS trademarked it, so it can’t be used elsewhere.
“We’re working on ways to share that,” he said.
The CISC report said that UCCS’s strategy is just one step in the right direction. It also recommends other initiatives to get the country where it needs to be. One of those is to make sure there is a career path — similar to that in civil engineering or medicine — to reward and retain those with high-level technical skills.
It also said companies should use additional training resources to increase workers’ cyber compentence. But the companies should be cautious where they spend their money.
“Individuals and employers are spending scarce resources on credentials that do not demonstrably improve their ability to address security-related risks,” the report said.
Currently, the cyber field resembles 19th century medicine, the report said — “lots of self-taught practitioners, only some of whom know what they are doing.”
Colorado Springs could be a step ahead of the rest of the nation, thanks to early efforts at UCCS.
“Our research, particularly that of Dr. Terry Boldt, has gained the attention of the government,” Trimboli said. “We’re looking at ways to stop hackers — and to make sites more secure.”
September 2007. British authorities reported that hackers, believed to have come from China’s People’s Liberation Army, penetrated the network of the Foreign Office and other key departments.
January 2008. A CIA official said the agency knew of four incidents overseas where hackers were able to disrupt, or threaten to disrupt, the power supply for four foreign cities.
March 2008. U.S. officials reported that American, European, and Japanese companies were experiencing significant losses of intellectual property and business information to criminal and industrial espionage in cyberspace.
March 2010. NATO and the EU warn that the number of cyber attacks against their networks have increased significantly over the past 12 months, with Russia and China among the most active adversaries.
October 2010. The Wall Street Journal Reports that hackers using “Zeus” malware, available in cyber crime black markets for about $1,200, were able to steal over $12 million from five banks in the U.S. and U.K.
March-April 2011. Between March 2010 and April 2011, the FBI identified 20 incidents in which the online banking credentials of small-to-medium sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies. As of April 2011, the total attempted fraud amounts were about $20 million; the actual victim losses are $11 million.
(Source: Center for Strategic and International Studies)