A new line of defense – the cyber guard

From hackers managing to take down the CIA website last year to both the DNC and RNC being hacked this year, cyber attacks on America’s digital infrastructure have increased in frequency and sophistication.  In 2007, the year Twitter was founded, US-CERT received almost 12,000 cyberincident reports.  Two years later, this number doubled and three years later this number quadrupled.  Today, what we know of cyberattacks is they are more coordinated and targeting more high value assets.

As we take stock of the U.S.’ current preparedness, we see results that are far from encouraging.

{mosads}The types of attacks launched are broadly varied and change faster than we can keep up with them. Our systems are being attacked from the outside; therefore we cannot just create a standard and think that is sufficient. Solutions need to also “come from the outside.”  Merely approaching the problem utilizing a perimeter defense is not sufficient. With that mindset our nation will always be playing “catch up” and never will fully be prepared.

For instance, in President Obama’s home state of Illinois, of all the challenges Illinois faces in this regard, the most critical is the scarcity of human capital ready and able to respond to the numerous attacks we are facing.  While it is important for government to provide leadership on this issue, the private sector must produce the cyber security professionals who can combat this dangerous adversary.

The United States must develop a “first response” team, similar to a 911 call to the police or firefighters, when a cyberattack occurs.  The first 24 hours are crucial and through the creation of a U.S. Cyber Guard (USCG), this country can work to protect our most sensitive national secrets and personal data the event of a large-scale cyber attacks like the ones mentioned above, as well as the ones which hit Citigroup and Sony.

Rather than waste time and money to curate the initial USCG, we can find USCG members who are currently being employed throughout the country as technical experts in their field, thus reducing the overall operating expenses of the USCG.  Just as local volunteer fire departments and communities depend on their citizens, so too would Illinois’ communities employ the same type of volunteer mechanism for cyber incidents. 

Regular training would occur to establish response procedures and process, as well as to maintain and sharpen the skills of the participants. Training would include a combination of cyber/live sessions as well as red team and blue team scenarios to develop and hone the “guards’’ skills.  Additionally, the members of the USCG will also be vetted through a disciplined system and would be carefully selected to defend the systems of our businesses and government.  Finally, efforts would be coordinated with States in partnership with the private sector to supplement and support USCG activities.

The USCG will serve as an excellent way to recruit cyber professionals and to create a mechanism generating the number of individuals needed to be effective against breaches, especially large or potentially grave attacks. Currently, the US Cyber Challenge has been scouring the country for the best talent in grey hat hacking, and our next generation workforce of cyber professionals. The USCG would be a natural “part 2” for USCC — participants move from school to high-earning jobs after going through the USCC process, while the USCG concept will keep them together. Should a major incident occur, these professionals will be available for quick mobilization and can be readily identified by their skill sets which were graded, ranked and developed by the USCG.

Not only would this program help the country and the private sector better prepare in case of attack, but the effort will also assist in indentifying and strengthening the workforce in the State. By doing so, the United States would take initiative in establishing itself as a pioneer in the cyber security industry – protecting, creating jobs and prioritize a growing concern.