Is it time for a Cybersecurity Civilian Corps?
With the growing need for cybersecurity experts, the government is missing a chance to take advantage of volunteers and part-time talent, a new report says.
What: "The Need for C3: A Proposal for a United States Cybersecurity Civilian Corps," a report from New America
Why: Because there aren’t enough cybersecurity professionals, organizations in every industry struggle to protect data, systems and networks. The authors suggest that an auxiliary corps -- the equivalent of volunteer firefighters or the Civil Air Patrol -- could allow officials to tap into a larger pool of talent on an as needed basis to help fight malicious actors.
Findings: Although some states have tapped the national guard for civilian talent, the need for cybersecurity experts greatly exceeds the supply, and government is missing a chance to organize volunteers and part-time talent to enhance public cybersecurity.
As a national effort that connects to local governments, the C3 would be organized and funded by the Department of Homeland Security and would include both professionals and students, potentially adding to the talent pipeline. Volunteers would need experience in information security or be able to pass a test. Basic background screening would be necessary, but top-secret clearance should not be a requirement.
The corps would provide support for education and outreach; testing, assessments and exercises; and expertise and emergency response.
With a budget of $50 million, C3 could support roughly 25,000 members across all 50 states and supply devices, training materials, software licenses and office space – significantly less than the price tag on the NotPetya attacks: Fedex said its cost was $400 million, Merck reported $670 million.
Verbatim: "If a cyber corps is able to prevent just a few of these breaches and/or mitigate their damage and costs, especially through its relatively cheap supplementary volunteer model, the investment will more than pay itself off in both economic and national security terms."
Read the full report here.