Fighting cybercrime begins in the classroom

Senator Jacky Rosen (D-NEV) and Kevin Nolten, Opinion Contributors.

The views expressed by Contributors are their own and not the view of The Hill. Article published on the Hill. Read here.

This past December, the United States experienced a cyberattack that experts have called the most sophisticated attack they have ever witnessed. The scope and scale of the SolarWinds cyberattack was extraordinary, affecting local, state, and federal agencies across our government. Major corporations were also breached, resulting in the compromise of their systems.

While SolarWinds may have been the most expansive breach we’ve seen in U.S. history, it was only the end note in a year that saw an exponential increase in the volume of cyberattacks driven by the COVID-19 pandemic, according to the FBI. According to CrowdStrike’s 2020 threat report, there were more intrusion attempts on corporate networks in the first six months of 2020 than in all of 2019. The scale of this challenge is staggering. According to Cybercrime Magazine Editor-in-Chief Steve Morgan, if cybercrime were a country, it would represent the third largest economy in the world after the U.S. and China. And the risks are not just financial. Many experts expect that intellectual property will be hackers’ next “golden ticket.” Businesses and governments aren’t the only targets — according to the FBI, K-12 institutions “represent an opportunistic target” to hackers as many school districts lack the budget and expertise to dedicate to network integrity. In fact, this past August, Nevada’s Clark County School District — the fifth largest school district in the nation — experienced a ransomware attack in which sensitive information, including employee Social Security numbers, and student names, addresses, and grades were made public.

Yet of all the dire stats and predictions on cybersecurity, here’s the one that should most concern us all: despite the fact that the U.S. is expected to face a shortage of 1.8 million skilled cybersecurity workers by 2022, less than half of K-12 students are getting any cyber-related education. Women and racial and ethnic minorities, in particular, are underrepresented in the cybersecurity workforce and those working in the industry face barriers to accessing senior roles in the field.

As our nation comes to terms with the impacts of the SolarWinds cyberattack, there has never been a more urgent case to be made for investments in K-12 cybersecurity education. With global cybercrime costs expected to grow to $10.5 trillion annually by 2025, the time is now to ensure that every student in the U.S. is building a foundation of cyber-literacy and skills. To realize the goal of a more robust cyber-workforce, we must begin preparing students early on.

The Fiscal Year 2021 National Defense Authorization Act, enacted on Jan. 1, 2021, included the Providing Resources for Ongoing Training and Education in Cyber Technologies (PROTECT) Act, a bipartisan bill we introduced and supported, respectively, to authorize and strengthen the Cybersecurity and Infrastructure Security Agency’s Cyber Education Training Assistance Program (CETAP). The PROTECT Act provides stability to CETAP, which offers direct, no-cost support for our nation's K-12 teachers and students to prepare and engage a cyber-literate workforce. This is an important first step to ensuring that the cybersecurity workforce shortages that threaten our national security are addressed. A skilled cyber workforce will strengthen the resilience of our cybersecurity infrastructure and better protect Americans from both domestic and foreign hostile actors.

With the start of the new Congress and a new administration, we have an opportunity to pursue innovative policies to better recruit, develop, and retain talent, in line with the recommendations called for by the bipartisan Cyberspace Solarium Commission Report. Growing the nation’s cybersecurity workforce will also require leveraging the U.S. government’s partnerships with the private sector, as neither government nor the private sector can combat this growing threat alone. Cyber professionals need both quality education and hands-on experience to be prepared for 21st-century careers, which is why apprenticeships can also help fill our country’s cyber workforce needs and create pathways to good-paying careers through structured on-the-job training and related technical instruction.

Knowledge is a source of power. If we want the power to protect our nation from increasingly sophisticated cyber threats and maintain our technological edge, then we must provide our students and workforce with the knowledge to do so. Through education fostered in our classrooms and on-the-job training opportunities, we can give the American people the skills to meet these challenges head-on and keep our nation safe and secure now and for future generations.

Jacky Rosen was elected to the Senate in 2018 and previously worked as a computer programmer and software developer. Kevin Nolten is the Director of CYBER.ORG.