Jane LeClair - Protecting our future : educating a cybersecurity workforce. Volume 2

PROTECTING OUR FUTURE, SERIES IN CYBERSECURITY

Editor, Jane LeClair

Protecting Our Future: Educating a Cybersecurity Workforce, Vol. 1

Examines 7 of the 16 Homeland Security Critical

Infrastructure Sectors, in addition to other workforce needs.

Edited by Jane LeClair

Cybersecurity in Our Digital Lives

Looks at evolving operational needs in areas that

affect our daily digital lives.

Edited by Jane LeClair and Gregory Keeley

Protecting Our Future: Educating a Cybersecurity Workforce, Vol. 2

Examines 9 of the 16

Homeland Security Critical Infrastructure Sectors.

Edited by Jane LeClair

ABOUT HUDSON WHITMAN

Hudson Whitman is a small press affiliated with Excelsior College, which has administrative offices in Albany, New York.

Our tagline is Books That Make a Difference, and we aim to publish high-quality nonfiction books and multimedia projects in areas that complement Excelsiors academic strengths: education, nursing, health care, military interests, business and technology, with one open category, American culture and society.

If you would like to submit a manuscript or proposal, please review the guidelines on our website, hudsonwhitman.com. Feel free to send a note with any questions. We endeavor to respond as soon as possible.

OTHER TITLES BY HUDSON WHITMAN

The Call of Nursing: Stories from the Front Lines of Health Care

William B. Patrick (print and e-book)

Shot: Staying Alive with Diabetes

Amy F. Ryan (print and e-book)

The Sanctuary of Illness: A Memoir of Heart Disease

Thomas Larson (print and e-book)

The Language of Men

Anthony DAries (print and e-book)

Courageous Learning:

Finding a New Path through Higher Education

John Ebersole and William Patrick (print and e-book)

Saving Troy:

A Year with Firefighters and Paramedics in a Battered City

William Patrick (e-book only)

Cybersecurity in Our Digital Lives

Edited by Jane LeClair and Gregory Keeley (print and e-book)

Protecting Our Future: Educating a Cybersecurity Workforce, Volume 1

Edited by Jane LeClair (print and e-book)

Contents

Acknowledgments

Every publication from the National Cybersecurity Institute is, of course, the result of a team effort. No one person can possibly complete a work such as this without a great deal of assistance and support. The team at NCI worked together planning, selecting the topics, locating the writers, encouraging them to meet their deadlines, editing their submissions, and publishing the final product. Special thanks go to Denise Pheils and James Antonakos for their proofreading and moral support along the way. Thanks to the publishing and production team at Hudson Whitman, including Susan Petrie, Sue Morreale, Wendy Catalano, and Phil Pascuzzo. The greatest of appreciation goes to the many writers who contributed so much of their time and talent in writing their individual chapters. As always, the president of Excelsior College, Dr. John Ebersole, must be thanked for his ongoing support and enthusiasm for the National Cybersecurity Institute.

Foreword

The security and prosperity of our great nation have been and must continue to be our highest priority. Rapid and ongoing advances in communication technology have brought convenience to our everyday lives, but at the same time have made us vulnerable to foreign and domestic actors with malicious intent.

During my tenure within the Department of Defense as Director of the National Security Agency/Central Security Service Threat Operations Center (NTOC), I witnessed the increasing volume, sophistication, and pervasiveness of the cyber threat. Now, in my role as a senior advisor at CyberPoint International, I witness exploitation, disruption, destruction, and subjugation. Over the years, the target set has dramatically expanded from government to commercial entities to critical infrastructure, and to individual citizens. And, there is significant growth in the number and type of perpetrators, from nation states to hacktivists to terrorists, even individuals for hire.

The scope of the cyber threat is broadspanning sensitive /classified government data and operations to our most personal financial and medical information. The threat also includes our critical infrastructures, those things that we take for granted like power, water, emergency services, and food supply. A cyber-attack on any of these would have a catastrophic effect on our very way of life.

We must proactively consider these risks.

Sherri W. Ramsay

Introduction

JANE LECLAIR

As we all are aware, cybersecurity continues to be one of the most talked about issues of our time. Hardly a week goes by that one organization or another does not have its digital network breached. Big box retailers such as Target, Home Depot, Michaels, and Neiman Marcus have been attacked. Financial institutions like JP Morgan, Bank of America, SunTrust, Wells Fargo, and U.S. Bank have been hacked. Newspapers like the New York Times and the Wall Street Journal saw hackers disrupt their operations, and newspapers in Paris were hacked following terrorist attacks. On the federal government level, the Office of Personnel Management, the United States Postal Service, the State Department, the National Oceanic and Atmospheric Administration and the Energy Department have had their digital systems attacked. Even the cyber system of the White House was breached. With so many breaches in the news it is small wonder why the conversation in the cyber community is so active with discussion on threats and efforts to mitigate them.

Increasingly the attention of the cyber community has been focusing on the threats to the critical infrastructure of the country. While threats to retailers, movie studios, and newspapers should not be discounted or downplayed, the important infrastructures that bind the nation together are having the spotlight turned on them for protection. Presidential Policy Directive (PPD-21) released in 2013 identified sixteen critical infrastructures that needed immediate and ongoing cyber protection for the nation to continue to function. Those sixteen identified infrastructures are: Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials, and Waste; Transportation Systems; and Water and Wastewater Systems. Each is vital for the economic prosperity and survival of the nation and each is increasingly vulnerable to cyber-attacks.

In the first volume of Protecting Our Future a distinguished group of writers provided their insights into several critical infrastructures, including: finance, health care, government agencies, and communications. In volume two of Protecting Our Future, we will be taking a close look at additional sectors of our critical infrastructure. The National Cybersecurity Institute (NCI) in Washington, D.C., in conjunction with Excelsior College, has once again collected an outstanding group of authors who are recognized for their expertise in their sectors. The sectors that are addressed in this publication are information technology, the chemical industry, commercial facilities, critical manufacturing, water and dams, emergency services, food and agriculture, transportation. The last chapter examines future directions for educating a cybersecurity workforce.