The Target data breach could have been a story pulled from a heist movie, with the thief coming in through the airducts.
Reports indicate the multi-billion dollar hack took place after the network credentials of a heating and air conditioning subcontractor paid to remotely monitor the temperature at Target stores was exploited. This is a plausible explanation — and is worrisome even if proved wrong.
The breach was one of the largest U.S. cybercrimes to date. And it should be a wake-up call for consumers, businesses, and government leaders alike — when everything is connected, everything is vulnerable.
While the hackers responsible for Target’s data breach made off with the credit and debit card information of 40 million customers, the retailer is just one of many American firms recently victimized by online criminals.
According to PwC, in the last three years 26 percent of American organizations lost more than $50,000 to cybercrime. In response to the Target incident, 60 percent of U.S. companies are boosting their cybersecurity budgets.
But businesses aren’t the only ones at risk. In a recent poll of American defense officials, cyber attacks were named the single biggest threat to U.S. national security; terrorism ranked a distant second.
The Internet of today is a network without geographic boundaries, seamlessly integrated into our lives. It connects companies, smart phones, critical infrastructure, cars, homes and devices of all sizes. This network is enabled by embeddable computing, unobtrusive sensors, worldwide systems and big data analytic environments. And it is only getting larger.
We entrust this network with our medical records and banking transactions. We are sharing, storing and collecting our most sensitive data on connected computers and devices.
While this “Internet of Things” brings many benefits to the world, it could be overshadowed by cyber threats.
So far, we’ve seen few policy prescriptions to create the workforce needed to protect and defend this new information ecosystem. One weakness that makes Americans vulnerable to online attacks is the lack of skilled cyber specialists.
In fact, 61 percent of government respondents to a recent survey admitted having too few internet and cyber security experts in their agency. Worldwide, there is a shortage of 1 million cyber experts. This problem is only expected to worsen.
Just last month, Defense Secretary Chuck Hagel announced a major push to hire more than 6,000 new cyber professionals. “To accomplish this goal, we are recruiting talent from everywhere,” Hagel said. “But we’re also encouraging people already here in the military, in DOD, to develop cyber skills.”
My own company, the defense technology firm Raytheon, recently made a three-year commitment to the Collegiate Cyber Defense Competition to help address this shortage. Since 2005, the competition has invited U.S. college students to test their skills at protecting computer networks from outside threats in real-world, exciting scenarios. We have seen so much promise from this competition and hired many former competitors.
Raytheon isn’t the only one to recognize the power of student engagement. The competition is also supported by the Department of Homeland Security, Walmart, Facebook and others.
Programs like this are a good start, but progress is slow. Many of today’s most promising students are still unaware of cybersecurity as a career option. In a recent poll of millennials, 82 percent said that none of their high school teachers or guidance counselors had suggested a job in this field.
It’s time to recognize the need for cyber security experts not only in the military, but in industry and government. We must encourage this career path in students from an early age. Efforts that encourage science, technology, engineering and math education for elementary, middle and high school students is essential to developing future cyber experts.
Without sustained public-private efforts to grow our cybersecurity workforce and make students excited about this career path, we have little chance of combatting one of the greatest security threats our country currently faces. If we are going to trust this network with our most private data, we should train the best to protect it.
LYNN A. DUGLE is a Raytheon Company vice president and president of Raytheon Intelligence, Information and Services.