October is National Cyber Security Awareness Month (NCSAM). As businesses and government agencies race to seal their Web portals and prevent intrusions, they’re constantly searching for employees with the skills to thwart attacks by increasingly sophisticated thieves. Educating the next generation of cyber security experts is a challenge, one being tackled by universities large and small.
At the small end of the spectrum lies Dakota State University, a 3,300-student school located in Madison, South Dakota. DSU’s size belies its position in America’s efforts to build an effective cybersecurity workforce. In the Argonne National Laboratory Cyber Defense Competition early this year, DSU placed second in a tie with Kansas State University, which has more than 22,000 students.
Its reputation was highlighted in October, when a panel convened in Madison to promote cybersecurity awareness month. High-ranking executives from Amazon, Citibank, Google, General Motors, Symantec, Visa and the National Initiative for Cybersecurity Education (NICE) attended. Speakers weren’t shy about complimenting the school’s security programs.
“What you’re doing here in terms of a threshold for giving us the resources to enact cybersecurity should be emulated around the country,” said Chris Murphy, GM’s chief privacy officer. “This is a most impressive facility.”
That facility, the Beacom Institute of Technology, opened in August. Its highlight is a network and server farm that are dedicated to research, giving students and professors a place to try concepts without impacting communications on the school’s “real” network. It’s part of a powerful suite of electronics.
“You own some of the most powerful computers systems and networks in the country,” said Rodney Petersen, director of NICE at the National Institute of Standards and Technology.
A pair of benefactors recently ensured that DSU will be able to keep updating those systems, gifting $30 million to the university’s cyber programs. Another $30 million in federal and state funds are expected soon.
That $60 million sum is especially impressive in a town where it’s still possible to buy a home for well under $100,000. The funds are already being used for a new structure that was designed from scratch to meet all security requirements for highly classified government and industry work. It includes a Sensitive Compartmented Information Facility like those used by U.S. presidents.
Comparatively low living and tuition costs help DSU attract students who win National Science Foundation Scholarship for Service support. Scholarship winners agree to work for selected laboratories instead of paying back the funds.
“We’ve got the largest number of Cyber Corps students in the Scholarship for Service program,” said Wayne E. Pauli, Coordinator of Cyber Security at DSU. “We’ve got graduates at Sandia Labs, Johns Hopkins University Applied Physics Laboratory and SPAWAR (Space and Naval Warfare Systems Command).”
The college, locally known for training teachers since the 1800s when it was called General Beadle State College, got involved in cyber security in 2004. Now, about 40% of the university’s students are enrolled in security programs.
The school connected with the National Security Agency and the Dept. of Homeland Security and became one of the first universities to earn Center of Academic Excellence (CAE) certification in both research and information assurance, as cybersecurity was called back then. Now, DSU is among a handful to hold four NSA and DHS certificates and one of only 19 universities to earn the NSA’s CAE in cyber operations.
DSU and other universities that focus on cybersecurity face an almost unparalleled challenge. They’re attempting to create a curriculum for a fairly new field while competing with legions of hackers and well-funded governments who find it lucrative or beneficial to thwart security programs. That requires constant cross pollination to keep professors aware of the latest threats and solutions.
“We have a strong emphasis on professional development, we send a number of people to industry-specific conferences like Black Hat and DerbyCon,” Pauli said. “Our professors are immersed in this, people want to hear what they have to say. Next summer we’re holding a meeting, and we filled the workshops in less than 10 days.”
Filling the job openings for security experts and instructors is another thing. Panelist Bill Wright, Symantec’s director of cybersecurity partnerships, cited studies that put the number of unfilled cyber jobs at about 1 million. NICE’s Petersen noted that “We have a shortage of faculty and academics to help lead in this up-and-coming area.”
During a cybersecurity awareness month panel, students asked about the international aspects of cybersecurity, noting that the Internet has no international boundaries. Panelists agreed that cooperation with international organizations and companies is an important aspect of cybersecurity.
That’s also something the college has been working on, with a focus on increasing diversity. DSU’s home in a remote location known for nasty winters once meant its students often came from nearby areas. Now, the university has students from 50 foreign countries as well as from all 50 states.
Like its technical programs, DSU’s diversity efforts are often on a par with those of internationally known schools. When DSU announced its CybHER program to attract females to a field that’s nearly 90% male earlier this year, its representative shared a conference session stage with speakers from Carnegie-Mellon University, Dartmouth, Purdue and Yale.
Mark Ryland, chief architect at Amazon Web Services, highlighted the need for a different type of diversity.
“It doesn’t matter how deep your technical skills are if you cannot communicate those skills and persuade people. You need analytical skills you get from studying other things besides technology. It’s really important to have traditional kinds of learning, whether in literature class or writing skills. The conceptual and analytic skills you learn in history class or philosophy class are very, very helpful.”
Terry Costlow has written about technology since the days of the 6 Mbyte hard drive. He’s contributed regularly to EE Times, Automation World, Automotive Engineering International, and IEEE Spectrum, as well as consumer publications including The Christian Science Monitor, Los Angeles Magazine and the Portland Oregonian.