Cyber Frontier: Establishing Idaho as an Epicenter of Cybersecurity

Overview

The world we live in is an increasingly digital one. Our intense reliance on cyberspace has made cybercrime more attractive and lucrative. As cyber threats escalate, the need for robust cybersecurity infrastructure to protect sensitive data and our national security from increasingly sophisticated attacks has never been more critical. This panel explored what threats our country faces in the cyber domain, how we are responding to them, and what that means for the economy of the Mountain West.

Key Session Insights

Digital systems have transformed the American way of life in innumerable ways, and our reliance on them leaves us uniquely vulnerable. It would be impossible to fully catalogue the number of ways that computer systems have been integrated into everyday life. Everything from banks to stores to military contractors have become dependent on a vast network of serves and computers to function. This has led to many major gains in efficiency, productivity, and quality of life for Americans, but society is now increasingly vulnerable to malicious actors

“Our infrastructures are so intertwined, and we are so reliant on them, that a simple mistake can cause global outages.”
Mr. Zach Tudor
Associate Laboratory Director for National & Homeland Security, Idaho National Laboratory

Associate Laboratory Director for National & Homeland Security at Idaho National Laboratory Mr. Zach Tudor opened the panel by highlighting the need for robust structures to protect potentially sensitive data as cybersecurity threats mount. The fragility of the modern digital ecosystem became evident a few weeks before the panel convened, as an innocuous software update by CrowdStrike ground much of the global economy to a halt as computer systems worldwide became inoperable. While an accident, the incident underscores how easy it would be for a potential bad actor to wreak havoc on our digital infrastructure.

“If you found that your day was wrecked by CrowdStrike, you might want to look at having some additional ways to conduct your business.”
Chief. Jerred Edgar
Director of Cyber Training / CISO, Idaho Army National Guard

The CrowdStrike outage highlighted another challenge facing our digital system: resilience and, what Director of Cyber Training and CISO with the Idaho Army National Guard Chief Jerred Edgar called, “technical debt.” Many of the systems we rely on are built on an unstable foundation, underpinned by outdated and potentially vulnerable technologies. Through a lack of will, funding, or understanding of the risk, these systems have not been updated in years, making them easy targets for a cyberattack. Edgar posited that, while the U.S. needs resilience in its cyber systems, it currently does not have it.

Professor of Electrical & Computer Engineering & Director of the Cyber Operations & Resilience Program at Boise State University Dr. Sin Ming Loo described resiliency as having four parts: robustness, redundancy, resourcefulness, and repeatability. As an educator, he has tried to instill these values so that his students can “think on their feet,” but made it clear there is still a long way to go before this model is the nationwide default.

“Cyber is no longer just another thing that we work on. It's completely foundational to our country's defense, our country's economy, our country's freedom or lack thereof.”
Mr. Matthew Bott
Foreign Affairs/Legislative Affairs Officer,

Bureau of Cyberspace & Digital Policy
U.S. Department of State

Cybersecurity has become a central part of national security and diplomacy, rather than a sideshow. As the importance of cybersecurity has become more apparent, the national security and diplomatic apparatuses of the United States are giving it greater attention. As Foreign and Legislative Affairs Officer for the Bureau of Cyberspace & Digital Policy at the U.S. Department of State Mr. Matthew Bott described, his bureau at the State Department was founded to better coordinate how the United States engages external partners on cyber issues. One of their main goals is to push for a new set of norms to govern global cyberspace, so that the internet remains a rights-respecting domain worldwide, rather than under the top-down control of authoritarian actors. Beyond pushing for a new norms structure to govern global cybersecurity, Bott also put forth the goal of having the United States be the global “first responder” to large cyberattacks, such as when it assisted Costa Rica in the wake of a crippling cyberattack. Since then, Costa Rica has been a major hemispheric partner in cyber matters, a model that he hopes can be replicated.

While cybersecurity has major implications in an economic context, it is just as critical in a security context. Edgar explained how the United States armed forces are partnering with military units in allied countries through NATO to expand their cybersecurity capabilities. This has led to unforeseen challenges, such as how to integrate the cyber operations of countries, which may have varying levels of digital sophistication. Edgar highlighted the importance of having multiple ways to get a message through and accomplish a mission, a critical concern for those working in a military environment. Bringing it back to the economic implications, he highlighted how the same should be true for businesses and other institutions; if a cyber event like the CrowdStrike outage can derail your entire organization’s ability to function, then you need to consider alternative ways to do business.

To be a cybersecure nation, we need a cybersecure workforce. The need for cybersecurity has never been more apparent; however, a significant gap exists between industry demands and the available workforce. Loo emphasized the disparity between the skills universities teach and those that employers seek. This divide creates challenges for newly graduated students entering the workforce, as employers often require experience for entry-level positions, making it difficult for them to launch their careers. Consequently, this situation contributes to a decline in the number of qualified cybersecurity professionals nationwide.

“Everybody wants to hire experienced people, even for entry-level jobs. They have been told they do not have enough experience. Well, it is an entry-level position, so how would they go about getting that experience?”
Dr. Sin Ming Loo
Professor of Electrical & Computer Engineering and Director of the Cyber Operations & Resilience Program, Boise State University

Loo also noted that while the private sector may not be too adversely affected by this shortage, as they can pay market rates, state and federal government agencies and other organizations with tighter budget constraints struggle to attract a sufficient workforce.

To bolster the cybersecurity workforce, new talent pipelines into the field needs to be built, and existing ones need to be expanded. One of the major areas of both challenges and opportunities for the cybersecurity industry is how to include rural residents. Bott noted that in rural communities both in the United States and abroad, cyber infrastructure is far less sophisticated and more vulnerable, leading to massive risks for these communities. Today, there is not enough emphasis on bringing rural workers into the workforce to help solve these problems. Both he and Loo noted the importance of making cybersecurity education accessible to rural communities, potentially through online programming like those Loo has spearheaded at Boise State. However, this must be combined with a campaign to make rural residents aware that there are cybersecurity jobs in their own communities, meaning that they can find work without having to leave home.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram