Route Fifty – by Michael Spector
A new training program in Maryland is providing students and mid-career professionals with access to simulated cyber threats and can help employers see how they deal with those threats.
Cybersecurity threats are on the rise and, unfortunately, state and local governments are high on the list of prime targets for cyber attackers.
In the past year alone, a cyberattack and identity theft defrauded Baltimore of more than $1.5 million, which comes on the heels of a 2019 attack that cost city taxpayers $18 million. A potential cyber intrusion caused outages within court systems across Washington. Macon-Bibb County, Georgia, had its network taken offline by cybercriminals. And the Jackson County, Missouri, Office of Assessment, Collection and Recorder of Deeds suffered a ransomware attack.
Sadly, that’s just the tip of the iceberg. With cybersecurity threats increasing — there was a 72% jump in the number of data breaches worldwide in 2023 alone — state and local governments must ask themselves why they are so prone to cyberattacks and what can they do to prevent them.
Like so many private sector organizations, state and local governments have access to vast amounts of financial and personal data, and little tolerance for downtime given the vital role they play in their respective communities. That alone makes them attractive targets for cybercriminals, who are anxious to monetize citizens’ data on the dark web.
There are several other factors, however, that make governments enticing targets. The tremendous number of government agencies alone, many of which use the same software for operations, enables cyber attackers to effectively scale broad-brush approaches like phishing emails to probe for vulnerabilities. Once a vulnerability is discovered, it can be exploited to attack an entire state or municipal system.
Beyond that, government agencies are more connected than ever before, opening the door for supply chain attacks. Just as important is the fact that state and local governments often lack the funding and trained workers needed to counter cyber threats and improve the overall security environment. Because government job opportunities are frequently less attractive than those in the private sector (which is also hard-pressed to keep pace with cyberattacks), finding and then retaining skilled cyber professionals can be daunting.
While nothing will entirely stop cyberattacks on government entities or completely fill the pressing demand for cybersecurity talent, a new training program developed by the Maryland Association of Community Colleges and IT/cybersecurity training provider BCR Cyber could serve as a national model for producing qualified cyber workers who have the practical knowledge and cybersecurity experience to hit the ground running.
Leveraging over $7 million in grants from a Congressional earmark and several Maryland agencies, the program — known as the Cyber Workforce Accelerator — has facilitated procurement, configuration and deployment of BCR Series 3000 Cyber Ranges for each of the state’s 16 community colleges.
The funding also covers community college and server facility infrastructure upgrades, enhancements, and staff training. Ultimately, each community college will have access to its own cyber range, enabling both new students and mid-career professionals wanting to upskill to complete approximately 40 hours of training for their capstone work and up to 10 hours of live, cyber range experience.
That experience, testing for simulated cyber threats on a cyber range, represents a real break from traditional cyber training. It not only offers potentially thousands of future cyber workers with access to interactive, hands-on training on a cyber range, but also enables prospective employers — including state and local government representatives — to observe how students deal with various simulations, identifying and resolving hypothetical cyber threats.
Prior to launching the program, BCR Cyber and MACC formed a public-private consortium of more than 40 cybersecurity companies and government agencies to make certain course content conformed to the specific demands of prospective cybersecurity employers and offered required industry certifications, such as CompTIA Security+, CompTIA Network+, and CompTIA A+1.
The real key to the success of the Cyber Workforce Accelerator in Maryland — and its potential to serve as a model for other state and local governments to emulate — are the community colleges themselves.
Traditionally, community colleges work closely with both private and public sector employers to develop the kind of curricula that will lead to internships and job placements at their organizations. Community colleges also offer flexible learning options (online courses, satellite locations, evening schedules, etc.) to make course offerings available to both full-time students and working professionals, again helping to expand the local labor pool.
When you add to this the fact that community colleges often serve a diverse student population, making it easier for their industry partners to recruit and hire women and minorities, they would seem to be an ideal candidate for state and local governments to ally themselves in the fight against cyberattacks.
While a program like the Cyber Workforce Accelerator may not be the only way to tackle escalating cyberattacks, it does represent one proven way for states and municipalities to fill the widening cyber talent gap and the resultant cybersecurity challenges being encountered by them and their private sector colleagues.
