Government trains cyberdefenders

By Matthew Fordahl, The Associated Press
Monday April 01, 2002

MONTEREY — Long before Sept. 11 and last year’s virus-like attacks over the Internet, the U.S. government announced plans to train an elite corps of computer security experts to guard against cyberterrorism. 

Officials warned it would be only a matter of time before terrorists learned to exploit vulnerabilities in major systems, from air traffic and banking to spacecraft navigation and defense. 

Now, more than three years later, the first students have been awarded scholarships to study computer security in return for working at least two years at a federal agency after graduation. 

But is it too little, too late? 

“In terms of solving our cybersecurity problems, it doesn’t have a chance,” said Michael Erbschloe, vice president of research at the consulting firm Computer Economics and author of books on cyberwarfare. 

Only about 180 students over four years will get scholarships from the first round of federal grants awarded last May to six universities. More schools will be added this year, increasing the corps by 120 students. 

Though President Bush has asked for $19.3 million more for the cybercorps this fiscal year in an emergency $27.1 billion supplemental appropriations request, he has proposed only about $11 million for fiscal 2003 — the same amount Congress has granted the past two years. 

“Eleven million dollars just doesn’t buy you a lot,” Erbschloe said. 

Organizers acknowledge the numbers are small, but they believe even a few well-trained experts can make a difference and demonstrate the wisdom of more spending in security education. 

Graduates are expected to become more well-rounded than most network specialists, who receive training merely on specific systems, or even computer science graduates whose academic programs often ignore security altogether. 

The aim is to create experts who know enough about security to make decisions on buying equipment and software for government and to anticipate vulnerabilities. 

“It might be nice to have 39,000 people, but the fact that we can have 100 is a lot better than having zero,” said Andy Bernat, program director of Federal Cyber Service at the National Science Foundation, which is overseeing the program along with five other federal agencies. 

At the Naval Postgraduate School in Monterey, about a dozen civilians are participating in the cybercorps and taking the same computer security classes as military students. 

After two years, the students will have a master’s degree in computer science with an emphasis in information security — along with practical experience. 

In one exercise, each student will try to secure a system that will be targeted by hackers from the National Security Agency, Air Force and Army. 

Other classes focus on hackers’ techniques and security theories. 

“We cannot ahead of time predict all the things someone might do to a system,” said George Dinolt, a professor at the Naval Postgraduate School. “That’s part of the problem with the approach people are taking to try to solve the security problem.” 

The cybercorps schools’ emphasis on security differs from most college computer science programs, which tend to focus on programming and other basics rather than making systems all but impenetrable. 

That is likely to change, given not only recent reports of serious vulnerabilities but also the realization that terrorists can and will exploit weak points — whether in airline security or computer networks.