Time to get serious about cyber skills shortage
Daesh are a perversion. They are a flag without a nation. Their vision of victory is not peace but violence. If they are fighting both offline and online, so must we.
The Prime Minister confirmed this week that Australia’s offensive cyber capability is being used to disrupt Daesh’s military operations in Iraq and Syria.
It’s an evolution in strategy, and we have no reason to believe it to be a temporary one.
The openness of the internet is a tremendous thing. It allows it to become a tool for global trade, connecting businesses anywhere with customers everywhere.
It can become a means for communicating, whether it’s to millions of people around the world, or one just up the road.
It can also provide a tool for malicious non-state actors to recruit and promote their dangerous extremist ideology.
We need to meet that threat. We need people to help us do it.
For the next five years, the big question is where they’ll come from.
Australia is experiencing a cyber skills shortage. With employment of ICT security specialists growing by 40 per cent in the last five year, we have set a pace that has put enormous strain on Australia’s stock of qualified professionals.
We’re not the only ones experiencing it either. The rest of the world is feeling the same pinch. Globally, there will be three qualified people for every four jobs in ICT and cyber security by 2020.
So the normal band-aid solution for a temporary labour shortage – the supplementing of our existing labour market with skilled temporary migrants – isn’t available to us, because every country is facing the same problem.
This is not another mining boom. It is structural, not cyclical, and the need for qualified professionals is a long-term one.
We can’t rely on someone else to produce them and our production line can only move so fast.
April’s Cyber Security Strategy was applauded for its recognition we need a recruitment push to better protect our interests online.
The Cyber Security Strategy serves as the Turnbull Government’s cyber policy blueprint, so it’s worth noting how much of its real estate was dedicated to the ways and means of addressing Australia’s looming ICT skills shortage.
Its heavy emphasis is on upgrades to the production line, across the board.
It proposes school-level awareness campaigns, greater graduate specialisation within ICT qualifications and the establishment of academic centres of cyber security excellence in universities.
These measures are important and we support their implementation.
They will be particularly useful in ten years’ time, when the flow-on effects of this strategy begin to take shape.
Until then, we’ve got a problem. And it’s one on which the Turnbull Government has nothing to say.
Industry surveys suggest that eight of ten employers expect a new hire to have a minimum of a cyber security bachelor’s degree or three years industry experience.
And because graduates are not being produced to be ready to go, ‘out of the box’, they require another couple of years of training to get them to where they need to be.
The private sector is crying out for graduates who don’t come out of three years of education needing a further two years of on-the-job training.
Those cries aren’t even being met with indifference by the Turnbull Government.
They’re just not being met.
The recent Australian Cyber Security Centre Threat Report 2016 made clear that malicious non-state actors could develop the means for a serious cyber attack on Australia within the life of this Parliament.
It’s a wakeup call as much as it is a deadline.
It’s all well and good to say we need to produce more cyber security professionals. It is asinine to propose the solution to a skills shortage is to give people more skills.
The question without an answer is how.
This piece originally appeared in Computerworld on Friday, 25 November 2016.