Skip to content
Author
PUBLISHED: | UPDATED:
Getting your Trinity Audio player ready...

* Governments, companies struggle with recruitment

* Cyber attacks could cost up to $400 billion globally

* Salaries rise as cyber security demand outpaces supply

By Peter Apps and Brenda Goh

LONDON, Oct 13 (Reuters) – For the governments and

corporations facing increasing computer attacks, the biggest

challenge is finding the right cyber warriors to fight back.

Hostile computer activity from spies, saboteurs, competitors

and criminals has spawned a growing industry of corporate

defenders who can attract the best talent from government cyber

units.

The U.S. military’s Cyber Command is due to quadruple in

size by 2015 with 4,000 new personnel while Britain announced a

new Joint Cyber Reserve last month. From Brazil to Indonesia,

similar forces have been set up.

But demand for specialists has far outpaced the number of

those qualified to do the job, leading to a staffing crunch as

talent is poached by competitors offering big salaries.

“As with anything, it really comes down to human capital and

there simply isn’t enough of it,” says Chris Finan, White House

director for cyber security from 2011-12, who is now a senior

fellow at the Truman National Security Project and working for a

start-up in Silicon Valley.

“They will choose where they work based on salary, lifestyle

and the lack of an interfering bureaucracy and that makes it

particularly hard to get them into government.”

Cyber attacks can be expensive: one unidentified

London-listed company incurred losses of 800 million pounds

($1.29 billion) in a cyber attack several years ago, according

to the British security services.

Global losses are in the range of $80 billion to $400

billion a year, according to research by the Washington-based

Center for Strategic and International Studies that was

sponsored by Intel Corp’s McAfee anti-virus division.

There is a whole range of attacks. Some involve simply

transferring money, but more often clients’ credit card details

are stolen. There is also intellectual property theft or theft

of commercially sensitive information for business advantage.

Victims can also suffer a “hacktivist” attack, such as a

directed denial of service to bring a website down, which can

cost a lot of money to fix.

Quantifying the exact damage is almost impossible,

especially when secrets and money are not the only targets.

While no government has taken responsibility for the Stuxnet

computer virus that destroyed centrifuges at Iran’s Natanz

uranium enrichment facility, it was widely reported to have been

a U.S.-Israeli project.

Britain says it blocked 400,000 advanced cyber threats to

the government’s secure intranet last year while a virus

unleashed against Saudi Arabia’s energy group Aramco, likely to

be the world’s most valuable company, destroyed data on

thousands of computers and put an image of a burning American

flag onto screens.

GOING VIRAL?

Most cyber expertise remains in the private sector where

companies are seeing an steep increase in spending on security

products and services.

Depending on the cyber threat, a variety of firms are

bidding for cyber talent. Google is currently

advertising 129 IT security jobs, while defence companies such

as Lockheed Martin Corp and BAE Systems are

looking to hire in this area.

Anti-virus maker Symantec Corp is also doing good

business. “The threat environment is exploding,” Chief Executive

Steve Bennett told Reuters in an interview in July.

The perception of an increased threat, has also led to

explosive demand for the best talent.

The U.S. Bureau of Labour Statistics says the number of

Information Technology security roles in the U.S. will increase

by some 22 percent in the decade to 2020, creating 65,700 new

jobs. Experts say it is a similar situation globally, with

salaries often rising 5-7 percent a year.

“Recruitment and retention in cyber is a challenge for

everybody working in this area,” says Mike Bradshaw, head of

security and smart systems at Finmeccanica IT unit

Selex. “It’s an area where demand exceeds supply … it’s going

to take a while for supply to catch up.”

A growing number of security firms – such as UK-based

Protection Group International (PGI) – now also offer cyber

services. PGI started out providing armed guards to protect

merchant ships against pirates but has now hired former staff

from Britain’s GCHQ eavesdropping agency.

COUNTRY OR CASH?

A graduate with a good computer studies degree can walk into

a $100,000 salary with a similar amount upfront as a golden

handshake, several times what the U.S. National Security Agency

would be likely to offer.

Western universities turn out far too few graduates with the

necessary computer skills while some students complain that many

of the courses on offer are too theoretical for the challenges

of cyber warfare.

But applicants need not have a computer science degree to

get lucrative jobs as long as they can do the hardest-to-fill

jobs such as finding bugs in software, identifying elusive

infections and reverse engineering computer viruses that are

found on computers, said Alan Paller, founder of the non-profit

SANS Institute in Washington.

SANS has worked with officials in Illinois, Massachusetts,

New Jersey and other states to sponsor hacking contests that

test skills in those and other areas. Educational background

does not necessarily help in these contests.

Those who have “very good” skills in the most-needed areas

can earn $110,000 to $140,000, while the very top get paid as

much as $200,000 in private sector jobs, according to Paller.

While the private sector offers big cash, the government is

still able to retain some talent by appealing to people’s sense

of public service and patriotism.

“I want to serve my country. What I am doing is important,”

one hacker who conducts classified research for the U.S.

military told Reuters at the Def Con hacking conference in July.

He declined to provide his name because he was not authorized to

speak to the press.

There is also an expectation that government workers can

move to more lucrative jobs in the private sector after several

years in public service.

But some senior officers in Western militaries still fear

they may struggle to attract the requisite talent, citing both

cultural and administrative problems.

General Keith Alexander, head of both the NSA and Cyber

Command, told Reuters earlier this year finding the right talent

was a priority. He has attended events such as the Def Con

hacker conference, trading his uniform for a black T-shirt.

Hiring outsiders has long been thought to be a tactic

employed by the United States as well as China and Russia.

Western security officials believe Russia, China and other

emerging cyber powers such as Iran and North Korea have cut

deals with their own criminal hacker community to borrow their

expertise to assist with attacks.

Russia and China, which have been accused by the West of

mounting repeated attacks on government and commercial

interests, deny direct involvement in hacking.

“We are at the very beginning of this process and we are

building it brick by brick,” says Colonel Gregory Conti, head of

the cyber Security Department at the U.S. Military Academy, West

Point. “It’s going to be like the creation of the air force – a

process of several decades getting the right people and

structures.”