An interesting, if truncated, piece in the Huffington Post caught my attention this morning.
In a discussion about the difference between "training" and "educating", a professional colleague once shared this idea with me: You train to deal with the "knowns"; you educate to prepare for the "unknowns".
Now, I generally bristle at the overuse of the term "cyber war" since there is so much baggage that the geeknosenti tends to ignore (as they've learned via their World of Warcraft/Call of Duty combat training).
In this article, Dr Susan Talley, a Dean at the School of Technology at Cappella University, makes her pitch for the need for an educated workforce as a necessary to deal with the brave new world that is cyberspace.
I found this part interesting:
A new kind of war needs a new kind of "army."
So how do we prepare for cyber war? Past wars involved recruiting young men to fight in foreign lands. Now the enemy is in virtual space and must be fought everywhere. In previous conflicts, we needed soldiers who were tough enough to succeed in battle. But physical strength is no longer a requirement; instead, the fight requires a sophisticated knowledge of computer security and code. Cyberwar has different requirements--requirements that we can meet by capitalizing on things we already have in place.
She presents her solution in three parts:
Increase the number of IT professionals with security certifications.
Develop more IT leaders with cyber security expertise.
Draw upon current military personnel.
What i see here is a call for a lot of people to "do" cyber stuff. A mass of people with skills means nothing without cogent policy and useful organization. Otherwise all you have is a flash mob without the choreography. And phrases like "Cyber 9/11", "Cyber Pearl Harbor" and "Cyber Katrina" do not help. In fact, they cause otherwise well-intentioned officials to stop thinking and acting rashly so as to be seen "doing something".
Certifications are neat in so far as they are good for the now. In the blink of an eye they will lapse and you will still have same problem. Where we in the Army wore our "resume" on our uniforms in terms of "scare badges" (e.g. Jump wings, air assault, scuba, tabs, etc), now the "scare badges" will be letters: C++, CISSP, RHCE, CCIE, BLT (on rye, with extra mayo), etc...
Laws can only get this process so far.
Fact is, as soon as the ink is dry, the circumstances will change, rendering
law only a boundary for the honest practitioner, but not a deterrent to the
malicious actor. Policy documents will be helpful, but the political opportunists
are too tempted to use it as a wedge to push an agenda that restricts freedom
(rather than expand freedom that a venue like cyberspace enables!)
Are the education/training communities creating thinkers who can see problems and intuit solutions? THAT's what is needed (both in the corporate world as well as in government).
This article posits good ideas as far as it goes. But I think Dr Talley misses the larger problem.