New Strategies to Address Security Skills GapExperts Say Collaboration Will Help Meet Future Needs
As cyber threats rise, industry experts see an opportunity to involve government and private entities in building the capacity of security professionals though effective partnerships and cybersecurity clusters.
The discussion emerged during the recent Cyber 360 event in Bangalore.
Information security experts say industries can play a major role in promoting innovation and skill development to help bridge the widening gap between industry's needs and academia's ability to meet those needs.
"While the world sees it as a threat, we see it as an opportunity to build skill capacity and cybersecurity professionals through effective partnership between public and private sectors, academia and the government," says Rajendra Pawar, chairman of NIIT, and Cyber Task Force, Nasscom & DSCI.
Other experts support the view, saying innovation drives economic transformation, and cyber challenges will pave the way to growth in new capacity and skills.
Leaders stress the need to focus on financial and technology support for incubating entrepreneurs who wish to build cybersecurity solutions and talent. Some say the industry should see local cybersecurity solutions being supported with soft funding and support from the government.
Kinshuk De, head, business operations, enterprise security risk management at TCS, strongly believes India must develop a workforce as an enabling national asset to meet domestic and global security market needs - expected to grow to $120.1 billion by 2017.
"There's a need to formulate a national framework for the creation of a cybersecurity workforce or adapt globally recognized frameworks such as National Initiative for Cyber Security Education of USA," he says.
Experts say there's a need to train 500,000 in cybersecurity skills by 2020.
"While securing our own infrastructure, India has the opportunity of exporting security services to the extent of over $20 billion," De says.
Cybersecurity is a global phenomenon, so it requires international cooperation, leaders say. India must develop an organizational, policy and legal framework to forcefully represent itself from a position of strength and guard India's national security concerns and interests.
"Cybersecurity, which constitutes about 1 percent of the total IT industry currently, will grab a 10 percent share by 2025," says Cyber Task Force's Pawar. "Also, cybersecurity is estimated to be a $35 billion industry by 2025, creating 1 million jobs over time. This calls for various stakeholders to join in creating these jobs."
The reason for the skills gap is lack of communication between industry stakeholders and lack of experience in gauging India's skill potential, says Bruce McConnell, senior vice president at the East-West Institute.
Ways to Build Capacity
Most experts see the need to create five regional security R&D and innovation hubs comprising security industry clusters, and academic institutions focused on cybersecurity skills over next five years.
They also see the need to groom 100-plus companies in high-end security products and solutions, besides fostering extensive overseas collaborations through alliances, partnerships and joint ventures, while allowing 100 percent FDI in critical technology areas of ICT security.
TCS' De says private industries must invest in developing security products and also impart specific skills and training to future professionals. According to De, the proposed action plan will include:
- Mandate 100 universities and colleges to gear up and offer education in ICT security at graduate, post-graduate and PhD levels over the next five years. Foster extensive collaboration with overseas universities for faculty and course content.
- Mandate 50 institutes promote and provide vocational/specialist/certification courses covering all globally recognized certifications from (ISC)Â², ISACA, DRI, CISCO, SANS and others.
- Build a national cadre for cybersecurity to mandate creating an independent cadre alongside ICT Jobs;
- Foster role-based skill classification and allocation in organizations, including security provisioning; operations and maintenance; defense and protection; investigation; analysis; information collection and support, on the lines of NICE or its equivalent tailored for India.
- Take aggressive and focused steps to globalize the cybersecurity workforce to foster global research and technology collaborations;, integrate the cybersecurity and ICT workforce and position globally; and build regional security innovation hubs for global clients.
Cyber leaders recommend a 10-year university lead research, innovation and IP building initiative, while promoting private sector R&D. The key potential research areas are: cross-domain attack correlation technologies; real-time malicious code detection and identification; and next-generation cybersecurity technologies to prevent, protect against, detect and respond to cyber-attacks.
"Build experiments and exercises, pilot projects to support wider participation in cybersecurity exercises and support the use of next-generation cybersecurity technologies," advises De.
Pawar recommends four areas: industry development; technology development; skill development; and influencing government policy changes toward indigenous growth.
"We as a task force will submit our recommendations to the government - incorporating funding strategy, spotting talent, policy changes in helping start-ups develop the required cyber products and solutions and also actionable plan of action," Pawar says. "Carrying out a hackathon on a periodic basis across states to master cyber hacking techniques is in the cards "
East West's McConnell suggests forming non-profit information sharing groups across sectors to exchange information and plan working groups to run courses for professionals.
"The information sharing groups will help build effective collaboration between various stakeholders including security operators to help corporate and government bodies assess the need and evolve a course structure," he says. "These groups will bring in international best practices with vendors' support to develop the necessary wherewithal to build cyber capacity in India."