An Innovative Approach to Addressing the U.S. Cybersecurity Crisis

An Innovative Approach To Addressing The U.S. Cybersecurity Crisis.png

By Aidan McCauley

Society's digital transformation has created more than just dazzling products and technologies that improve our lives. Computer skills aren't exclusive to brilliant corporate software developers creating these products; a growing cadre of criminal hackers are using technology at a rapidly increasing rate, with cybercrime predicted to cost the world $6 trillion annually by 2021. These evildoers use sophisticated methods and tools found on the dark web and are often able to keep ahead of the efforts to combat them. 

Giving a major boost to these bad actors is the massive worldwide cybersecurity skills shortage, which many U.S. companies continually rank as their biggest challenge. In fact, this predicament is multiplying so fast that the scary statistics quickly become outdated. The most recent prediction forecasts there will be 3.5 million cybersecurity job openings globally by 2021.

Fighting cybercrime today often becomes a government-led initiative while attacking the skills shortage crisis is largely driven by individual companies, who hope that designing internal training programs and developing new security products using technologies like AI and machine learning will help.

Separate nation-led and company-led efforts are worthwhile, but there's another approach that might deliver better results: combining the forces of companies, government, academia, research organizations and aggressive cybersecurity agencies, all tasked to produce more skilled workers as well as collaborate on next-generation solutions that will make a measurable difference.

Innovative Solution

Creating a synergistic effort rather than the usual siloed approach defines the trailblazing initiative underway in Ireland. The nation has long hosted a large tech sector, with offices of many foreign companies located there, including five of the top 10 worldwide security companies. There are many Irish-owned cybersecurity companies currently in operation and more than 40 multinationals there — the majority being U.S. companies.

A few years ago, U.S. businesses sat down with the Irish government and academia to understand key challenges facing these companies. Taking these comments on board, IDA Ireland, the government's foreign direct investment agency, recently launched a new cluster organization called Cyber Ireland hosted by the Cork Institute of Technology to provide a collective voice for companies working in cybersecurity. Its board will consist of representatives from industry, academia and government, with close involvement by agencies like the National Cyber Security Centre and the Garda Cyber Crime Bureau.

Top U.S. tech firms — like Google, Microsoft, Facebook, IBM, Dell, SAP, Cisco and others with a strong vested interest in digital security — located there helped lay the groundwork for this expansive cybersecurity initiative.

Industry-defined Training Programs

An important part of Ireland's overall cybersecurity movement is called the Cybersecurity Skills Initiative (CSI) and grew out of clambering demand from big corporate players, particularly American firms, for more trained workers. Initially, CSI is training 5,000 new cybersecurity professionals within three years who will then be employed by firms in the country, with the lion's share going to multinationals. Trained graduates have already begun entering and the goal is to have 4,000 firms join the initiative.

While industry, the Irish government, its agencies and academia are stakeholders in CSI, the actual program content was largely defined by companies with Irish locations to ensure the most effective outcome. It is a dynamic process; industry, with broad engagement by U.S. companies, gives specific input on what is required and educators work with Skillnet, Ireland's corporate-government training agency, to design the curriculum. Content is  delivered — mostly online — by universities and technology institutes. Stakeholders are involved in a feedback loop to keep the training effective and relevant.

An area like cybersecurity that moves so fast requires a nimble training approach, thus industry input, curriculum design and course launch all happen within 12 months. Programs include cross-training and up-training for IT professionals across all sectors and are manifested as anything from 12-week courses to graduate programs, as well as two-day foundational courses for non-technical employees. American companies with Irish locations are anticipating that CSI will create an ongoing supply of graduates with the right skills to help them fight cybercrime.

Cyber Ireland Moving Cybersecurity Forward

While the CSI training program is currently top of mind for Cyber Ireland and its many industry participants, the goal of the cluster goes beyond simply producing more security professionals. Cyber Ireland's higher-level objective is to enhance collaboration and resource sharing to combat the exponential threat of cybercrime. The organization is well aware that security is rapidly becoming a fundamental requirement for all companies, whether it's enterprise software, financial services or life science solutions.

Although Cyber Ireland has barely begun, its ambitious goals include connecting pockets of R&D in academia or research agencies with the individual efforts of corporations so that resources and knowledge can be shared and thus improve results and streamline processes. The organization quickly acknowledges that Ireland as a nation has some advantages when it comes to establishing such an initiative. Besides its preponderance of marquee-name tech companies, the nation has strong financial commitment from government — which is supporting the initiative — and a quick-moving academic sector that had already begun delivering advanced cybersecurity programs.

Growing Ecosystem

"Pure-play" security companies in Ireland, such as big multinationals like McAfee, Trend Micro, Symantec, FireEye  and others, initially staffed their Irish operations in areas like support and shared services. However, as the security sector has expanded in Ireland, many of them are locating some core engineering there, which has a cumulative effect on the overall Irish security landscape. Also impacting the critical mass is how cybersecurity has become a requirement for all companies.

In this supportive ecosystem, new security efforts have been thriving. HP Enterprise has a global cyber defense center in Galway while Mastercard has been expanding its development labs in Dublin with a goal to design next-generation security solutions. Cyber Ireland wants to enhance its growing security ecosystem so that participants can learn from one another, find trained professionals and create products and approaches that keep ahead of cybercriminals. The country's unique approach to combat criminal hackers is a strong resource that U.S. companies can use to tackle this important issue.

About Aidan McCauley

Aidan McCauley is Vice President of Enterprise Technology and Cyber Security investments for IDA Ireland based out of its Mountain View office, California. Aidan supports Bay Area companies looking to assess the best location to establish and grow their European operations.

More About Aidan