In 2020, you should be thinking about cybersecurity.
What is the hot topic for 2020? There are many subjects on the minds of workers' compensation professionals. It can be hard to keep up without attending an awful lot of meetings. But, a general overview comes our way each January from the Kimberly and Mark team at Out Front Ideas. In the January 2020 edition, they gave us a lot to think about; everything from industry and individual engagement, to technology, to dope. They touched on cybersecurity, and frankly that is likely to be an overriding concern not just in 2020 but for years to come.
The workers' compensation community may be better at some things than others. But throughout our history, workers' compensation has been great at accumulating data. There have been many complaints and lamentations over the decades about how good we are at categorizing, analyzing, and digesting the data, but collecting it has been a strength. It is likely that these volumes of data incentivized the community embracing technology. In terms of data management, information storage, and now artificial intelligence, the workers' compensation community has been fully engaged in technology. Increasingly, all of that information may be at risk.
In 2019, Florida recognized the cyber risk to our livelihoods. The Legislature passed House Bill (HB) 5301, which created and enabled a Cybersecurity Task Force. The bill has multiple other implications that exceed my space here. The task force includes The Lieutenant Governor (who serves as chair), a "computer crime" specialist from the Department of Law Enforcement (FDLE), another representative of FDLE, the state chief information officer, the state chief information security officer, a representative of the Division of Emergency Management, a representative of the Office of the Chief Inspector General, an individual appointed by the President of the Senate, an individual appointed by the Speaker of the House of Representatives, and members of the private sector appointed by the Governor.
In December, the Taskforce met in Miami. The New Year (and decade) brought it to Pensacola on January 17, 2020, for an informative and compelling agenda. This included an intriguing cyber-industry panel discussion regarding cybersecurity resilience in Florida, a presentation by Dr. Eman El-Sheikh of the University of West Florida on Workforce Education, and a presentation on "Cyber Florida" by Dr. Sri Sridharan, of the Florida Center for Cybersecurity. Florida is pro-acting on this subject, and a keyword is collaboration. The interaction and cooperation between academics and industry were apparent throughout.
Dr. El-Shiekh noted some disturbing facts. First, the United States is the #1 target for cyber-attacks. The average cost of a data breach is more than $8 million dollars. The government currently spends about $15 billion annually on this threat, and there is an obvious and increasing need for cybersecurity professionals in the marketplace. She cited statistics that 50,069 cybersecurity jobs are currently staffed in Florida, but there are about 24,618 current job openings here. There is a lot of opportunity apparent in this field and a great deal of unfilled demand.
Unfortunately, those hiring cybersecurity professionals nationally are not fully satisfied with their foundations or training. Dr. El-Sheikh noted an ISCA (Intl. Symposium on Computer Architecture) study that concluded a third of survey respondents felt that less than 25% of job applicants were qualified for cybersecurity jobs. Almost 40% said that "university graduates are not prepared for the challenges they will face." That may be a factor of the constant evolution brought upon us by the bad actors, but it is refreshing to see educators focused on improving the preparation of the students.
There are educational standards in place for training undergraduates in preparation for the array of opportunities. There is also an impressive list of state institutions that are focused on the academic preparation of the next generation of security experts. Florida's universities seem acutely aware of the challenge we face. There appears to be room for greater compliance with those educational standards. It is positive to both have such goals and to periodically evaluate how well our efforts are addressing them. The meeting also included a discussion of the impact of this problem effected by an NSA structure of a select few Regional Resource Centers such as the University of West Florida here in Pensacola.
It was inspiring to hear the progress that is being made in educating those who will protect our networks, data, and livelihoods. More impressive was the description of how the educational curricula are involving students in hands-on training conducted in virtual environments in which there are emulations of the World Wide Web infrastructure, websites, and social media. The training and education is coming off the whiteboard and being performed in real-world environment simulations to prepare students for their challenges. Students are academically experiencing first-hand the situations they will face upon graduation.
Where will the employees come from to fill these opportunities? Efforts are underway to identify, attract, and even recruit the next generation of experts. Programs are underway to partner with high schools for the increase of awareness about these careers. The cybersecurity educators are also seeking to inform and attract far younger students. The need for cybersecurity is seen as a long-term situation, with a major growth potential still unmet. The effort is to both recruit for the immediate college class and to inspire the young to pursue a future steeped in computer and technology professions.
The discussion turned also to the diversity of perspectives in the field. Multiple speakers noted the tendency to presume that cybersecurity requires people with backgrounds and skills in coding. There has been a focus on the STEM (science, technology, engineering, and math) curriculum in recruiting security students. The speakers stressed, however, that cybersecurity requires multi-discipline contribution. There was a discussion of understanding what motivates bad actors (hackers, etc.), and the need in response for collaboration of coders, programmers, communicators, and others. The underlying characteristic most sought is dedication and commitment to the goal of protection. It was stressed that cybersecurity is not a 9 to 5 job.
The main takeaways from this short introduction to cybersecurity were: (1) Florida is exceptionally postured to address this need; the institutions here are already partnered with industry and aggressively pursuing cyber threats; (2) the need for producing effective, trained, and enthusiastic people is immediate; (3) the interests of academia and industry are notably intertwined, and public/private partnerships and cooperation are already the preferred paradigm for research, preparation, and remediation. Florida's foresight in forming this Task Force is impressive.
I found the program engaging, though I have not programmed a computer in decades. This will be a subject that concerns every business in the workers' compensation community for years to come. While there is much on our collective plate, it is without question that cybersecurity is a significant and serious subject that is fundamental to every business' effective function in this community. How will we expand our understanding and address our communities need?