What We Talk About When We Talk About Cybersecurity
It's an emerging issue that concerns essentially all business sectors. We take a look at what work is being done in St. Louis to keep information safe.
Cybersecurity is scary. It’s utterly necessary yet nearly impossible to comprehensively understand.
The reason for this is simple: Nearly every piece of information in the modern world is exposed to risk. In addition to federal infrastructure and national security, cyber attacks target financial information, aerospace technology, intellectual property, healthcare records and almost every aspect of a citizen’s life.
Anything can be a target, because increasingly, thanks to the ever-growing Internet of Things, everything is accessible online from TVs to toasters.
“Everything is safe until you connect it to the internet,” says Tony Bryan, executive director of the Midwest Cyber Center of Excellence. “Then it becomes a threat to be hacked. [Cyber defense] is going to get more complicated.”
It could also get more expensive.
A 2015 study conducted by the Atlantic Council and the Zurich Insurance Group, “Risk Nexus: Overcome By Cyber Risks?”, explored the costs and benefits of cyber interconnectivity by imagining potential scenarios weighed by two sets of variables: whether the government or private sector leads the way and whether the hazards will be manageable or become so unwieldy that secure connections become a luxury affordable to a select few.
In the study’s best-case scenario, everyone makes money: By 2030, the global economy, fueled by technology booms driven and protected by cybersecurity, sees a $190 trillion net gain. That’s $30 trillion more than current projections.
The worst-case scenario envisions a world in which cybersecurity falls dramatically behind: Cyber attacks increase, targeted infrastructures become more vulnerable and countries carry out cyber warfare against one another—in addition to the dystopic escapades of criminals and rogue actors. In that case, the study says, the world economy could see a $90 trillion loss by 2030 compared to current projections.
With those two extremes at play, cybersecurity is going to be a major frontier that defines the next 15 years, and St. Louis is positioned to take the lead in preparing for the fight. Here’s a look at how the region has oriented itself as a major hub for cybersecurity.
For as long as the Department of Defense has been concerned about cybersecurity, the Air Force has shouldered the brunt of the burden within the armed forces, with Scott Air Force Base at the center of cybersecurity efforts in the region.
The problem they’re facing now isn’t motivation or understanding—it’s labor. DISA had 157 job openings at the time of this story, a deficit born of the lack of qualified contractors. In fact, the cybersecurity industry has an alarming zero percent unemployment rate–estimates say at least one million jobs are unfilled.
The Midwest Cyber Center of Excellence, founded in 2015 and based at SAFB, was charged with closing that gap by providing scholarships to transitioning veterans, unemployed and underemployed workers and college grads enabling them to acquire industry-specific certifications in cybersecurity. They’re also working to build the next generation within the industry.
“Unless we’re getting kids engaged with this subject and inspired to see this as a career field, we’re going to see the same problem 18 years from now,” he says.
MWCCOE is the lead agency in the region for CyberPatriot, an organization that hosts cyber-defense competitions across the country for students, including two in the St. Louis region this September. Two thousand teams competed last year, and Bryan and his team hope to add 15 St. Louis teams to that pool.
In addition to MWCCOE, organizations like the Security Advisor Alliance have also risen to prominence in the region. The SAA is made up of security professionals ranging from chief information security officers to salespeople and vendors looking to share resources and best practices.
Academia Joins In
As the professional world begins to coalesce, the region’s colleges and universities have begun offering courses and certifications in cybersecurity.
Washington University, St. Louis University, Maryville University, Fontbonne University, Lindenwood University, University of Missouri–St. Louis and Webster University all offer cybersecurity degrees and certification at either graduate or undergraduate levels.
The growth of those programs is key to increasing the number of qualified professionals in the ecosystem, and the partnerships between those institutions and the professional world (something at which St. Louis already excels) helps bolster the burgeoning community.
Though tremendous amounts of resources are spent trying to combat cyber attacks, often the responses are too slow or too outdated. Enter the entrepreneurs.
“[Cyber attacks] are increasingly dangerous to our economic way of life and our national security. The corporate community and the government are having a tough time keeping up with that threat. They have to collaborate and they have to look outside,” says Jay DeLong, managing director of SixThirty’s new cybersecurity startup accelerator, SixThirty CYBER.
Building on the success of SixThirty’s original FinTech accelerator, SixThirty CYBER, launched this year, will provide the same mentorship, relationship-building and market access to companies founded to serve the cybersecurity space.
“Over the course of [the SixThirty FinTech] cohorts, we said, ‘Look, we should probably recognize they have unique markets; they need unique mentors; they have different financing issues; their cycles are different; the adoption from larger customers is different,'” says DeLong. “‘Let’s create a program that is modeled very much after the FinTech accelerator but specific to cyber.’”
St. Louis already boasts an impressive roster of potential cybersecurity customers, with 19 Fortune 1000 companies based in the region and nine of the Fortune 500—not to mention the myriad financial service companies that have major hubs in the area.
SixThirty CYBER has also partnered with The Collingwood Group, LLC to co-locate in Washington, DC, exposing startups to the practices and needs of more than just the financial services sector by bridging them with potential federal clients. The accelerator’s first cohort of three to five companies begins this September.
The region is prepped to take a leadership role in cybersecurity, a position bolstered by existing infrastructure, evolving support from organizations and leverage provided by a thriving startup community.
“We’ve built a strong network and infrastructure of accelerators and venture capitalists,” says Bryan.
“We’ve created a network of resources that are founded in and imbued with our Midwestern values. I think that positions us to be in a good spot to do this. We’re capitalizing on an already existing excitement.”