A cybersecurity team reviews threats on a bank of monitors.
Article

Cybersecurity Careers in Government and Agencies: Defense for the 21st Century


Cybersecurity

Cybersecurity is a critical function for any organization; but, the stakes are highest when government institutions are threatened. U.S. government agencies hold sensitive data for millions of citizens and oversee critical infrastructure supporting energy, transportation, communications, and financial services. Thwarting attacks that could compromise the secure storage and processing of data by government information technology (IT) systems is critical to the country’s economic stability.

Successfully protecting government institutions from cyber attacks requires both technical prowess and leadership from cybersecurity experts. Students interested in gaining the professional skills necessary for a cybersecurity career in government can find the requisite training in an online Master of Science in Cybersecurity program.

An Overview of Cybersecurity in Government and Agencies

Government IT systems contain vast amounts of personally identifiable information (PII). Protecting that information and ensuring its availability are essential to the function of government. Various agencies hold records that contain social security numbers, taxpayer IDs, driver's license numbers, medical records, credit card numbers, passport numbers, addresses, phone numbers, dates of birth―all of which are vulnerable to cyber threats.

Hackers operating anywhere around the globe can threaten data security. Among the most dangerous actors are state-sponsored hacking groups that have strong financial backing, access to talent, and protection from law enforcement. Groups in Russia, North Korea, and Iran are the most active in hacking financial institutions while cyber criminals in China are the most active in espionage, according to the Center for Strategic and International Studies (CSIS).

CSIS estimates that close to $600 billion―nearly 1% of global gross domestic product (GDP)―is lost to cyber crime each year. The think tank notes that cyber crime is rising due to several factors:

  • Quick adoption of new technologies by criminals.
  • Increased number of online computer users.
  • Increased ease of committing cyber crime.
  • Expanding number of cyber crime "centers" including in Brazil, India, North Korea, and Vietnam.
  • Growing financial sophistication among cyber criminals.

Cyber threats also originate within organizations, with insiders acting either maliciously or unwittingly to break down IT defenses. The U.S. Department of Homeland Security received more than 35,000 security incident reports from federal executive branch civilian agencies in 2017. Of those:

  • 22% involved improper usage of technology resources, such as violations of acceptable usage policies by authorized users.
  • 21% involved attacks executed via email message or attachment.
  • 12% involved loss or theft of computing devices or media.

Major Cyber Attacks in the U.S.

Many of the largest cyber attacks occur in the private sector. Examples include breaches at Yahoo (2013, 3 billion users compromised), Equifax (2017, personal information for 143 million compromised), Facebook (2018, 50 million users), Marriott (2018, as many as 500 million guest records), and First American (2019, exposed 900 million customer files). However, hackers attempting to steal personal information also target government agencies.

One of the most high-profile attacks against the U.S. government took place between 2013 and 2015 when hackers infiltrated the U.S. Office of Personnel Management (OPM), which manages the records of the federal government's civilian workforce. The hackers, believed to be state-sponsored agents working for the Chinese government, gained access to millions of forms with personal information gathered during background checks for people seeking a government security clearance. The hackers also obtained records of millions of people's fingerprints. The full implications for national security and the privacy of those whose records were stolen are still not clear, according to CSO Online.

Hacks against government agencies are not limited to the federal level. Cybersecurity experts were deployed to investigate a coordinated cyber attack targeting government agencies in 22 small towns in Texas in 2019, for example. Cyber attacks also targeted government systems in Baltimore and Atlanta in recent years.

The U.S. Government Accountability Office (GAO), which has made more than 3,000 recommendations to federal agencies about cybersecurity shortcomings, identified four major cybersecurity challenges facing federal government agencies:

  1. Establishing a comprehensive cybersecurity strategy and performing effective oversight.
  2. Securing federal systems and information.
  3. Protecting critical infrastructure.
  4. Protecting the privacy and sensitive data.

The GAO's recommended actions to confront these challenges include addressing emerging technologies such as artificial intelligence (AI) and the internet of things (IoT), enhancing the federal response to cyber incidents, and strengthening cybersecurity around critical infrastructures such as electricity grids and telecommunications networks.

Government Cybersecurity Careers

Earning an advanced degree such as a Master of Science in Cybersecurity allows students to pursue a wide range of government-focused cybersecurity careers. Responsibilities for some of the primary roles are listed below, along with median salaries from PayScale, as of April 2020.

IT Specialist
Responsibilities: work with a broad range of technology including computer hardware components, communications systems, software applications, and databases.
Skills: competence in performing tasks that include systems upgrades, desktop support and troubleshooting, data service setups, and maintenance planning and implementation.
Median annual salary: $57,000

Cybersecurity Engineer
Responsibilities: assess security risks and vulnerabilities, detect security breaches, and design security systems that protect applications, networks, and data.
Skills: well versed in risk management, infrastructure security, policy management, and testing.
Median annual salary: $96,000

Chief Information Security Officer (CISO)
Responsibilities: the overall security of data within an organization.
Skills: ability to develop security procedures, create and enforce data privacy protection standards, ensure compliance with data-related regulations, develop response plans and security procedures, and oversee data governance education and training.
Median annual salary: $161,000

Network Engineer
Responsibilities: design and implement computer networks, including hardware components and systems software.
Skills: set up and maintain networks, troubleshoot network performance issues and replace defective components, maintain security measures by setting up firewalls and performing regular backups.
Median annual salary: $73,000

The Role of Leadership in Cybersecurity

Leadership in IT security roles becomes more important as cyber threats grow in number and sophistication. Such leadership is particularly crucial for government agencies due to the enormous responsibility that comes with handling personal data and maintaining critical services. Cyber attacks cannot always be avoided; but, proactive leaders can take steps to protect data and IT systems before an attack occurs. Designing cyber attack response plans, performing vulnerability assessments and putting access controls in place, establishing data governance principles, and promoting end-user education are just a few of the actions that cybersecurity professionals can take to protect their organization’s IT assets.

A plan of action that anticipates violations of security policies and network breaches can greatly reduce loss and speed recovery. Norwich University’s online Master of Science in Cybersecurity program sharpens the leadership competencies necessary to take such a proactive approach. For example, the Project Management Leadership course included in Norwich’s program focuses on project leadership, communications, and team management.

The program prepares students to make the business, governance, and policy decisions necessary to address current and emerging threats. Having gained a strong foundation in information security best practices, organizational structure and policy development, regulatory environments, and management strategies, graduates can make a significant impact on government cybersecurity roles.       

Developing Professionals to Meet the Cybersecurity Threat

For students excited by the challenge of a cybersecurity career in government, Norwich University's online Master of Science in Cybersecurity provides concentrations in computer forensic investigation and incident response team management, project management, critical infrastructure protection and cyber crime, cyber law and international perspectives on cyber space, and vulnerability management.

Featuring dynamic learning opportunities such as hackathons and forensics exercises, the program is one of the earliest to be recognized as a Center of Academic Excellence in Information Assurance Education (now known as a Center of Academic Excellence in Cyber Defense) by the National Security Agency and Department of Homeland Security. Learn more today about Norwich University’s programs that produce professionals with the technical expertise and leadership skills to take on cyber threats and protect vital IT assets. 


Recommended Readings

Career Paths in Information Security: What is Cyber Law?
The Executive Line of Defense: How to Become a CISO
IT vs. OT: Comparing Two Vital Information Security Concepts

Sources:

Economic Impact of Cybercrime, Center for Strategic and International Studies
Cybersecurity, U.S. Department of Homeland Security
7 of the Biggest Hacks in History, CNN
The OPM Hack Explained: Bad Security Practices Meet China's Captain America, CSO
Ransomware Attack Hits 22 Texas Towns, Authorities Say, The New York Times
Cybersecurity Challenges Facing the Nation—High Risk Issue, U.S. Government Accountability Office
The Role of an IT Specialist, Houston Chronicle
Average Information Technology Specialist Salary, PayScale
Cyber Security Engineer, Field Engineer
What Is a CISO? Responsibilities and Requirements for This Vital Leadership Role, CSO
Average Cyber Security Engineer Salary, PayScale
Average Chief Information Security Officer Salary, PayScale
Job Description & Tasks of a Networking Engineer, Houston Chronicle
Average Network Engineer Salary, PayScale