Picture the scene. You are the Principal of a school and you prepare to travel there after breakfast one morning but you see that the school’s Twitter account is posting strange messages. You start to receive queries from parents and you contact the IT manager. She informs you that the website is not accessible and that she cannot access the school network through her devices. On arrival at the school, administration staff informs you that all the screens are blue and are showing a request for payment of money. You realise you have been the target of a cyberattack and you need cyber security professional expertise to deal with it.
This is a made up scenario but shows that even a school can be a target for cybercriminals and cybercrime.
James Caffrey works on implementing the National Cyber Security Strategy at the Department of Communications, Climate Action and Environment. He explains in more detail what cyber security is and the important role it’s going to play in years to come.
Can you explain cyber security?
Cyber security is about protecting ourselves online. The Internet with its online platforms and social media offerings empowers us to connect to share experiences, to purchase goods and services to learn and have fun. The Internet was built to be open and interoperable and those who designed it overlooked the dark side of human nature. Online fraud, scams, defacing of web content, blocking access, impersonation via account hijacking, misinformation, stealing money or your personal data or even your device’s computing power are just some of the dangers known as threats that arise in our digital world. Cyber security therefore seeks to protect both your data and your devices, and empowers you to make informed decisions about trusting others in the online world.
Can you explain the National Cyber Security Strategy 2019-2024 which you oversee?
In a nutshell, the Strategy has 3 key objectives – protecting us, developing our capabilities to better manage the challenges and working together at both national level and internationally. I’m particularly focused on skills development aspects within cyber security. Previously I had worked as an expert in the European Commission focused on building up cyber security capabilities in the Member States of the European Union.
How much more relevant or important is cybersecurity going to become in the coming years?
In line with the digitalisation of our society, as everything becomes connected and machine to machine communication via 5G telecommunications networks takes place, we need to be assured that our data is confidential, that our infrastructure works as intended and that digital services remain available. Cyber security is about looking after what is important to us, namely our confidentiality, integrity and availability as a digital society. As long as there’s ingenuity, innovation, agitation, protest, conflict and crime, and for so long as we use information communications technology, cyber security will be with us.
What types of jobs can people get into if cyber security appeals to them?
Historically, cyber security emerged from experience with IT security and so those with IT skillsets are well placed to avail of the opportunities arising. Those now involved in developing IT networks, systems administration and coding are now engaged in applying key cyber security principles such as network defence-in-depth and security by design computing. For those with a computer science background, you can work as cyber security analysts and consultants in undertaking security assessments, consultancy advice provision, organisational risk management, network defence, incident response, network investigations and forensic computing. Given that cyber security is about behaviour as much as about specialist computer science expertise, those interested in psychology, public relations and communications and crisis management can also find exciting careers. Awareness raising of good cyber security hygiene and role playing through cyber exercises help increase our preparedness and that of our organisations to be more resilient and be better able to withstand cyber incidents.
What type of STEM subjects should students consider if they want to get into cybersecurity?
Those with aptitudes for problem solving and mathematical reasoning will have a head start. If you like mathematics and computer science cyber security is definitely worth considering. Those students interested in science and behavioural aspects can also consider the human dimension.
Cyber is not just for the ‘nerds’. Effective communication skills, a willingness to network and co-operate with others are all essential attributes for cyber security teams in society.
How might careers progress for people who get into cybersecurity?
There are a variety of roles for those involved in cyber security. These vary from compliance oriented auditing and risk assessment to cyber security operations involving security incident and event monitoring with security operations centres. Organisations need to defend what is critical to them through identifying critical assets and improving resilience and security as part of their risk management. Those involved generally need to be networking with their peers, which does need to involve face to face meetings if trust has to be established for secure information sharing as part of the cooperation aspect to cyber security work. This generally takes place through conferences and seminars.