He Urged Cybersecurity Grads to Pursue Defense Agency Jobs

In his keynote address at the University of Maryland University College (UMUC) third Cyber Gala, Director of National Intelligence James Clapper warned that cyber threats top the list of national security concerns and that cyber attacks will only intensify.

"I want to talk to UMUC students who are considering a career in cyber intelligence," the nation's top intelligence chief said. "My one-line answer to you—the BLUF, Bottom Line Up Front, as we say in government—is that we need you."

Clapper, who grew up in an Air Force family, was living in Germany in 1959 when he was ready to begin his college education. He attended UMUC's Munich campus in his freshman year before returning stateside and completing his degree at College Park. And that connection made speaking with the UMUC Cyber Gala audience "very special" to him, he said.

"The educational experiences you are getting at UMUC are invaluable to us," Clapper said. He urged UMUC Cybersecurity grads to apply to all the defense and intelligence agencies and to persevere in pursuing these positions. Even though downward pressure on the federal budget is hampering hiring, these jobs are essential, he added.

Clapper headlined an evening that drew intelligence and defense leaders, private contractors, diplomats, and educators, as well as UMUC's Cybersecurity students, to raise money for scholarships. The Cyber Gala event has raised a total of $1.5 million since 2011 to fund scholarships for deserving UMUC Cybersecurity students.

UMUC also conferred honors on two individuals who have made significant contributions to the field of cyber security. The university presented its Pioneer Award, which recognizes lifetime achievement in cyber security awareness and readiness, to John Hamre, president and CEO of the Center for Strategic and International Studies, for his groundbreaking work in developing the Defense Department's cyber defense.

The UMUC Leadership Award was presented to Steve Shirley, the executive director of the Defense Cyber Crime Center, an organization of 420 professionals who provide information sharing, training, forensics services, and analysis to the Department of Defense.

In addition to the awards, UMUC President Javier Miyares announced that the university has joined the effort to establish a new Cyber Center for Education & Innovation at the National Cryptologic Museum at Fort Meade, Maryland.

This private-public partnership between the National Security Administration and the museum will allow government, industry, and academia to share information to strengthen cyber security, Miyares said.

"UMUC will serve as academic coordinator and facilitator of education and development programs that will represent a key component of the Center's outreach," he said.

In his remarks, Clapper said that the cyber threat to the United States is not a cataclysmic attack but rather an unending series of low-to-moderate intrusions and thefts that threaten both national security and the economy.

The "bad actors" range from North Korea, Iran, China, and Russia to terrorist groups, criminals, and "hacktivist" collectives, such as Anonymous, he said. Each has different motivations and techniques and has to be countered in different ways. But they are all acting on the same Internet system with millions of innocent people conducting billions of transactions, he added.

"Our task in the Intel community . . . is to distinguish a terrorist sending directions on how to build a bomb or defeat TSA procedures from someone sending their granddaughter a recipe for apple pie," he said. "We're not just looking for a needle in a haystack. We are looking for thousands of needles in acres and acres of haystacks."

Despite what some people think, Clapper said, "the intelligence community does not have the eyes and ears of God. We're neither omniscient nor clairvoyant."

At the same time, he said, the intelligence community must hold the civil liberties and privacy of Americans as a top priority. "That makes our mission all the more difficult, but it is nonnegotiable."

Said Clapper, the stakes are high. China's primary motivation is to catch up to—and then surpass—Western industrial and defense capabilities and to eventually overtake the U.S. economy, he said.

A data breach such as the one that took place at the Office of Personnel Management, which resulted in the theft of information on 21 million government employees, has huge counter intelligence implications. But additionally, these kinds of hacks "cost us trust in the confidentiality of our information," he said.

Clapper said that in the future he expects the growth of cyber attacks that manipulate information so that we can no longer trust it.

Yet most of these attacks could be thwarted by following four basic procedures that every cyber security analyst should know, he added.

First, patch IT software obsessively. Most Chinese intrusions occur through well-known vulnerabilities of commonly used software, which can be fixed with patches already available.

Second, segment data so that a single breach of security does not give the attackers access to the entire infrastructure and the mother lode of proprietary information.

Third, stay updated on the threat bulletins that the Department of Homeland Security and the FBI put out. These regularly warn about intrusions taking place against U.S. businesses.

Fourth, teach everyone what spearfishing looks like. Chinese and other hackers often get access to our systems and information just by pretending to be someone else and then asking people to open an attachment or click on a link. Too often, we do it, Clapper said.

"Bad actors are using precisely these avenues to steal our lunch every day," he said. "The Chinese in particular are cleaning us out because we know we are supposed to do these simple things, but we don't do them."