- Security TWENTY
- Women in Security Awards
Cyber security in the energy industry is a skills gap within a skills gap … within a skills gap, writes Anjos Nijk, pictured, Managing Director at ENCS, the European Network for Cyber Security.
It takes a lot to keep the European power grid cyber secure. Time, money, collaboration between industry players – but above all it takes people. Specifically, it takes intelligent, experienced cyber security experts – a small army of them – working to keep out the hackers. The problem is, we don’t have enough of them. Not nearly enough.
But it’s not as simple as just training more people. This is a skills gap, within another one, within another one. It’s all very Inception. Think of it like a Russian doll. At the centre we have the smallest doll – the rare experts with cyber security expertise that spans cyber-physical systems, specifically in the energy industry. They’re in short supply.
But that’s inside a bigger doll, the general cyber security experts. We need to pull more of these into the energy industry, but the problem is that there’s a skills gap at this level too. (ISC)2 predicts there will be 9m global public and private sector cyber security jobs by 2019, but only 4.5m qualified to do them.
That’s nested in a bigger doll again – those in our society with the appropriate technical skills and education to train as cyber security experts. Success varies across Europe, but every country is waking up and realising we need a greater technically educated workforce across the board. For example, the European Commission estimates there will be 500,000 unfilled ICT vacancies in Europe by 2020. We have our work cut out as an industry. There aren’t enough technical people to fully supply the wider cyber security sector, and not enough cyber security experts to supply the energy industry. The problem cascades downwards.
But there are some things we can do.
First, we need to get cyber security students working with cyber-physical systems. The industry needs to work with universities to get this on syllabuses, and supplement courses with extra training schemes such as summer schools and work placements. Similar programmes with schools will have a longer payback period but are also vital. Relatedly, at both university and school level, we need to redress the gender balance in technical subjects – we’ll never fully staff the industry if we restrict ourselves to 50pc of the potential candidates.
But perhaps most importantly, we need to change the image of the energy industry. Right now, if you’re a talented cyber security graduate, you dream of working for Google or Facebook, or a cool tech startup in Berlin. When you think about the utility world – if you think about it at all – you think of a corporate, old-fashioned organisation full of grey-haired men.
That’s not completely true – but not always completely false either. That needs to change, and we need to play up to the fact that this is really important, rewarding work. Rather than stopping a Facebook account being compromised, you could be saving Europe’s electricity grid. The stakes are higher and so is the satisfaction – you can be James Bond behind the keyboard!
Of course, there’s no simple fix, or someone would have done it already. But the skills gap is only going to get wider as more systems become connected. We’re going to need a bigger doll.
At ENCS, we want to play our part in narrowing the skills gap. If you’re a student or recent graduate interested to learn more about security in cyber-physical systems, why not apply for one of our intern positions?