Maybe you, like me, are an Olympics fan (in my case: Summer Games, track & field). Most Americans look forward eagerly for the Super Bowl, while the rest of the world (and, increasingly, many in the U.S.) are waiting for the World Cup. But too few of us are aware that next summer will be the inaugural International Cyber Security Challenge, an esports event that pits teams from multiple countries against each other in cybersecurity skills. The U.S. is sending a 25 person team.
So what, you might say? Well, if you work in healthcare (or any industry, for that matter), or use any kind of digital device, you should care. Ransomware attacks on healthcare organizations continue to proliferate, the Colonial Pipeline cyberattack this past spring illustrated the weakness of other parts of our critical infrastructure, and we’ve all almost certainly had some of our personal data exposed in data breaches.
We’re in a war, but it’s not clear that we have the
right army, with the right weapons, ready to fight it. Thus the U.S. Cyber Games.
The U.S. team was chosen through three stages. The U.S. Cyber Open allowed cyberathletes to
compete in a two-week long “capture-the-flag”
competition, From that, sixty of the
cyberathletes were invited to the U.S. Cyber Combine, an in-depth eight week
screening process. That led to the Cyber
Team Draft, which resulted in the team that will represent us in the
International Cyber Security Challenge.
“Practicing defenses in today’s world when all rules are changing is difficult. This helps them see what attacks look like in real life,“ Jessica Gulick, Katzcy’s founder and CEO, told The Washington Post. Head Coach TJ O’Connor, who chairs Florida State’s cybersecurity program, added:
Understanding the most likely attack is one thing you gain through Cyber Games. It’s an attack-based curriculum, and then you can plan the most appropriate strategies when they occur…It’s very important to show them how to attack, and it’s not so they become attackers, it’s because you can’t defend against an unknown boogeyman you can’t explain.
Sears Schultz, one of the team’s captains, believes:
“Competitions are a great way to get people more
excited about cybersecurity. These
actually have a direct relation between the skills and what you can do
professionally. It’s a great way for companies to identify and recruit talent.”
So, what is your organization
doing to identify and recruit this now mission critical kind of talent?
Healthcare organizations have hired IT talent for
decades, but are now struggling to attract people with digital expertise, much
less cybersecurity skills. Mobile health
apps are exploding, but – whoops – many
have critical vulnerabilities that leave them open to cyberattacks. The FTC wants
to require health apps to report breaches, even though the companies aren’t
necessarily subject to HIPAA, but reporting breaches is far short of stopping
them.
Mobile apps, IoT, and cloud computing require a host
of new skills, and pose a host of new problems.
Conventional IT talent isn’t going to cut it.
Not every organization is going to be
able to recruit one of the Cyber Team’s members (and I’m sure the U.S. Cyber Command and Big Tech will be at
the front of that line). Esports and
hackathons are two other nontraditional ways to find cyberathletes.
The International Olympic Committee took
a step towards including esports in the Olympics by featuring the Olympic
Virtual Series shortly before the recent Tokyo Olympics, and it is widely expected
that esports will eventually be added as an Olympic sport. "The Olympics need esports more than esports need the
Olympics," Rod Breslau, an esports and gaming consultant, told
CNET.
Feel free to replace “the Olympics” with
“healthcare,” or any other industry.
“Hacking” sometimes has a negative connotation, but the
skills it requires and develops are exactly the ones needed by cyberathletes. One of the Cyber Team members admitted
to WaPo: “I love it. I really like hacking things…This is
definitely something I want to do as a career. I want to do something from the
offensive side”
Hackathons have been around slightly longer than
esports, although they haven’t been commercialized in quite the same way. They are typically conducted over a short
period of time, such as a weekend, and participants are challenged to come up
with software solutions to problems. The
appeal is that it forces people from a variety of backgrounds/companies to
solve problems quickly, often leading to unconventional solutions.
Hackathons have been used by a variety of industries
for a variety of problems, including healthcare. For example, in August the VA hosted a data
science hackathon on the thorny but boring problem of medical coding. The teams didn’t solve the problem but organizers
believe participants came away with ideas they could use to improve it.
---------
So, maybe someone your healthcare organization should
be paying attention to the International Cyber Security Challenge next summer,
or, at least, checking out what schools/programs the athletes come from. Maybe it should sponsor an esports event or
team. Certainly it should hold or participate
in hackathons to address some of the many problems healthcare IT has, and build
relationships with Major League Hacking (“the
official student hacking league”).
Or it could just wait for the next cyberattack.
No comments:
Post a Comment