For students of cybersecurity at
Switzerland’s 150-year-old ETH university in Zurich, hacking is
a legitimate part of the curriculum.
Students learn to infiltrate Internet and mobile networks
in classes on “wireless electronic warfare” and “modern
malware” designed to prevent computer malfeasance. The number
of students enrolled in ETH Zurich’s
information security
master’s program has more than tripled since 2009, the
university said.
Demand for cyber specialists is rising as companies such as
Deutsche Telekom AG (DTE) and
ABB Ltd. (ABBN) hire more experts to counter
risks to their networks and products. Cybersecurity has grown
into a $60 billion global business, according to
PricewaterhouseCoopers LLP, while concern over hacking has been
heightened by reports of mass surveillance by the U.S. National
Security Agency and eavesdropping of German Chancellor
Angela Merkel’s mobile phone.
“The NSA affair was a wake-up call, but companies also
became aware that there’s a lot more cyber criminality,”
Juergen Kohr, head of cybersecurity at
Germany’s biggest phone
company Deutsche Telekom, said in an interview. Last year it
suddenly became more competitive to recruit the right people, he
said. “It’s a very, very embattled market.”
Gulp Information Services, a Munich-based subsidiary of
Dutch recruitment agency Randstad Holding NV, said it received
2,423 requests for IT security specialists last year, up 54
percent from 2012 and almost seven times more than a decade
earlier.
Malicious Programs
18 months ago, attacks by the so-called Shamoon computer
virus against Saudi Arabian Oil Co., the world’s largest crude
exporter, destroyed about 55,000 servers and workstation hard
drives, according to U.S. officials.
Software made by
Siemens AG (SIE),
Europe’s biggest engineering
company, and used to control water-processing plants, power
grids and factories suffered an attack by a malicious program
dubbed Stuxnet in 2010. It targeted Simatic WinCC, a supervisory
control program that the world’s infrastructure agencies and
manufacturers use to acquire and analyze data, the company said
at the time.
Stuxnet was able to penetrate controls, send data back to
its creators and eventually destroy systems.
The proportion of companies reporting losses of $10 million
or more as a result of cybersecurity incidents has risen 51
percent since 2011, according to a survey of 9,600 executives in
115 countries by PwC last year. About 7 percent of respondents
said they had suffered such losses.
Career Options
About 30 ETH Zurich information security master’s students
can also learn how to protect products such as cars. In an
experiment, they open and start vehicles with off-the-shelf
electronic hardware costing as little as $100 to analyze
security flaws of wireless remote keys.
If a hacker wants to pursue a career outside the corporate
world, governments worldwide are also keen to secure their
services.
“Supply isn’t keeping up with the growing demand for
talent,” said
Kristina Huramsin, a Frankfurt-based recruitment
consultant for
Manpowergroup Inc. (MAN)’s Experis unit who specializes
in cybersecurity hires. “Since 2011 demand grew in tiny steps,
but it jumped massively last September because of the whole
Snowden affair.”
Snowden Leaks
Former U.S. government contractor Edward Snowden began
leaking documents in June that revealed NSA spying activities
targeting companies, European Union institutions and
governments.
While companies are keen to protect themselves, they’re
also selling services that protect their customers.
Markus Braendle, head of cybersecurity at the world’s
largest maker of power transformers ABB, said the 9/11 attacks
also spurred demand for security services because the U.S.
government required utilities to upgrade their cyber defences.
“Cybersecurity was the number one new boardroom issue of
the past year,” said Leif Johansson, chairman of the European
Round Table of Industrialists, whose 53 members are chief
executive officers or chairmen of some of Europe’s biggest
companies including
Roche Holding AG, Nestle SA and
Royal Dutch
Shell Plc. (RDSA) “The potential consequences are huge and we need
many more well-skilled employees to tackle those issues.”
Cybersecurity budgets increased on average by more than
half in 2013, and almost half of respondents expect to increase
their outlay further this year, according to the PwC study.
Certain Mindset
To attract candiates, companies may pay as much as 25
percent more for security experts than for Web developers, said
Huramsin. One headhunter even offered candidates the use of his
holiday house in Switzerland, she said.
“You definitely need people who have a certain mindset --
which is thinking outside the box, figuring out how do I attack
a system,” said Braendle, who is a ETH Zurich graduate.
ABB, which competes to supply equipment to power grid
operators with Siemens,
General Electric Co. (GE) and
Emerson
Electric Co. (EMR), added cybersecurity managers for each of its 24
business units and bought a stake in security company
Industrial
Defender in 2010.
Siemens in December introduced a service it manages on
behalf of clients to protect hardware from Web attacks. Siemens
declined to be interviewed and said in an e-mailed statement
that it takes industrial security “very seriously” as it works
with clients to secure facilities.
While security is a priority for executives, companies are
often reluctant to discuss breaches, said Braendle.
“We know that there have been attacks, incidents,
breaches, but they are not being talked about,” he said. “It’s
still pretty sensitive, people don’t want to share their
experiences. And that makes it harder to defend against.”
(Credit:
Screenshot by Lance Whitney/CNET)
