Cybersecurity Labor Shortage in the Maritime Domain

Posted By: Marco Ayala Port Bureau News, Newest Edition,

The shortage of qualified cybersecurity professionals has long been a concern, but with the rise of nation-state threats and bad actors eager to make money by holding electricity, gas and pipeline, and maritime domain operations hostage for financial gain, the labor shortage is becoming more of a challenge and could have long-lasting effects.

In the U.S., the cybersecurity workforce has more than 950,000 workers. From May 2021 to April 2022, there were 714,548 jobs posted online, representing almost as many jobs as the existing workforce. According to Cybersecurity Ventures, the number of open cybersecurity positions worldwide increased from 1 million to 3.5 million, between 2013 and 2021, and based on the researcher’s data, there will still be the same amount of unfilled positions in five years.

In particular, there is an acute cybersecurity labor shortage in the operational technology (OT) and control systems security space. In the maritime space, the amount of skilled cybersecurity workforce that understands the environment is even minuscule to other industry sectors. Driving the shortage is an increasingly digitized world, with its larger attack surface needing protection and a workforce struggling to keep up. Also contributing to the shortage is a large retirement pool, with 40% of baby boomers having retired by 2020 and Generation X workers looking forward to retirement within the decade.

Securing U.S. assets from coast to coast and offshore in U.S. territorial waters is critical. Below are key measures companies can implement to combat the cybersecurity labor shortage.

Recruit and train high-quality cybersecurity enthusiasts aggressively.

Companies are increasingly cross-training IT professionals in the OT domain to make up for the shortage of cybersecurity workers. Hiring sprints of 30, 60 or 90 days — focusing on employing as many cyber professionals as possible - also have proven successful. To seek out a consistent supply of employable cybersecurity talent, businesses should establish official ties with educational institutions and professional associations. By offering education, training and certification in areas like OT, industrial control systems and automation security, organizations like the International Society of Automation are doing their best to keep the cybersecurity field brimming with qualified personnel. Though not at a rate that matches the number of open jobs, more students are enrolling in computer science and cybersecurity programs. This increased demand for technical knowledge is altering the curricula of schools and changing what students learn. Once an employee is hired, seeing that their skills are continually upgraded to match ever-changing threats will require an ongoing commitment to specialized training.

Participate in public-private partnership resource sharing.

The federal government and corporate sector are working together more now that there is a labor shortage, particularly by exchanging information that counters the rise of cyber risks. 1898 & Co. works with entities like the Joint Cyber Defense Collaborative and Idaho National Laboratory and has joined forces with cybersecurity information sharing groups such as the Operational Technology Cybersecurity Coalition (OTCC) to shore up defenses on behalf of clients. The coalition was founded by Claroty, Forescout, Honeywell, Nozomi Networks and Tenable and is made up of a diverse group of leading cybersecurity providers. The OTCC, which represents the entire OT lifecycle, believes that the best approach to securing our nation’s critical infrastructure is one that is open, vendor-neutral, and allows for diverse solutions and information sharing without jeopardizing individual operations’ cybersecurity. Being part of information sharing groups like the OTCC is considered one of the best defenses against cyber threats, allowing participants to collaborate on nationwide cyber defense strategies, share information and mitigate attacks.

Stay abreast of federal initiatives that can impact cybersecurity hiring efforts.

The government has launched a number of public-private initiatives to support improved cybersecurity across industries. President Joe Biden has signed an executive order to fortify and defend crucial infrastructure and networks against cyberthreats by making it easier for public and private sector operations to share threat information. The government also has allocated more than a billion dollars through the Infrastructure Investment and Jobs Act for workforce development in cutting-edge technologies and cyber-related support. Additionally, one new federal initiative is the National Cyber Workforce and Education Summit held at the White House. Bringing together global entities that employ, train and educate cyber professionals, the event has three main goals: increase diversity, equity, inclusion and accessibility (DEIA) in the cyber industry, develop the cyber workforce in the U.S.; and improve training and skills-based pathways to cyber jobs.

Embrace a culture of respect for cybersecurity.

The most talented, well-educated, and mentored professionals can be hired by a company and placed in an environment that ruins them. Companies must take care not to waste a valuable resource if they hire top-notch talent. When a firm makes a great hire, it’s critical that the employee be able to contribute. Empower them and allow them to make real changes where warranted. Avoid putting them in a position where they are unable to make a difference because a restrictive business culture prevents them from being heard. Continuously assess, develop, and implement your human resources, determine where they are best suited and then reward them for a job well done. Shutting down these cybersecurity enthusiasts can have a negative impact on a business, a market, and an entire industry. From the factory and the field all the way up to the top of an enterprise, it’s important to encourage a healthy respect for cybersecurity as part of the company culture.

Working with a qualified cybersecurity consultant in the maritime space can help extend project owners’ cybersecurity personnel. A top-rate consultant will not only secure infrastructure assets but also will help mentor staff so that they are capable of maintaining secure systems in the long term.

The labor shortage is one of many issues industries face when dealing with cybersecurity. No matter the type of operation, managing cybersecurity is critical to keeping our nation’s infrastructure safe and secure.


About the Author

Marco Ayala - marco.ayala@1989andco.com
1898 & Co., Burns & McDonnell
ISA - 2023 Automation & Technology, Vice President
InfraGard Maritime Domain Sector Chief
Advisory Board-Port of the Future

Marco Ayala is global director of cybersecurity at 1898 & Co., and an instructor and vice president-elect for the International Society of Automation. With more than 25 years of experience, he focuses on the safety and security of industrial automation and control systems ("IACS") in the maritime domain, and for oil and gas, chemical and maritime entities around the globe.