For students of cybersecurity at Switzerland’s 150-year-old ETH university in Zurich, hacking is a legitimate part of the curriculum.
Students learn to infiltrate Internet and mobile networks in classes on "wireless electronic warfare" and "modern malware" designed to prevent computer malfeasance. The number of students enrolled in ETH Zurich’s information security master’’ program has more than tripled since 2009, the university said.
Demand for cyber specialists is rising as companies such as Deutsche Telekom and ABB hire more experts to counter risks to their networks and products. Cybersecurity has grown into a $60 billion global business, according to Pricewaterhouse Coopers, while concern over hacking has been heightened by reports of mass surveillance by the National Security Agency and eavesdropping of German Chancellor Angela Merkel’s mobile phone.
"The NSA affair was a wake-up call, but companies also became aware that there’s a lot more cyber criminality," Juergen Kohr, head of cybersecurity at Germany’s biggest phone company Deutsche Telekom, said. Last year it suddenly became more competitive to recruit the right people, he said.
Munich-based Gulp Information Services, a subsidiary of Dutch recruitment agency Randstad Holding, said it received 2,423 requests for IT security specialists last year, up 54 percent from 2012 and almost seven times more than a decade earlier.
Eighteen months ago, attacks by the so-called Shamoon computer virus against Saudi Arabian Oil Co., the world’s largest crude exporter, destroyed about 55,000 servers and workstation hard drives.
Software made by Siemens, Europe’s biggest engineering company, and used to control water-processing plants, power grids and factories suffered an attack by a malicious program dubbed Stuxnet in 2010. It targeted Simatic WinCC, a supervisory control program that the world’s infrastructure agencies and manufacturers use to acquire and analyze data, the company said at the time.
Stuxnet was able to penetrate controls, send data back to its creators and eventually destroy systems.
The proportion of companies reporting losses of $10 million or more as a result of cybersecurity incidents has risen 51 percent since 2011, according to a survey of 9,600 executives in 115 countries by PwC last year. About 7 percent of respondents said they had suffered such losses.
About 30 ETH Zurich information security master’s students can also learn how to protect products such as cars. In an experiment, they learn how to open and start vehicles with off- the-shelf electronic hardware costing as little as $100 to analyze security flaws of wireless remote keys, according to Srdjan Capkun, an associate professor in ETH Zurich’s computer science department.
If a hacker wants to pursue a career outside the corporate world, governments worldwide are keen to secure their services.
"Supply isn’t keeping up with the growing demand for talent," said Kristina Huramsin, a Frankfurt-based recruitment consultant for Manpowergroup’s Experis unit who specializes in cybersecurity hires. "Since 2011 demand grew in tiny steps, but it jumped massively last September because of the whole Snowden affair."
Former U.S. government contractor Edward Snowden began leaking documents in June that revealed NSA spying activities targeting companies, European Union institutions and governments.
While companies are keen to protect themselves, they’re also selling services that protect their customers.
Markus Braendle, head of cybersecurity at the world’s largest maker of power transformers ABB, said the 9/11 attacks also spurred demand for security services because the U.S. government required utilities to upgrade their cyber defences.
"Cybersecurity was the number one new boardroom issue of the past year," said Leif Johansson, chairman of the European Round Table of Industrialists. "The potential consequences are huge and we need many more well-skilled employees to tackle those issues."