“The Bold Plan to Create Cyber 311 Hotlines”
WIRED, June 7, 2023
By Eric Geller
“UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.”
Small businesses and community nonprofits are often sitting ducks for hackers. But across the United States, programs are springing up to connect these vulnerable organizations with fresh-faced defenders: college students.
Local businesses and other small organizations are facing an onslaught of cyberattacks, but federal agencies like the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are stretched too thin to help them all implement basic security measures. To fill this gap, public and private universities are launching cybersecurity centers modeled on law school legal clinics to train students as digital security consultants.
In a country besieged by endless hacking campaigns that disproportionately burden small, under-resourced businesses, and with national agencies focused on more serious threats to critical infrastructure, university clinics could be the future of cyber defense at the local level.
“There is a critical role for universities to play in community cyber defense,” says Sarah Powazek, the program director of public interest cybersecurity at the University of California, Berkeley’s Center for Long-Term Cybersecurity. “Students are local, highly motivated, and able to provide a range of services pro bono for under-resourced organizations that otherwise couldn’t afford them.”
In just a few months, the newest of these clinics will launch as a pilot project at the University of Texas at Austin, joining other schools that have formed a consortium to share ideas and lessons learned. But UT-Austin’s pilot program has a unique origin story. It was born out of conversations within CISA’s outside advisory board about an even more ambitious idea: a cyber 311 service offering emergency help to local businesses, modeled on the municipal hotlines that residents call to report potholes and broken street lights.
Because sending college students to help companies recover from hacks raises a host of logistical and legal questions, UT-Austin’s clinic will first evaluate the simpler task of offering pre-attack guidance. But the program’s leaders say they’re still interested in the 311 concept that inspired the clinic—and if they can eventually make it work, it could help make colleges the cybersecurity backbones of their communities.
A Closely Watched Project
The US faces twin cyber crises: Companies often lack the resources and knowledge to effectively protect themselves from hackers, and there are too few trained professionals to fill the cyber field’s many open jobs. Small- and medium-size businesses fall below a “cyber poverty line,” struggling to achieve even basic resilience. The persistent talent shortage—there are an estimated 756,000 vacant cyber positions in the US—only makes things worse.
Enter the cyber clinic.
For decades, law schools have used clinics to train future lawyers and support their communities with pro bono work. “There’s no learning like the learning that involves an actual, real client,” says Robert Chesney, the dean of UT-Austin’s law school, head of the university’s cybersecurity program, and founder of the new cyber clinic. “Everybody says those experiences are the most impactful things that they do.”
In recent years, universities have begun using a similar model to tackle cyber threats. Schools in Alabama, California, Indiana, Massachusetts, and several other states now operate cyber clinics.
The idea for the UT-Austin project emerged from discussions in CISA’s Cybersecurity Advisory Committee, a group of experts from the private sector, academia, civil society, and local government. During conversations about a university running a municipal cyber helpline, Austin quickly emerged as the ideal candidate, thanks to its already popular 311 service and the support of two committee members: Steve Adler, who was then Austin’s mayor, and Chesney, an influential UT faculty member.
CISA director Jen Easterly has championed the project and recently told the advisory committee that her agency will consider launching a nationwide cyber 311 system after evaluating Austin’s new clinic and similar efforts.
“The UT-Austin pilot is helping us better understand how we can provide cybersecurity services for small and medium-size businesses across our nation,” Easterly says in a statement, adding that she is “truly excited” about it.
About the Author:
Eric Geller is a journalist covering cybersecurity and technology. His stories have explored efforts to protect elections from hackers, take down cybercrime gangs, improve the security of commercial and open-source software, and regulate vital U.S. infrastructure. He spent more than six years as a cyber reporter at Politico; prior to that, he covered tech policy and served as an editor at The Daily Dot.