Why So Many Hackers Are Russian, and What Corporate America Can Do About It
The United States is the undisputed center of the global technology industry, with more than a quarter of the world’s $3.8 trillion information-technology market headquartered within our shores. California’s Silicon Valley still reigns supreme as the world’s preeminent tech hub, but Austin, Seattle, Boston, and a host of America’s other urban areas are hot on its heels after a 47% surge in tech startups over the last decade. When American programmers and those who move here from abroad are looking for work, these are the places they go.
That isn’t the case when it comes to the tech world’s shadowy counterpart—to the hackers and hacking collectives that threaten individuals, governments, and businesses around the globe, including many based in the tech capitals mentioned above. To find that sector’s best talent, so to speak, you go to the Russian Federation.
Why is that? The state of Russia’s legitimate economy surely plays a role, with less opportunity for young programmers than in places like the U.S. and Western Europe. So does the Russian government’s well-publicized tolerance of the crime; many of the nation’s most accomplished hackers are recruited by Russian officials rather than punished by them. But it is possible that the biggest reason Russia has grown into a global cyber threat is the nature of its educational system.
Russian middle-school students complete coursework in a much wider variety of computer-science disciplines than their American counterparts. Russian teens study the basics of information-technology hardware, IT history, networking, algorithms, and more. By the eighth or ninth grade, the average Russian student probably understands more about IT and has more hands-on experience with computer technology than most American college students.
Russian high schools take it to another level. There, all students learn to program, and for close to 30 years they have taken compulsory tests covering it.
Unsurprisingly, the Russian government’s focus on computer science education has now funneled several generations of students into the field. According to The College Board, 270,000 American high-schoolers chose to take the Advanced Placement (AP) test in computer science between 2005 and 2016. A study by Perm State National Research University suggests that more than 600,000 Russian students took the their nation’s equivalent exam over the same period of time (keep in mind the Russian Federation has nearly 200 million fewer people than the U.S.).
In short, Russia has grown a huge surplus of technology talent—talent that’s spilling over into the growing “shadow market” for bot creators, malware writers, and other unscrupulous programmers who help their clients penetrate private and public networks here and abroad.
America’s private sector can’t do much to change Russia’s educational system, but it can start fighting harder for U.S. schooling that will produce the cybersecurity professionals we need—a job that is projected to have a staggering shortfall by 2021. Standbys like the Bill & Melinda Gates Foundation, the Alfred P. Sloan Foundation, and the Silicon Valley Education Foundation (SVEF) have made huge investments in this regard, but financial institutions and other private companies that are increasingly targeted by overseas hackers could do more on their own. Private, public, and academia alliances like the one between IBM and the Aspen Institute, are forming to address the US’s cybersecurity skills gap.
If you work in corporate cybersecurity, your first duty is the protection of your company and customers, but you may have a role to play in the development of tomorrow’s talent. The sooner our private sector starts giving future generations the skills they need to match their counterparts abroad, the safer we’ll all be.