You read that right. By creating a national virtual cybersecurity academy we would fill the current 35,000 federal cybersecurity workforce gap in 4 years thus measurably enhancing our country’s security. Moreover, because academy graduates would replace the current independent contractors the government is hiring while receiving salaries equivalent to that of graduates of the traditional service academies, the annual savings for the government would be about $1billion a year. Cost of running the academy — one billion.
Free cybersecurity for the federal government..
THE ACADEMY PUTS CYBER IN IT’S PROPER, NATIONAL SECURITY CONTEXT
We need to stop using the antiquated term “cybersecurity workforce development.” What we really are talking about is national security mobilization.
It wasn’t until after WWII that we realized that the skies were a unique domain of warfare. And that our lack of preparation for this new domain of conflict contributed to things like the Japanese successful bombing of Pearl Harbor. Hopefully we won’t need a cyber–Pearl Harbor before we decide to prepare our defense with trained personnel.
The reality is we are already under attack all day, every day, thousands of times a day including from nation states and state affiliated attackers, and we don’t have nearly enough trained “cyber soldiers” to defend ourselves. Much like modern aircraft fundamentally changed the nature of international conflict, so too has digitalization altered the nature of conflict and hence the nature of effective defense. Our cybersecurity requires a very different set of skills than the traditional military. Cybersecurity training requires not only technical training in the technology itself but a wide range of associated skills such as strategic thinking, probability estimation, human resources (people are our greatest vulnerability) as well as supply chain management, auditing, and strategy.
We need national defense mobilization effort, and we need it soon. At the very least our government agencies need adequate personnel.
THE ACADEMY ADDRESSES OUR CYBERSECURITY ISSUE AT ITS PROPER SCALE
The data shows us clearly that the current piecemeal system of acquiring sufficient cyber personnel is not working. We need a dramatic increase in trained personnel, and we need them fast. Despite recent spending increases and the existence of a number of, very good, training programs the gap is containing to grow with estimates of increases of as much as 30% in the next few years. Things are especially bad in the critical government sector. A recent CSIS study showed that the federal cyber workforce increased by 25% in the past 3 years. The future for the federal sector is even bleaker as natural attrition is going to make things worse. There are 16 times more federal “IT” workers over 50 years old than under 30.
The academy proposal, which would fund the injection of 10,000 new trained cyber practitioners into the market each year is by far the most aggressive proposal being considered. However, even with the academy proposal adding 10,000 a year it would take us 70 years to fill the gap (the gap as it exists n 2023). It’s just a start but we need to address the issue at scale.
THE ACADEMY CAN HELP REINVIGORATE THE ETHIC OF NATIONAL SERIVCE
One of the advantages of bringing a new 10,000 new citizens into national service (hopefully even more in future years) is that it will create a whole new cadre of individuals who will be acquainted with, involved with and supportive of our nation – at a personal level.
The traditional service academies are famous for developing an Esprit de Coups and while being part of the cyber academy is not the same as training or participating in actual military action which obviously creates an especially intense sense of loyalty to your comrades in arms, one might expect a degree of commitment and support which might be a good feeling to inject into our population at this particular point in time.
THE ACADEMY CAN HELP DEFINE A COMMON OPERATING PICTURE FOR CYBER
The virtual academy is envisioned as a physically far-flung entity of institutions knit together digitally. The curriculum would be set by a group of experts brought together by the government but inclusive of many diverse concepts contributed by the experts who are running the program. As such the academy provides a vehicle, that doesn’t currently exist, to bring together and coordinate the vast, and disbursed, expertise our nation has to develop common principles and approaches to cybersecurity. This mechanism would be far superior to the outmoded series of disparate conferences and associations.
In short the academy would create a pipeline injecting thousands of desperately needed new cyber experts into our eco-system. It would quickly mobilize personnel to defend our national interests and subsequently assist in defending private companies. It will do so while enhancing sense of commitment to the nation, creating a common operating picture and reducing the number of successful cyber incidents.
Did I mention that it is essentially free?
What do we have to do to make a deal here?