May 11, 2023

An analysis of the proposal to create a national, virtual, cybersecurity academy shows that creating the academy would not only solve the federal government’s cybersecurity workforce problem in less than 4 years but would create savings that allows the program to pay for itself – and even contribute to reducing the federal budget deficit.

The proposal by the Internet Security Alliance (ISA) and the Association of Governing Boards (AGB) calls for expanding a program initiated in last year’s National Defense Authorization Act.  The ISA-AGB proposal would use modern technology and distance learning techniques to knit together the nation’s existing cyber workforce training programs into a virtual academy and support them by providing free tuition for students who enrolled in the academy curriculum in return for government service – much like the traditional service academies.

The federal government has 35,000 cybersecurity jobs it can’t fill (750,000 nation-wide) and the gap is growing by more than 10% a year.  It is axiomatic that none of our cybersecurity efforts – not the standards, not the regulations, not the technology – nothing – can work if we don’t have enough trained people to implement them. The federal government is currently spending nearly $70 billion on cybersecurity and much of it is wasted due to the personnel gap. A virtual academy enrolling 10,000 students a year – lured by free tuition – would solve the federal government’s workforce shortage in less than 4 years and even after leaving government service the graduates would continue defending our country against cyber-attacks in the private sector.

College tuition for 10,000 students – plus for 20% administration — would cost the federal government about $1 billion a year. However, an analysis from an ISA board cross-sectoral committee shows these costs would be completely off-set.  As a result, the program would be significantly enhancing our nation’s cybersecurity essentially for free.

The ISA board analysis identified multiple categories for cost savings including lower salaries, reduced incidents, increased innovation, lower turnover and associated re-training and on-going recruitment.  Three categories alone would generate more than the $1 billion annual cost.

Simply reducing the expense of hiring outside contractors from the private sector would generate enough savings for the program to pay for itself. Currently the government needs to hire outside contractors for much of their cybersecurity at an average cost of about $288,000 per consultant per year. Academy graduates (who already received free tuition) would earn only about $82,000 at the top end.  Simply replacing 5,000 of these consultants with well-trained academy graduates (half the number we are proposing training) would generate an annual saving of just over $1 billion. Moreover, these savings would be retained year over year as there would be a const supply of new academy trained graduates each year.

In addition to hard savings from lower academy graduate salaries there would be additional savings from more cost-effective talent sourcing. Entry level federal cybersecurity government employees (non-contractors) on average cost $70,000 a year. A new academy graduate – having received a free college education – would earn a salary of just over $40,000 to start.  Total yearly savings over the current recruitments would be nearly 3,000,000 for 10,000 positions.

Perhaps most importantly in terms of security and savings would be the benefit of having fewer cybersecurity incidents since the federal government’s would finally be fully staffed to meet its cybersecurity needs. It’s almost incalculable what these savings translate into in terms of economy and security – and all these savings are from a program that is more than paying for itself.

The cybersecurity workforce issue is more accurately thought of as national security mobilization.  We are under almost constant cyber attack – often from nation states like China, and Russia, and we don’t have nearly enough soldiers. At the same time there is hardly a family in the country with children between the ages of 5 and 15 that is not apoplectic about how to send their kids to college (millions of these kids are virtually addicted to e-sports and other on-line gaming). The virtual academy allows us to leverage one of the nation’s major problems – college costs—to solve another major problem – cybersecurity.  There were 40,000 applicants to the existing services academies who were turned down just last year – we only need 25% of them to solve this problem.

These are just a few of the avenues for savings for the virtual cyber program.  There are many, many others including enhanced innovation by bringing more people into the field, increasing the commitment to government service, creating a common operating picture cyber-attack, less turnover etc. etc. etc.

The federal government is spending almost $70 billion on cybersecurity.  The most cost-efficient – the very first billion – ought to be spent on the virtual academy.