Is it time for a U.S. cyber academy?
- By Gregory Conti
- Oct 27, 2019
Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.
If you are reading this article, you'll probably agree that cybersecurity is a critical threat to national security. American is one of the most technologically advanced, and technologically dependent, nations on Earth. Our adversaries know and exploit this. Across the government and military we are rushing to secure our systems, but fighting and often losing an uphill battle. To change the tide, we need to create a service academy dedicated to cybersecurity and cyber operations. This idea isn't new, but the need is critical.
Today, each service academy focuses on the requirements of the military service it feeds. This is as it should be. West Point focuses on the land domain, the Naval Academy on the sea, and the Air Force Academy on air and space. Absent is an academy for cyberspace, which was recognized as a warfighting domain in 2011.
We are missing an opportunity. No, it's more than that. We are putting our nation at risk.
While today's service academies include some cyber operations content, this percentage is necessarily small compared to the overall program and student population. Today there is a critical shortage of cybersecurity expertise, especially in the government. An academy focused on the cyber domain is needed now to recruit, educate, train, and inspire such talent.
Should the U.S. Cyber Academy be a "military academy" as they exist today? Yes and no. We can take best practices to inform the design, keeping things like the rigor, operational focus, service obligation, and sense of purpose. But we should also break the "rules" when needed. Graduates could join any military service, versus the stovepipes that exist today. More importantly, other graduates could serve as civilians across the government. Other innovation is possible. Perhaps we can reduce the age restrictions, require summer internships in commercial companies, allow wheelchair-bound students, or even field a competitive cyber team with the priority of a college football team.
The rigorous and immersive academy experience would form lifetime bonds and trust, growing cohorts of alumni that would serve across government and its traditional bureaucratic boundaries. We need trust, teamwork, and strong relationships to create the collective defense we require as a nation. Organizations that attempt to stand alone, will be defeated individually. We are stronger as a team. It's our only real defense against the cyber threat.
As the other academies have done, the U.S. Cyber Academy could craft a four year program to develop leaders, but this time focused on cyber conflict. We shouldn't throw out the hallmarks of classic undergraduate education: writing, foreign language, history, ethics, and so forth. Upon this foundation would be the necessary technical knowledge to understand the hardware, software, and networks that compose cyberspace. Cybersecurity is a core component, but we shouldn't confuse cybersecurity with cyber operations. An interesting aspect of cyber operations is its multidisciplinary nature. Virtually every domain of knowledge intersects in meaningful ways. At the Academy, law would include cyberlaw, political science would emphasize cyber policy, foreign languages would survey culture and languages from cyber threat actor states including technical terminology and hacker jargon. You get the idea.
The similarity doesn't end with academic subjects. Military subjects intersect in powerful ways with cyber operations: deception, electronic warfare, information operations, strategy and tactics, operational planning, war gaming, intelligence, virtually all military subjects have meaningful analogs in cyberspace. These disciplines need to be mapped to the cyber domain, a process which is ongoing today, then integrated into the curriculum. We can innovate in cyber operations training too, providing challenging technical certifications and new forms of rigorous military training, but maybe we can forgo the Napoleonic-era drill and ceremonies practice.
A key strength of the military academy model is immersion. Much of the learning occurs outside the classroom, on sports fields, in clubs, on evenings and weekends, and during the summers. We can do the same at the U.S. Cyber Academy, but optimized for growing cyber operations leaders and technical specialists. The Cyber Corps Scholarship for Service and NSA's Center of Academic Excellence in Cyber Operations programs are a great start, but lack the year-round, 24/7, immersive and institution-wide focus provided by a dedicated U.S. Cyber Academy.
Investing in a U.S. Cyber Academy today provides an immediate impact and will prove a wise investment in our future. Change doesn't come easy to the government or the military, but the results will be worth the effort.
So, is it time for a U.S. Cyber Academy? Yes, we are long past due.
Gregory Conti, a West Point graduate, is Senior Security Strategist at IronNet.