If the United States wants to remain ahead of the forthcoming cyberwars, it’s going to need a new generation of leaders.
- By Mark R. HagerottMark Hagerott was formerly a frigate commander and a distinguished professor of cybersecurity at the U.S. Naval Academy. He is currently chancellor of the North Dakota University System. , James StavridisJames Stavridis is a retired four-star U.S. Navy admiral and NATO supreme allied commander who serves today as the dean of the Fletcher School of Law and Diplomacy at Tufts University. His latest book is The Leader's Bookshelf.
President Donald Trump recently announced a new budget that would redirect tens of billions of dollars to national security programs. The news may be putting smiles on the faces of many a Pentagon program manager, but this is no time for business as usual or funding only current programs. At least some of our national treasure should be devoted to the creation of something audaciously different but crucial to winning the wars of the future: a U.S. cyber academy.
A national crisis has been building for years and has now burst into the open with massive data breaches, Russian hacking into our national electoral process, and rampant cybercrime. A first instinct by many security organizations flush with cash is to reach for technological solutions to mitigate what appears to be a technological shortfall. But there is so much more to the problem than better codes and more powerful digital machines. And directing more resources to cybersecurity contractors is only part of the solution set.
Winning in cyberspace is at root a human problem. We urgently need to build the next generation of cyberleaders to prepare both government and civil society to defend and deter in this venue. A useful model to consider is that of a national cyberservice academy, much like the dedicated national service academies at Annapolis, West Point, and Colorado Springs, which educate the human leaders to defend the nation at sea, on land, and in the air. The Pentagon should use its new windfall to establish a national cyber academy to defend America in cyberspace, in our critical infrastructure, and in the internet of things.
For those unfamiliar with the federal military service academies, a quick bit of history might help make the case. In 1802, President Thomas Jefferson signed legislation to establish the Army’s academy, an educational initiative to respond to the dual challenge of providing leaders for the land defense of the nation and respond to the emergence of the engineering profession. In fact, West Point was the first engineering college in America. A generation later, in response to a crisis in the Navy (a mutiny at sea) and the rise of mechanical engineering, the Navy created its own academy at Annapolis, an educational initiative to create scientifically minded naval scientists and engineers. Most recently, during the Cold War crisis involving missiles and atomic weapons, President Dwight Eisenhower established the U.S. Air Force Academy as an educational initiative to produce leaders of aerospace.
In several ways, a U.S. cyber academy should be like the other military federal academies. It should draw talent from across the country through a highly competitive process and congressional appointments; offer a full scholarship; and require graduates to serve a period in national service, typically five years. The cyber academy should be accredited and built upon a strong, intellectually broad-based foundation. We do not want cyberleaders vested with great power who are merely trained in cyberoperations and defense.
What would a potential construct look like?
First, all students should pursue a singular major, at least at first: the cybersecurity major working its way through accrediting bodies of higher education. This major, which is being tested at the U.S. Naval Academy, includes a rigorous course load in computer science, cybersecurity knowledge, human hacking, and a solid foundation in the liberal arts, ethics, and laws of cyberspace. This curriculum will evolve as the terrain and technology evolve.
Second, this academy should fall administratively within the Department of Homeland Security, but be a joint (all the military services) and combined (international and interagency) academy. It should be supported by the Air Force, Army, Marine Corps, and Navy, but also forge a partnership with Canada — a NATO ally that shares a massive infrastructure built of the internet of things and is part of the Five Eyes intelligence-sharing partnership.
Third, the academy will be unique because graduates would be able to commission into any of the services, but also into the National Guard, the Reserves, the FBI, Border Patrol, and other government agencies as civil servants.
Fourth, the academy will take an innovative approach to faculty recruitment and education. Tech leaders in the Silicon Valley and the National Security Agency will be offered adjunct and tenured positions based on education and experience in cyberspace. Given the severe shortage of Ph.D.s in the cybersecurity field, the doctorate could come later. It may be prudent to locate the campus near an existing research university that could facilitate cross-connections with researchers and undergraduates, and allow a quick start to building the faculty and student body while the academy is built.
Fifth, the academy will be a hybrid of both virtual and “bricks and mortar.” It must have a physical campus in order to build human camaraderie and community. (If you think community isn’t important for cyberleaders, take a ride through the campuses of Cupertino, Menlo Park, or Mountain View). But the U.S. cyber academy will also have a virtual presence, where students can learn from any expert in the world. As for physical location, it should be near areas conducive to robotic testing and development, as well as energy and power grid infrastructure, to enable hands-on work with increasingly intelligent machines and systems. The Silicon Valley in California, the Route 128 Tech Belt in Boston, and possibly some regions in the Midwest could be a good fit.
Sixth, unlike traditional military academies, the student body should be open to young Americans with physical disabilities. Because this cybercrisis will be a battle of minds and machines, we need the best human intellect and solid moral foundation. Stricter physical requirements would apply only to graduates who hope to commission into the armed forces or FBI/Border Patrol, where it can be proved that a high level of physical attributes are necessary.
Lastly, this academy should include an associated, one-year prep school focused on the academic preparation of enlisted military and first-generation students to succeed at the U.S. cyber academy. Unlike the other service academies, varsity sports will not be a priority, and the prep school programs will not be used for recruited athletes.
Cybereducation of the next generation is urgent business, and we applaud the efforts of the NSA, the Department of Homeland Security, and the National Initiative for Cyber Education. But much remains to be done as we build the next generation of cyberleaders.
Photo credit: MARK WILSON/Getty Images