Sen. Kirsten Gillibrand (D-N.Y.) recently argued for establishing a Cyber Service Academy that would do for digital defense and warfare what West Point did for the infantry, cavalry and artillery. Indeed, we now face grave threats from keyboards and not just missiles. But the United States needs much more than one new top-notch school, because cybersecurity is a different kind of fight.
Americans like me who grew up in the 1980s or 1990s are used to relatively small numbers of volunteer U.S. soldiers fighting in faraway places to keep trouble there from arriving here. Even during the “war on terror,” we trusted our elite warriors to fix the problem for us.
But the cyber battlefield has come to our homes and places of work, inside our power plants and pipelines. Elite cyber warriors cannot alone protect us across a battlefield this big. That requires a broader deployment, and right now as a society we are poorly equipped for the fight. Many Americans continue to see cyber as the domain of NSA hackers and Stanford engineers rather than "for people like me."
In reality, the United States will soon be short millions of cyber professionals in both the public and private sectors, not just a few elite coders, and this puts our economy and security at risk. Fixing the problem at scale will require a bottom-up approach. For every officer trained at a "Cyber West Point," we’ll need thousands of private sector cyber-workers defending our critical infrastructure, shielding personal data of all Americans, and protecting the intellectual property that’s the lifeblood of our economy.
Achieving this means American universities and community colleges must expand educational attainment in cyber, and non-degree programs helping the workforce re-skill as security analysts and penetration testers. We can place many of these jobs within reach of most Americans. But we cannot achieve the needed scale without people from every background and geography seeing these careers as viable pathways.
This will require sectors to work together, and there are some promising signs already: Microsoft, for example, recently partnered with U.S. community colleges to help recruit and train 250,000 people into the cybersecurity workforce by 2025, and similar initiatives are blooming in cities across the nation.
To address this talent gap we also need the public and private sectors not to view competition for cybersecurity talent as a zero-sum exercise, but rather as an invitation to create a robust ecosystem that boosts defense capabilities while simultaneously accelerating economic growth.
In this we might learn from the genuinely astounding experience of America’s ally, Israel. The Israeli Defense Force’s (IDF) famous Unit 8200 offers top-notch cyber training to young Israeli soldiers. Unlike their American colleagues, who are then encouraged to spend their entire careers inside Fort Meade, the NSA’s Maryland headquarters, the IDF understands that many of its finest will leave after a few years and take their critical know-how to every sector of the Israeli economy.
The result has been not only second-to-none national cyber defense capabilities, but also a slew of Israeli cyber startups raising an astonishing $9 billion last year alone. These high-profile startup successes associated with Unit 8200 alumni in turn drive positive media (and recruitment) for Unit 8200 and the IDF. The United States military and intelligence services could play a similarly catalytic role in closing our cyber talent gap while improving our national security.
U.S. veterans already fill the ranks of American firms in logistics, engineering, communication, and other sectors that demand the type of leadership and technical skills that many veterans obtain through their rigorous military training. The U.S. military has also become one of the most integrated of American institutions, and if America can compete and win in cyber it must activate every sector of society – from every region of the country – to make sure we can fill the nearly 600,000 cyber security jobs vacant today.
Here in Tulsa, we’ve seen firsthand why cyber defense is everyone’s responsibility. In the last 20 years, the University of Tulsa has placed more than 350 graduates in key cybersecurity positions with the NSA and other intelligence agencies as part of the Cyber Corps program – more than any other participating school in the nation. And yet, while these dedicated men and women were busy fighting for America from Fort Meade, their hometown was hit by a crippling ransomware attack in 2021 that made some critical municipal services unavailable for months.
Add to that the constant attacks on pipeline and utility infrastructure in our region, as well as the attacks on healthcare systems nationwide—many of which go unreported to mitigate civil liability or protect corporate reputations—and it’s understandable why we can no longer address the threats we now face exclusively by a centralized, government-run organization, no matter how elite.
Cyber security operates very much as a team sport, which should inform the way we identify, recruit, and train talent. When the Cyber service academy welcomes its inaugural class I expect to see Tulsans among the cadets who will protect the nation in this vital domain. Those of us here in the heartland know that it’s also our responsibility to protect our backyard at the same time. That means we’ll need to educate, train, and keep some of our best and brightest cyber talent here at home.
Conor Godfrey, cyber and analytics portfolio manager, Tulsa Innovation Labs