In an effort to ensure that new officers hitting the fleet have the latest information to effectively combat threats in a new theater – cyber – new courses are being rolled out at the U.S. Naval Academy as a requirement. Cyber is now considered the fifth warfare domain – after land, sea, air and space – and the academy is ramping up to make sure its graduates are ready for the challenge.
Initially, they'll be requiring a single cybersecurity course. They are also developing a third-year, more advanced course and working on internships for officer cadets with the NSA to bone up on cybersecurity in real-world environments. Additionally, there will be training exercises via a series of challenges with other elite hacker teams in cybersecurity. It seems the academy is ramping up in an attempt to intercept and thwart current and future cyber threats, hopefully before they do damage. Future plans include classes in cryptography, computer forensics, cyber policy and the economics of cyber management.
According to Capt. Steven “Doc” Simon, director of the newly developed Center for Cyber Security Studies, the academy is the only institution of higher learning – military or civilian – to make such training a requirement. It makes sense. After all, these are the next generation of cyber warriors, hopefully defending the United States. Making the training mandatory raises the perceived seriousness of the threat in the minds of the students.
“We find very, very few areas where the Navy and the Marines operate that aren't impacted by cyberspace,” says Simon, who describes the volume of attacks on military and other U.S. government servers as “astronomical.” It seems there are myriads of persistent, prying eyes with an interest in what our military is up to.
Recently, we read about malware being found in military unmanned aerial vehicles (UAV), so this no longer becomes a research exercise: Real threats are hitting real targets, and the military has to deal with it. As these training programs become more seasoned, there will also be a need to deploy military response teams to remediate incidents in the military, along with other collateral functions, like public interface groups to help explain any potential impact to civilians. This is very much a nascent program in a series that may be rolled out in the future to deal with the new cyber domain. But with the speed of cyber threats, it will be none too soon. It will be important to establish some depth and breadth to the approach. This is likely just the start of something that will become a major military effort. When airplanes were first used for combat, they were a small department of the of the U.S. Army. Later, the Army Air Corps emerged, and finally an entire branch of the military was developed. I wouldn't be surprised if we see a cyber branch in the future.
So, let's say your staff doesn't happen to attend the academy. What to do? We see a patchwork of courses springing up at local colleges and universities, as the demand grows. So what will it cost to send your staff through cybersecurity training? It's a bargain compared to the cost of a breach due to a careless mistake. Many of these classes have evening schedules to keep the information accessible after regular working hours, and some have an online component to the training, for even more flexibility.
Ramping your staff up on cybersecurity/cybercrime education makes sense now, and may be required to work with other organizations with which do business in the future. Time to get started.