“We need to envision our ideal cyber future and work toward building it as we want it to be – safe, reliable, and resilient – instead of just expecting to rely on our IT departments “fix” a breach after the fact.”
Francesca Spidalierie is a Fellow for Cyber Leadership at Salve Regina University’s Pell Center for International Relations and Public Policy.
As the leader of the cybersecurity leadership development project, Spidalieri researches education surrounding cybersecurity strategy. Her latest study, “Joint Professional Military Education in an Age of Cyber Threat” found military education programs struggled to prepare future leaders for future cyber threats. An earlier study found the same was true of civilian programs.
Spidalieri spoke to Providence Business News about the changing world of cybersecurity and how schools can educate for coming threats.
PBN: Why is cyber education so important for military educational institutions?
Spidalieri:Cyber education should be central to military educational institutions because future conflicts will inevitably feature a cyber component, and we must be prepared to address that reality or risk grave harm to national security. Cyber-based technologies are vital to US military operations – everything from transmitting secure information via encryption to a drone strike thousands of miles away relies on it – and our adversaries know this. Military leaders must become comfortable with the futures of this cyber realm – both human and technical – and understand the challenges, threats and opportunities presented in cyberspace.
No captain of a ship would say: ‘I don’t know anything about the ocean, but I hired somebody to drive the ship.’ Similarly, future military leaders and government officials who have to navigate a digitized world will need to have strong cybersecurity skills, the ability to make military and policy decisions based on knowledge of cybersecurity risks and potential impacts and the understanding necessary to leverage cyberspace advantage to create effective strategies. This will be the deciding factor for military success and resiliency in the 21st Century.
PBN: How should military and graduate programs go about expanding their cyber education?
Spidalieri:There are numerous ways graduate programs can expand their cyber education, and universities stand poised to serve as incubators of this new cadre of cyber-strategic leaders due to their mission and the tools at their disposal. Universities offer a perfect setting to blend theory and doctrine with methodology, tools, and implementation. They can also optimize their campus-wide resources to devise comprehensive curricula that synthesize technical, policy, sociological and legal components in the study of cyber threats. It is also critical to understand that cyber-strategic leadership is not to the same as, nor does it replace, the specific technical skills required to develop and administer the cyber environment (think your IT department). Rather, cyber leadership encompasses the set of knowledge, skills and attributes essential to future generations of leaders whose physical institutions nevertheless exist and operate in, through and with the digital realm. These individuals need not be expert engineers or programmers, but they must be equipped with a deep understanding of the cyber context in which they operate to harness the right tools, strategies, people and training to respond to a dynamic and rapidly-developing array of threats.
PBN: Are there effective programs schools can look to as a model for cyber education?
Spidalieri:Absolutely. Salve Regina University, for example, has pioneered a new cybersecurity and intelligence concentration for its M.S. in Administration of Justice and Homeland Security. The program combines traditional criminal justice courses with specialty courses, such as information technology, high-tech crimes, cyber threat analysis, cyber intelligence and so forth. The program focuses on innovative leadership and the conceptual aspects of what steps need to be taken so that managers can lead and interact in a technological environment and bridge the gap between management and technicians.
Another example is the U.S. Naval War College , which has integrated cyber education across the full spectrum of its academic programs. All core courses include at least one lecture on the information environment and specific cyber issues, and a set of dedicated electives offer a comprehensive analysis of the underpinnings of the digital battlespace, the technical, social and institutional structure of the Internet, its key players, major risks and emerging trends, the national and international responses to cyber threats and the role of information integration in the planning and execution of national and military strategy. NWC also organizes cyber-focused events and war gaming exercises on a regular basis, which often integrate cyberspace with traditional military operations.
PBN: It seems as though hackers and cyber threats get more sophisticated with every attack. Can schools stay ahead of the changing threats?
Spidalieri:The cyber-education programs I have been researching and writing about are one way to stay ahead of the changing threats, but of course getting there will pose many challenges. Some computer science, digital forensics and engineering programs around the country are doing their best to stay ahead of the latest cyber threats and train technical experts to prevent and mitigate cyber intrusions. As I have been stressing in my research, however, cybersecurity cannot be achieved through mere technical prowess and a mastery of programming. That is an illusion. One of the best ways to combat cyber threats is to implement cyber leadership development across the whole range of academic fields. Non-technical programs have only recently begun to integrate some aspects of cyber educations into their curricula, and there’s still a long way to go. Integrating a cyber component in all fields of study has its challenges, including competing resources and topics, limited faculty slots, a dynamic and evolving cyber curriculum and lack of a common language regarding cybersecurity.
PBN: How do you see the landscape of cyber threats and security evolving in the next decade?
Spidalieri:There can be no question that cyber threats and cybersecurity will evolve dramatically in the next decade. We are only at the beginning stages of this new era, and more change is inevitable. Social networks that did not exist just a few years ago now hold the attention of millions, storing ever-increasing quantities of information every day. And this does not even include Moore’s law that processing power doubles every two years, which means that computers will be 100 times faster in 2023 than they are today. Although some may argue these developments cannot continue forever, it is simply fact that cyber-technologies will become embedded in more and more of our activities. Likewise, our businesses and military will become more and more interconnected and technology-dependent. In short, cyber threats will continue to grow in scope and sophistication as more people and institutions become reliant on these technologies. Unless these threats are properly understood and mitigated, they have the potential to undo much of the economic, social, and military gains that cyberspace has enabled. Ultimately, these threats can touch – if not harm – every institution in American society. That is a worrying prospect.
We need to envision our ideal cyber future and work toward building it as we want it to be – safe, reliable, and resilient – instead of just expecting to rely on our IT departments “fix” a breach after the fact.