Academia: Government's Biggest Cyber Security Ally?

"Technology is advancing so rapidly that a student starting a technical degree will by his junior year find that half of what he learned his first year is outdated," reported the New York Times in a recent article, "Is College Worth It? Clearly, New Data Say."

With that in mind, it's easy to understand why colleges and universities are looking to professional organizations for education content, partnerships, and so on. They want to stay as current as possible. Conversely, I don't believe that the federal government has realized the full potential of its relationship with academia and its rising stake in the national cyber security game.

Until recently, academia has not necessarily been at the top of the government's list of collaboration targets, perhaps because universities and K-12 institutions did not bring so much to the table by way of advancing government security programs. After all, agencies need professionals with experience and no longer have the luxury of time to teach "newbies" the complexities of how to defend systems from sophisticated attacks. So, what does a strong partnership with academia now offer to government CIOs and CISOs?

The value of partnering with academia became very clear to me after my organization launched its new Global Academic Program (GAP). The program offers (ISC)² educational content drawn from the certification Common Bodies of Knowledge (CBKs) to accredited colleges and universities around the world that are interested in enhancing cyber-content within their security, computing, IT, or other relevant course offerings. The content can be tailored for both undergraduate and post-graduate requirements. Specific to government, the program helps to equip academic institutions striving to meet the certification requirements of the NSA/DHS Centers of Academic Excellence (CAE) program. Within a month of announcing the program, we had approximately 70 schools contact us about joining.

[Are smart technologies the solution to agency security challenges? See Government Advances Continuous Security Monitoring.]

In order to tackle the government's cyber security challenges, I believe it's critical to introduce security at the academic level, rather than beginning at the early stages of one's career. Bringing cyber security education into schools creates the fundamental building blocks for a successful career in this booming industry that's desperate for new talent. I liken it to another problem we're actively working to combat in the software community by building in security throughout the entire software development lifecycle with the Certified Secure Software Lifecycle Professional (CSSLP) credential. To make tangible improvements, we have to start at the early stages so it becomes a core part of their educational upbringing. In the near future, I hope to see cyber security given the same credence in academic curricula as mathematics or history.

I think we're on the road to progress. Based on the academic community's response to the (ISC)² GAP program (and to others such as the NICE Framework), academia is clearly stepping up its investment in developing cyber leaders of the future and should be considered our next biggest ally in the fight to keep the government's systems secure. As agency security programs come to a halt due to the shortage of skilled cyber security professionals, educational institutions (at all levels) are beginning to offer a way to refuel progress with students who bring a solid foundation in information security-specific education, who have gained experience through internships, mentoring programs, etc., and who are highly motivated to enter the field.

As government leaders increasingly come to terms with the fact that they don't have the answers to the government's cyber challenges, the use of buzzwords such as "collaboration," "information sharing," and "public-private partnerships" will continue to flood the memos and executive orders. While I agree that collaboration with industry is vital to securing our government's cyber-assets and data, I would like to hear the federal CIO, OMB, Congress, and the White House encourage federal information security managers to prioritize their alliance-building efforts with academia. We have an ally in our midst, one that is increasing in strength and focus. It's time for the government to step up its investment in this partnership.

New standards, new security, new architectures. The Cloud First stars are finally aligning for government IT. Read the Cloud Hits Inflection Point issue of InformationWeek Government Tech Digest today.