As part of the recently signed National Defense Authorization Act (NDAA) for fiscal year 2023 (FY23), the Pentagon will establish a digital academy to close the cybersecurity skills gap in the United States military. The newly minted DoD Cyber and Digital Service Academy will provide scholarships to university students in exchange for five years of service in a civilian position focused on digital technology and cyber at the Pentagon.
Under the program, the DoD will also promote cyber and digital service training in higher education by providing free tuition, books, laboratory expenses and other school fees, Federal News Network first reported. Participants in the program will receive financial assistance for completing their internships while earning their degrees.
However, those failing to complete the required service commitments will be required to reimburse the government.
The NDAA, which was signed into law on December 23, allocated nearly $817 billion to the DoD, and $30.3 billion for national security programs within the Department of Energy (DOE) and the Defense Nuclear Facilities Safety Board (DNFSB), as well as $378 million for other defense-related activities.
Addressing a Cybersecurity Worker Shortage
The Pentagon’s efforts could be crucial in addressing the shortfall in cybersecurity workers – while also ensuring that talent doesn’t continue to leave these government agencies for greener pastures in the private sector.
“A cybersecurity workforce shortage threatens the most foundational functions of the profession, such risk assessment, critical systems patching, updating of security solutions,” said Morten Gammelgard, executive vice president at cybersecurity firm BullWall.
“This puts an organization at a ‘moderate,’ ‘high,’ or ‘extreme’ risk of cyberattacks,” Gammelgard told ClearanceJobs. “If these basic areas are exposed or neglected due to staff shortages an insecure status will be the outcome and you can forget about the vast amounts and time that have been invested in security as it will no longer help or prevent intrusion and the ‘past breach’ scenario will rear its ugly and costly head.”
As global cybercrime now costs $600 billion annually, the need for cybersecurity professionals continues to outpace supply.
“The number of unfilled cybersecurity jobs worldwide grew at twice the pace of new hires. This shortage needs to be addressed urgently and it is welcome news that the Department of Defense is getting involved in addressing this critical shortage,” added Gammelgard. “It is needed to shore up the defenses of our Critical Infrastructure, Healthcare, and many other industries.”
Change of Approach
The Cyber and Digital Service Academy is a notable shift for the DoD in how it will seek and retain talent – and it could be seen to be taking a cue from both U.S. allies and adversaries.
“China, North Korea, Russia, and Israel have been running state-sponsored programs to be proactive in building the next generation of cyber talent, (yet) the U.S. had always taken a rather private sector approach to finding talent,” explained Brad Hong, cybersecurity lead at security provider Horizon3.ai.
“Cyber talent is hard to find and good cyber talent is expensive,” added Timothy Morris, chief security advisor at cybersecurity management firm Tanium. “The pay gap between private and public sector jobs is large. Higher staff turnover rates are happening as many leave the public sphere for more lucrative private sector jobs.”
One way to begin tackling the problem is to become more diverse in recruiting tactics. That could include incentivizing and training the next generation.
“That appears to be the approach here,” said Morris. “Many with no experience join the military to gain that experience and life skills. This will provide a similar path for those that want to pursue careers in cyber.”
Closing the Skills Cyber Gap at the Pentagon
It could also ensure that the DoD has the right people and that those individuals have the right skills.
“While the talent pool of qualified cybersecurity operators is vast in the U.S. private sector, the creation of a Digital Academy with a focus in expanding the workforce for the U.S. government affords the country the opportunity to close the skills gap not only within the U.S. military but also to other nation-states,” Hong told ClearanceJobs.
This should be seen as an important addition to the public programs the DoD offers, a testament to the newly realized attitude that cyber security is a pillar in and of itself, not just a subcategory of information technology.
“As talent in infosec is bred through experience,” said Hong, “providing incentives to bring in new talent early in their careers helps reintroduce and invest special talent into the good of the U.S. cyber security stack.”
Addressing the cyber Threats
The other noteworthy take away from this news is that the cyber domain is now being seen as critical to the national defense as others – and that cyber warriors are as crucial as other American warfighters.
“Many threat actors are sophisticated, highly organized, and well-funded,” warned Kevin Hanes, CEO of cybersecurity firm Cybrary. “They’re weaponizing the same technologies. As a result, their threats are constantly evolving to be more effective and more evasive, and moreover, by constantly changing minor aspects and elements of their existing arsenal of attacks, they often successfully evade detection tools.”
Cybersecurity skillsets are also constantly evolving – and cybersecurity professionals need to continually inform themselves of and prepare themselves to fight emerging threats.
“The news that the DoD is establishing a digital academy to help close the U.S. cybersecurity skills gap and talent shortage is welcome,” Hanes told ClearanceJobs. “It would be wise to tap into the organizations that have helped continually upskill today’s top cybersecurity professionals and are willing to assist in this important initiative.”