As the world grows evermore dependent on information technology, cyber threats have the potential to touch, if not harm, every institution in American society. The nature of the cyber threat is so strategic, pervasive and precise as to warrant attention by leaders in government, military and business, as well as the general public.
“Leadership in a Cyber Age” is an initiative intended to help prepare America’s institutional leaders for the complexities of operating in an era of cyber threat. Ongoing research seeks to identify and investigate key issues in leadership development across society, and to recommend improvements so that the United States, as a society, is prepared for the threats of the modern world.
Cyber Leadership Reports
United States of America Cyber Readiness at a Glance
Pell Center Contributors: Francesca Spidalieri, Jennifer McArdle
“United States Cyber Readiness at a Glance,” is the first of a series of country reports, published by the Potomac Institute for Policy Studies (PIPS), assessing national-level preparedness for cyber risks based on the Cyber Readiness Index (CRI) 2.0 methodology. This first report provides an extensive analysis of the United States’ cyber security-related efforts and capabilities.
The Cyber Readiness Index 2.0 (CRI 2.0) shows that few countries have aligned their digital agenda with their cyber security agenda, and seeks to incentivize this alignment by bringing attention to each country’s Internet-infrastructure dependencies and vulnerabilities, and the national economic erosion caused by cyber insecurity.
The country reports are based on over seventy unique indicators across seven essential elements to discern operationally ready activities and identify areas for improvement in the following categories: national strategy, incident response, e-crime and law enforcement, information sharing, investment in research and development (R&D), diplomacy and trade, and defense and crisis response.
Understanding Cyber Threats: Lessons for the Boardroom
Author: Francesca Spidalieri
Cyber risk is an underrated but all too real threat to organizations of every size, industry, and sector. From the boardroom to the server room, employees and board members must view cybersecurity as an enterprise-wide risk issue and play an active role in the overall security posture of an organization operating in the digital age.
In “Understanding Cyber Threats: Lessons from the Boardroom,” Pell Center Senior Fellow Francesca Spidalieri provides an overview of existing frameworks, toolkits, and other resources that organizations can consult to stay informed about cyber threats, develop and update comprehensive cyber risk management strategies, and learn about some of the best practices and effective mechanisms deployed in the field to combat cyber threats. Core to this study is the notion that senior leaders can no longer treat cybersecurity as an isolated ‘IT problem’ best left to their IT department and must instead integrate cybersecurity front and center into their decision making process in a holistic and comprehensive manner. This requires them to have a deep understanding of the cyber context in which they operate, the ability to make informed decisions based on cyber risk metrics, and the willingness to ask tough questions when necessary.
This study is part of the ongoing Cyber Leadership Project at the Pell Center and follows previous reports that investigate critical issues in cyber leadership development across the United States.
Transforming the Next Generation of Military leaders into Cyber-Strategic Leaders: The Role of Cybersecurity Education in US Service Academies
Chapter authors: Francesca Spidalieri, Jennifer McArdle
The Army Cyber Institute at West Point published the first print edition of The Cyber Defense Review (CDR) with contributions from Pell Center Senior Fellow, Francesca Spidalieri, and Salve Regina University Assistant Professor, Jennifer McArdle. Spidalieri and McArdle co-authored a chapter of the magazine entitled, “Transforming the Next Generation of Military leaders into Cyber-Strategic Leaders: The Role of Cybersecurity Education in US Service Academies,” which addresses the role that U.S. service academies play in developing a pipeline of qualified cyber strategic military leaders.
In this chapter, Spidalieri and McArdle surveyed current efforts by the U.S. Coast Guard Academy, the U.S. Air Force Academy, the U.S. Military Academy, and the U.S. Naval Academy to prepare all future officers for the challenges of operational- and strategic-level cyber threats. The report – drafted after three months of extensive research and interviews – provides an overview of the level of exposure cadets and midshipman receive to cyber issues and to what extent they graduate with an adequate understanding of the cyber challenges facing their respective services. In addition, the report identifies some of the gaps in current curricula and offers preliminary recommendations to include a stronger cybersecurity component into existing programs at U.S. service academies.
This publication follows previous Pell Center reports on cyber leadership development and cyber education, which detailed the failing of America’s most prestigious civilian and military academic programs to educate their students – and ultimately the nation – for an era of persistent cyber threat.
The full article, “Transforming the Next Generation of Military Leaders into Cyber-Strategic Leaders: The role of cybersecurity education in the US service academies,” can be downloaded here.
The Cyber Defense Review magazine can be downloaded here.
Sustainable and Secure Development: A Framework for Resilient Connected Societies
Pell Center Contributors: Francesca Spidalieri, Jennifer McArdle
The Inter-American Development Bank (IDB) and the Organization of American States (OAS) published a first-of-its-kind report on cyber preparedness in Latin America and the Caribbean (LAC) with the collaboration of Senior Fellow for Cybersecurity Leadership Francesca Spidalieri. The “2016 Cybersecurity Report: Are we ready in Latin America and the Caribbean?” called on countries in the LAC region to step up their efforts on cybersecurity or face “potentially devastating” cyber attacks. Francesca contributed a chapter entitled “Sustainable and Secure Development: A Framework for Resilient Connected Societies,” which addresses the importance for digital development strategies in Latin America and the Caribbean to be both sustainable (environmentally, economically, socially, and politically) and secure in order to truly benefit from increased connectivity and realize the full potential of the Internet economy. The chapter also discusses how the Cyber Readiness Index 2.0 methodology can help inform a country’s understanding of its Internet-infrastructure entanglement and resulting vulnerabilities, and provide a roadmap to preserve the security of their connectivity and protect the value of their economy.“
Cyber Readiness Index 2.0
The “Cyber Readiness Index 2.0, A Plan for Cyber Readiness: A Baseline and an Index,” published by the Potomac Institute for Policy Studies (PIPS), examines 125 countries and evaluates their maturity and commitment to securing their cyber infrastructure and services. The methodology includes over 70 unique data indicators across seven essential elements: national strategy, incident response, e-crime and law enforcement, information sharing, investments in research and development, diplomacy and trade, and defense and crisis response. By applying this actionable blueprint, countries can better understand their Internet-infrastructure dependencies and vulnerabilities and assess their preparedness to cyber risks.
State of the States on Cybersecurity
Author: Francesca Spidalieri
Eight U.S. states are leading the rest in cybersecurity readiness. In “State of the States on Cybersecurity,” Senior Fellow Francesca Spidalieri reviews the efforts of state governments in California, Maryland, Michigan, New Jersey, New York, Texas, Virginia, and Washington. These states provide a collective overview of sound approaches to “protect infrastructure, information, and operations.”
The study highlights effective mechanisms and creative solutions that state governments and their leaders have devised to take advantage of existing assets, to better protect critical infrastructure, to promote information sharing, to grow their cybersecurity industry, and to attract qualified talent to their states.
It is important that cybersecurity measures are enforced at the state-level to protect citizens and reduce cyber risks. Maintaining the most recent security products, tools, and plans is just as important as educating users in the proper practices to reduce their cyber risks. The initiatives exemplified throughout this new report provide models for other states and jurisdictions to follow and offer a useful set of effective mechanisms and activities at the state-level to put recommended action into practice.
One Leader at a Time
Author: Francesca Spidalieri
America’s colleges and universities are failing to prepare the next generation of leaders for responsibility in an age of cyber threat. In “One Leader at a Time: The Failure to Educate Future Leaders for an Age of Persistent Cyber Threat,” Pell Center fellow Francesca Spidalieri details the failing of America’s most prestigious graduate programs to prepare their graduates – and ultimately the nation – for leadership of critical institutions.
Cyber threats have the potential to undo all the economic, social and military advances that cyberspace has enabled. Ultimately, these threats can touch, if not harm, every institution in American society – from the U.S. government to banks and hospitals, universities, corporations and more. It is no wonder, then, that President Barack Obama referred to cybersecurity as “one of the most serious economic and national security challenges we face.”
Yet the training of America’s next generation of leaders has, on balance, remained remarkably disconnected from the challenges of this century. In researching “One at a Time,” Spidalieri surveyed 70 top-ranked master’s-level programs in business, law, public affairs, public policy, international relations, criminal justice and health care management. Not one of the programs reviewed – not one – includes any aspect of cybersecurity among their core requirements. In fact, of the 70 elite programs surveyed, only 10 clustered among five universities scored 3.0 or higher on a four-point scale to assess the exposure their students receive to cybersecurity issues.
Joint Professional Military Education Institutions in an Age of Cyber Threat
Author: Francesca Spidalieri
America’s military graduate programs are struggling to integrate cyber education within their curricula and to reorient their academic objectives and outcomes to prepare senior military officers to lead in the cyber age. In “Joint Professional Military Education Institutions in an Age of Cyber Threat,” Pell Center fellow Francesca Spidalieri surveys efforts by senior military institutions in the United States to educate their graduates – and ultimately the nation – for the strategic and operational challenges of our time. This study follows the report “One Leader at a Time: The Failure to Educate Future Leaders for an Age of Persistent Cyber Threat,” which detailed the failing of America’s most prestigious civilian graduate programs to prepare graduates to lead in an era of persistent cyber threat.
In this report, Spidalieri surveyed the six military graduate programs that offer joint professional military education and that traditionally develop strategic and operational leaders for the U.S. military. The results provide an overview of current efforts by these institutions to include information technology and cyber security into their curricula. To date, most of the programs reviewed for this study have neither fully integrated cyber into their existing core curricula nor aligned their programs with the strategic goals of the nation’s cyber defense strategy.
The report – drafted after four months of extensive research and interviews – illustrates the current state of affairs of senior military graduate programs to further the assimilation of cyber into the operational arena for each physical domain. The fundamental question was whether these programs included courses, occasional conferences, war gaming exercises or other forms of training for their officers to be exposed to cybersecurity issues and gain the knowledge necessary to integrate cyber capabilities and information activities with other U.S. government actions.
The report finds that much remains to be done. Although the report praises the increased effort by military graduate programs to develop new content for cyber education – especially in comparison to the much slower or nonexistent progress in American civilian universities – a preparation gap still persists. In brief, there remains a significant imbalance between the evident need to educate all military leaders about the complexities of cyberspace and the marginal role that cyber education still plays in some of the JPME institutions evaluated. The different level of exposure to cyber education and training seems more striking when comparing some of these graduate programs that should, at least in theory, offer similar joint professional military education curricula.
Despite the growing need for cybersecurity skills and a knowledgeable and experienced cyber workforce, the field is highly fragmented with no clear path set for those who want to pursue the cybersecurity profession. In “Professionalizing Cybersecurity: A Path to Universal Standards and Status,” Pell Center fellow Francesca Spidalieri and Lt. Col. Sean Kern propose an alternative to the current, ad hoc, decentralized approach to cybersecurity workforce development. They chart a path to professionalizing the field and call for the creation of a professional association dedicated entirely to cybersecurity. A nationally recognized independent professional association would serve as a clearinghouse for the cybersecurity profession and a focal point for education, training, communication, participation, facilitation, support and negotiation within the cybersecurity workforce. Additional member professional associations could then act as representatives of each cybersecurity specialty, similar to how the American Medical Association has a professional association for each medical specialty.
Achieving cybersecurity is far more than a technical problem: it is fundamentally a people problem. And since cybersecurity is a people problem, there must be a people solution. This requires developing an overarching organizational framework to develop, manage and oversee the training, education, certification and continuous professional development of a qualified cybersecurity workforce along a career continuum, and to guide leaders across society in harnessing the right people with the right knowledge, skills, and abilities to the right challenges in a rapidly evolving environment.
The study follows previous reports on cybersecurity education in non-technical fields, which detailed the failing of America’s most prestigious civilian and military graduate programs to educate their students – and ultimately the nation – for an era of persistent cyber threat.
Cybersecurity Workforce Handbook
The Council on Cybersecurity Council published the Cybersecurity Workforce Handbook: A Practical Guide to Managing Your Workforce in collaboration with Senior Fellow for Cybersecurity Leadership Francesca Spidalieri. The handbook is designed to be a ready reference for executives, hiring managers‒often in information technology (IT) and security functions‒and human resources (HR) professionals charged with managing the planning, sourcing, hiring, training, development, career progression, and sustainment of the cybersecurity workforce.