As the world grows evermore dependent on information technology, cyber threats have the potential to touch, if not harm, every institution in American society. The nature of the cyber threat is so strategic, pervasive and precise as to warrant attention by leaders in government, military and business, as well as the general public.
“Leadership in a Cyber Age” is an initiative intended to help prepare America’s institutional leaders for the complexities of operating in an era of cyber threat. Ongoing research seeks to identify and investigate key issues in leadership development across society, and to recommend improvements so that the United States, as a society, is prepared for the threats of the modern world.
Cyber Leadership Reports
Sustainable and Secure Development: A Framework for Resilient Connected Societies
The Inter-American Development Bank (IDB) and the Organization of American States (OAS) published a first-of-its-kind report on cyber preparedness in Latin America and the Caribbean (LAC) with the collaboration of Senior Fellow for Cybersecurity Leadership Francesca Spidalieri. The “2016 Cybersecurity Report: Are we ready in Latin America and the Caribbean?” called on countries in the LAC region to step up their efforts on cybersecurity or face “potentially devastating” cyber attacks. Francesca contributed a chapter entitled “Sustainable and Secure Development: A Framework for Resilient Connected Societies,” which addresses the importance for digital development strategies in Latin America and the Caribbean to be both sustainable (environmentally, economically, socially, and politically) and secure in order to truly benefit from increased connectivity and realize the full potential of the Internet economy. The chapter also discusses how the Cyber Readiness Index 2.0 methodology can help inform a country’s understanding of its Internet-infrastructure entanglement and resulting vulnerabilities, and provide a roadmap to preserve the security of their connectivity and protect the value of their economy.“
Cyber Readiness Index 2.0
The “Cyber Readiness Index 2.0, A Plan for Cyber Readiness: A Baseline and an Index,” published by the Potomac Institute for Policy Studies (PIPS), examines 125 countries and evaluates their maturity and commitment to securing their cyber infrastructure and services. The methodology includes over 70 unique data indicators across seven essential elements: national strategy, incident response, e-crime and law enforcement, information sharing, investments in research and development, diplomacy and trade, and defense and crisis response. By applying this actionable blueprint, countries can better understand their Internet-infrastructure dependencies and vulnerabilities and assess their preparedness to cyber risks.
State of the States on Cybersecurity
Eight U.S. states are leading the rest in cybersecurity readiness. In “State of the States on Cybersecurity,” Senior Fellow Francesca Spidalieri reviews the efforts of state governments in California, Maryland, Michigan, New Jersey, New York, Texas, Virginia, and Washington. These states provide a collective overview of sound approaches to “protect infrastructure, information, and operations.”
The study highlights effective mechanisms and creative solutions that state governments and their leaders have devised to take advantage of existing assets, to better protect critical infrastructure, to promote information sharing, to grow their cybersecurity industry, and to attract qualified talent to their states.
It is important that cybersecurity measures are enforced at the state-level to protect citizens and reduce cyber risks. Maintaining the most recent security products, tools, and plans is just as important as educating users in the proper practices to reduce their cyber risks. The initiatives exemplified throughout this new report provide models for other states and jurisdictions to follow and offer a useful set of effective mechanisms and activities at the state-level to put recommended action into practice.
One Leader at a Time
Author: Francesca Spidalieri
America’s colleges and universities are failing to prepare the next generation of leaders for responsibility in an age of cyber threat. In “One Leader at a Time: The Failure to Educate Future Leaders for an Age of Persistent Cyber Threat,” Pell Center fellow Francesca Spidalieri details the failing of America’s most prestigious graduate programs to prepare their graduates – and ultimately the nation – for leadership of critical institutions.
Cyber threats have the potential to undo all the economic, social and military advances that cyberspace has enabled. Ultimately, these threats can touch, if not harm, every institution in American society – from the U.S. government to banks and hospitals, universities, corporations and more. It is no wonder, then, that President Barack Obama referred to cybersecurity as “one of the most serious economic and national security challenges we face.”
Yet the training of America’s next generation of leaders has, on balance, remained remarkably disconnected from the challenges of this century. In researching “One at a Time,” Spidalieri surveyed 70 top-ranked master’s-level programs in business, law, public affairs, public policy, international relations, criminal justice and health care management. Not one of the programs reviewed – not one – includes any aspect of cybersecurity among their core requirements. In fact, of the 70 elite programs surveyed, only 10 clustered among five universities scored 3.0 or higher on a four-point scale to assess the exposure their students receive to cybersecurity issues.
Joint Professional Military Education Institutions in an Age of Cyber Threat
Author: Francesca Spidalieri
America’s military graduate programs are struggling to integrate cyber education within their curricula and to reorient their academic objectives and outcomes to prepare senior military officers to lead in the cyber age. In “Joint Professional Military Education Institutions in an Age of Cyber Threat,” Pell Center fellow Francesca Spidalieri surveys efforts by senior military institutions in the United States to educate their graduates – and ultimately the nation – for the strategic and operational challenges of our time. This study follows the report “One Leader at a Time: The Failure to Educate Future Leaders for an Age of Persistent Cyber Threat,” which detailed the failing of America’s most prestigious civilian graduate programs to prepare graduates to lead in an era of persistent cyber threat.
In this report, Spidalieri surveyed the six military graduate programs that offer joint professional military education and that traditionally develop strategic and operational leaders for the U.S. military. The results provide an overview of current efforts by these institutions to include information technology and cyber security into their curricula. To date, most of the programs reviewed for this study have neither fully integrated cyber into their existing core curricula nor aligned their programs with the strategic goals of the nation’s cyber defense strategy.
The report – drafted after four months of extensive research and interviews – illustrates the current state of affairs of senior military graduate programs to further the assimilation of cyber into the operational arena for each physical domain. The fundamental question was whether these programs included courses, occasional conferences, war gaming exercises or other forms of training for their officers to be exposed to cybersecurity issues and gain the knowledge necessary to integrate cyber capabilities and information activities with other U.S. government actions.
The report finds that much remains to be done. Although the report praises the increased effort by military graduate programs to develop new content for cyber education – especially in comparison to the much slower or nonexistent progress in American civilian universities – a preparation gap still persists. In brief, there remains a significant imbalance between the evident need to educate all military leaders about the complexities of cyberspace and the marginal role that cyber education still plays in some of the JPME institutions evaluated. The different level of exposure to cyber education and training seems more striking when comparing some of these graduate programs that should, at least in theory, offer similar joint professional military education curricula.
Despite the growing need for cybersecurity skills and a knowledgeable and experienced cyber workforce, the field is highly fragmented with no clear path set for those who want to pursue the cybersecurity profession. In “Professionalizing Cybersecurity: A Path to Universal Standards and Status,” Pell Center fellow Francesca Spidalieri and Lt. Col. Sean Kern propose an alternative to the current, ad hoc, decentralized approach to cybersecurity workforce development. They chart a path to professionalizing the field and call for the creation of a professional association dedicated entirely to cybersecurity. A nationally recognized independent professional association would serve as a clearinghouse for the cybersecurity profession and a focal point for education, training, communication, participation, facilitation, support and negotiation within the cybersecurity workforce. Additional member professional associations could then act as representatives of each cybersecurity specialty, similar to how the American Medical Association has a professional association for each medical specialty.
Achieving cybersecurity is far more than a technical problem: it is fundamentally a people problem. And since cybersecurity is a people problem, there must be a people solution. This requires developing an overarching organizational framework to develop, manage and oversee the training, education, certification and continuous professional development of a qualified cybersecurity workforce along a career continuum, and to guide leaders across society in harnessing the right people with the right knowledge, skills, and abilities to the right challenges in a rapidly evolving environment.
The study follows previous reports on cybersecurity education in non-technical fields, which detailed the failing of America’s most prestigious civilian and military graduate programs to educate their students – and ultimately the nation – for an era of persistent cyber threat.
Cybersecurity Workforce Handbook
The Council on Cybersecurity Council published the Cybersecurity Workforce Handbook: A Practical Guide to Managing Your Workforce in collaboration with Senior Fellow for Cybersecurity Leadership Francesca Spidalieri. The handbook is designed to be a ready reference for executives, hiring managers‒often in information technology (IT) and security functions‒and human resources (HR) professionals charged with managing the planning, sourcing, hiring, training, development, career progression, and sustainment of the cybersecurity workforce.