The appearance of U.S. Department of Defense (DoD) visual information does not imply or constitute DoD endorsement.
There’s very little question that cyber is the next frontier in modern warfare.
In a world that is increasingly run by networked computer systems, the number of potential attack vectors is virtually unknowable.
Cybersecurity teams expect attacks on power grids, water treatment plants, and other critical infrastructure, and mount their defenses accordingly. But penetration points that aren’t so obvious can also present major vulnerabilities. Everyone jokes about IoT-enabled refrigerators, but we’re fast approaching the day that everyone owns one. Not long after that will come a day when an advanced adversary, foreign or domestic, puts a virus in the wild designed to shut them all down, spoiling insulin stocks and thousands of tons of food, potentially wreaking havoc across the country.
The military works around the clock to harden our defenses against the attacks everyone knows are coming, and the ones that most of us would never think to expect. With threats bigger and broader than the military can face alone, the National Security Agency (NSA) and Department of Homeland Security (DHS) are also involved.
Every federal department, inter-agency team, and private sector organization responsible for cyber defense is faced with the reality that there are just far too few people qualified for the job right now. Another challenge lies in the fact that even those who have the qualifications don’t all have the same training and don’t all speak the same language.
That’s where the National Centers of Academic Excellence in Cybersecurity (NCAE-C) program comes in.
Jointly run by DHS and the NSA, NCAE-C pulls in domain experts from both military and industry, working with colleges and universities to develop cutting-edge cyber defense degree programs.
The NCAE-C Program Has Evolved Over More Than 20 Years to Meet the Needs of Government and Industry
NCAE-C was created in 1999 as the Center of Academic Excellence in Information Assurance Education (CAE-IAE). As the intelligence community began running up against a shortage of adequately trained cybersecurity experts, the original goal was to help develop information security curriculum and promote general cybersecurity knowledge and skills through the university system.
Over time, the focus expanded to increasing the level of specialized cybersecurity expertise, and along with that, expanding the pool of properly educated and fully vetted professionals available for both government and private sector cybersecurity teams to recruit from.
From seven schools originally partnered under the program in 1999, it has grown to include more than 300 participating institutions today.
Backed by DHS and NSA, NCAE-C Designations are Reserved for an Elite Class of Universities
The National Centers of Academic Excellence program is a partnership. Although it is sponsored by DHS and NSA, and managed by the NSA’s National Cryptologic School, other participating agencies include:
- Cybersecurity and Infrastructure Security Agency (CISA)
- Federal Bureau of Investigation (FBI)
- National Institute of Standards and Technology (NIST)
- National Science Foundation (NSF)
- Department of Defense Office of the Chief Information Officers (DoD-CIO)
- United States Cyber Command (USCYBERCOM)
USCYBERCOM, of course, is itself a joint command comprising units from the Navy’s 10th Fleet, 9th Army Signal Command, the 16th Air Force, and the Marine Corps Cyberspace Command. It’s already headed by the director of the NSA, which means there are plenty of close ties between the CAE program and the best minds in military cybersecurity.
The NCAE-C program and the participating universities that comprise the Centers of Academic Excellence in Cybersecurity (CEA-C) Community are a big benefit to both the military and to civilian agencies and private companies with cybersecurity concerns.
The primary objective of NCAE-C is to create a solid educational foundation that provides cybersecurity experts and new recruits with the knowledge and skills for cyber warfare. To this end, the program:
- Creates common standards for cybersecurity curriculum and assessment across partner schools
- Offers competency development for both students and faculty
- Incorporates community input and leadership for professional development
- Builds cybersecurity best practices into institutions across a range of academic disciplines
- Pursues active solutions to challenges in cybersecurity education
Colleges and universities that hold a CAE designation earn the right to apply for federal grants and scholarship funding for students. And, of course, students who have attended one of these institutions come out the other side with the NCAE-C stamp of approval. This gives public and private sector employers absolute confidence that these graduates have the best training in the business and can hit the ground running on day one.
Cyberwarfare Works Hand-in-Hand With Kinetic Action
ISIS was the specter that emerged to threaten the world after the dregs of Al Qaida were tracked down, eliminated, or sent into deep and ineffective hiding spots around the world.
Threatening Syria and Iraq, ISIS took some of the same pages out of the Al Qaida playbook: inciting violence by radicalizing followers around the world over the internet. But ISIS went big — they started taking territory in Syria and Iraq to form a new caliphate in the region.
Most Americans got a dose of Operation Inherent Resolve on the nightly news, the mission that sent troops into Syria and Iraq to help respond and control the terrorists. But fewer have heard of Operation Glowing Symphony, the cyber-attack that locked many ISIS leaders out of their own accounts and disrupted communications and propaganda operations worldwide.
Glowing Symphony was never publicized. USCYBERCOM and the NSA worked together for months to identify the targets, infiltrate systems, and develop attack protocols. On the evening of the attack, they had isolated 10 nodes that had to be taken out to bring it all down.
Within an hour, the networks had collapsed. And the global presence ISIS had established through the internet faded alongside their on-the-ground combat power.
Schools That are Part of the CAE-C Community are Military-Supportive by Nature
As a veteran, or even an active-duty service member, picking a school that is part of the Centers of Academic Excellence in Cybersecurity (CAE-C) Community can be a sure way to get the kind of military-grade cyber defense training you’ll need when applying for high-level cybersecurity jobs in government or industry
Considering the big three-letter federal agencies that administer the NCAE-C program, you can expect that the colleges allowed to participate have a history of supporting the education needs of service members and veterans. That means you can expect them to offer all the services and benefits that vets and active duty service members should already be looking for:
- Generous credit transfer policies, offering college credits for the military training and experience you already have
- Providing dedicated academic counseling and advising services for veterans and service members
- Offering priority admissions for vets and service members
And, of course, you can be certain they accept the GI Bill® and know exactly how to ensure you get the most from the education benefits you’ve earned. These schools are also more likely to participate in programs like Yellow Ribbon, which offers additional funding beyond GI Bill® limits to cover the cost of more expensive private universities. As well as programs like VET TEC, which can offer another year of college benefits for vets going into high-tech fields.
Understanding the Different Roles NCAE-C Colleges Take on, and What that Means for Students
Universities that have joined the CAE-Cybersecurity Community have three distinct roles to play, identified by three separate NCAE-C designations. Still, it’s entirely possible for a school to earn more than one designation, and even all three.
In every case, NCAE-C validates that individual programs meet cybersecurity curriculum standards and that the school meets cyberdefense protocol requirements. Regardless of the designated role, recertification is required every three years, ensuring every school stays up-to-date.
Center of Academic Excellence-Cyber Defense (CAE-CD)
Cyber defense is the part of the NCAE-C program that builds basic, ground-level knowledge and best practices for cybersecurity. One of the big advantages of attending a school with one of the NCAE-C designations is the guarantee that it meets the curriculum standards set by the DHS, NSA, and other federal agency sponsors. Participating schools offer either two or four-year degrees, or even certificate programs. In all cases, the programs must meet CAE-CD standards with:
- Multidisciplinary cyberdefense efforts
- Proper cyberdefense practices at the institutional level
- A curriculum mapped to the CAE-CD core knowledge unit requirements
For veteran students who served in a cyber command, CAE-CD designated schools will offer a familiar curriculum that also meets the standards of other government and private industry cyberdefense teams.
Center of Academic Excellence-Cyber Research (CAE-R)
Research-designated institutions are the backstop to both operations and defense in cybersecurity. They are intended to break new ground and develop the body of knowledge that cybersecurity experts in every field can count on.
Requirements for the CAE-R designation include:
- Being nationally recognized as a research institution (via the Carnegie classification system or similar rating)
- Hosting at least one doctoral program with a research focus in cybersecurity
- Having faculty currently engaged in cybersecurity research
- Publishing peer-reviewed cybersecurity-focused papers or other research products
- Offering competitive external research funding for cybersecurity
- Engaging students in active cybersecurity research
- Providing institutional support and faculty involvement in cybersecurity research
For veteran students, CAE-R schools offer a shot at participating in hands-on research into the most advanced areas of cybersecurity.
Center of Academic Excellence-Cyber Operations (CAE-CO)
Cyber Operations status is only open to four-year colleges and graduate-level universities. CAE-CO designated institutions are the most elite of the Centers of Academic Excellence. Only 22 schools have earned the designation nationwide. Many also hold CAE-CD and CAE-R status.
The CAE-CO designation requires meeting a comprehensive 10-point set of qualifications:
- Must offer two specializations and cover required knowledge unit content
- Cyber operations must be expressly offered as a focus or degree
- Cyber operations must be treated as a fully interdisciplinary science
- Frequent curriculum updates to keep courses up-to-date
- Faculty must be involved in cyber operations-related research
- Students must have the opportunity to work on cyber operations research
- Students must be able to participate in local, national, or regional cyber exercises or outreach programs
- At least two faculty members must be actively teaching cyber courses
- The program must be accredited through an in-person curriculum review process
- The school must graduate at least five master of science or one doctoral student from the program in a five-year period
For veteran students, CAE-CO designated schools offer degrees outside the cybersecurity field that are still aligned with cybersecurity concepts and operational roles.
The list of institutions in the CAE-C Community includes military schools like AFIT (the Air Force Institute of Technology), NPS (the Naval Postgraduate School), and the U.S. Naval Academy and Air Force Academy.
The CAE-Cybersecurity Community Name Carries Clout, But It’s the Academics that Really Count
The NCAE-C program puts together standardized requirements for different kinds of training, and every participating school must meet the same objective criteria.
Those criteria are known as Knowledge Units. Though NCAE-C curriculum requirements are standardized, they’re not rigid. This means students can expect to come away with a common set of critical skills and knowledge, while the schools offering these programs still have the flexibility to incorporate additional knowledge units as a way to branch out into any number of specialized areas of cybersecurity.
There are three foundational knowledge units every Center of Academic Excellence-Cyber Defense (CAE-CD) program must cover:
- Cybersecurity Foundations
- Cybersecurity Principles
- IT Systems Components
These lay down the basic understanding of cyber systems and practices necessary before moving on to more advanced training.
From there, CAE-CD programs branch out into technical and non-technical core knowledge units:
Technical Core Knowledge Units
- Basic Cryptography
- Basic Networking
- Basic Scripting and Programming
- Network Defense
- Operation Systems Concepts
Non-technical Core Knowledge Units
- Cyber Threats
- Cybersecurity Planning and Management
- Policy, Legal, Ethics, and Compliance
- Security Program Management
- Security Risk Analysis
These knowledge unit categories can serve as tracks or concentrations in the degree program that prepare graduates for career paths in either management or technical cyber defenses.
But the real flexibility comes in what are known as optional knowledge units. These cover everything from Advanced Algorithms to Embedded Systems to Wireless Sensor Networks. Schools have the freedom to choose the optional knowledge units they want to offer as electives.
A complete list of available CAE-CD knowledge units can be found here.
Students going through any CAE-CD program come out on the other side well-versed in the same concepts and familiar with the same vocabulary that the world’s most elite cyber defense teams use.
Research Institutions Break New Ground in Cybersecurity Knowledge
There are only 77 Center of Academic Excellence-Research (CAE-R) institutions in the country, most of which also hold the CAE-CD designation, which means you can count on most of the same academic benefits.
What you get at CAE-R schools is the addition of:
- Strong and relevant cyber defense research programs
- Additional funding and scholarship options
- The assurance that students are actively involved with research projects
- Doctoral-level programs
This leads to an environment where the most cutting-edge exploration of new tools and techniques are taking place.
Cybersecurity Operations Put Boots on the Ground in the Virtual World
Center of Academic Excellence-Cyber Operations (CAE-CO) designated schools have an additional focus on actual technologies and techniques being used in active cyberwarfare and defensive deployments today. Recognizing the blurry line between cyberdefense and the core technology community of coders, designers, and engineers, this category allows schools to incorporate approved cyberdefense training into the curriculum of degree programs that aren’t normally focused on cybersecurity.
For that reason, CAE-CO institutions have a different set of knowledge units and academic standards than CAE-CD schools. That’s because CO programs are intended to dovetail into other kinds of technology degrees, like computer science or electrical engineering. This ties critical design and build expertise in with cybersecurity knowledge and training.
The mandatory CAE-CO knowledge units are:
- Low Level Programming Languages
- Software Reverse Engineering
- Operating System Theory
- Networking
- Cellular and Mobile Technologies
- Discrete Math and Algorithms
- Overview of Cyber Defense
- Security Fundamental Principles
- Vulnerabilities
- Legal and Ethics
These fit in with the kind of cyberdefense training that programmers, hardware designers, and software architects should have. They are also joined by 17 optional KUs covering areas like computer forensics and industrial control systems, which allows for some customization that fits in with the primary path of the degree.
The full list of KUs offered through CAE-CO can be found here.
If the school holds both CAE-CO and CAE-CD designations, of course, programs will conform to whichever standard applies to that particular degree.
There’s No Such Thing as Investing Too Much in Cyberdefense
In the early part of the 20th century, there was another emerging technology that was destined to change the face of warfare. Every service dabbled in it. There were disagreements over how much of an impact it would have, and who should be responsible for managing it. No one was quite sure what it would mean, but it was clear it would be big. Airpower.
But inter-service squabbles delayed development and continued through two world wars and beyond before it all got worked out and the American military became the undisputed world leader in airpower.
Cyberwarfare is even more complex today than airpower was then. For one thing, it’s far from restricted to only the military—the home front is the front line. Civilian security and law enforcement agencies have just as much at stake. In some cases, they have more direct experience than any government agency.
But the defense establishment isn’t making the same mistakes they did with airpower.
What it Means to Attend a Military-Supportive School That’s Part of the CAE-Cybersecurity Community
Attending a school that holds an NCAE-C designation has clear benefits when it comes to pursuing a cybersecurity career. It also offers lots of other advantages long before you graduate.
Both USCYBERCOM and NCAE-C designated schools work with the same NSA/DHS curriculum. If you are coming from any kind of military cyber role, it’s a good bet that a lot of what you studied in the service is directly aligned with those curriculum requirements.
That makes earning a degree that much easier. It also means that these schools are likely to allow you to transfer in credits for your military training courses.
Of course, you also get the benefits of access to the latest research and government data on threats and techniques. And as part of the CAE-C Community, you’ll have unmatched opportunities for networking and personal development through national competitions, forums, and community resources.
Being associated with one of these elite schools works in the other direction too. Government agencies responsible for cybersecurity, particularly those already partnered with NCAE-C, actively recruit veteran graduates of CAE-C Community member schools.
Whether you have a military cybersecurity background that already exposed you to the concepts these degrees build on, or are using your military education benefits to break into the field, one thing is certain: The integrity, focus, and determination you developed as a service member makes you well prepared to stand ground as a cyber defender in any organization.