Opinion: Training the next generation of cyber experts

In March, the Biden administration issued a nationwide warning about the rise in foreign cyberattacks targeting drinking water and wastewater systems. In a letter to state governors, the Environmental Protection Agency and National Security Agency raised the alarm about a series of cyberattacks perpetrated by foreign state actors in China and Iran. In one attack, hackers affiliated with the Iranian government’s Islamic Revolutionary Guard Corps disabled technology used at U.S. water facilities. In another, a Chinese state-sponsored group targeted critical infrastructure systems, which included drinking water systems, in multiple U.S. locations.

These incidents highlight the growing need to strengthen our cybersecurity defenses and safeguard our infrastructure systems. But we cannot do that without expanding and improving our government’s cybersecurity workforce. 

Unfortunately, our efforts are currently falling short. Across the country, too few cybersecurity professionals are working in federal, state and local governments to adequately address this growing threat.

In 2022, nearly 40,000 public sector cybersecurity positions remained unfilled. And the tech workforce we do have is quickly aging out: roughly half of federal employees in computer science, computer engineering and IT positions are age 50 or older. Less than a quarter are under age 40, and only about 7.5% are under age 30.

We urgently need to attract a new generation of cybersecurity and technology professionals to help keep our water systems and other critical infrastructure safe. But, with an uncertain economy and the burden of crushing student loan debt, young people today are less likely to serve in government than they once were. 

One solution is to provide students interested in cybersecurity and related tech fields with free college in exchange for public service. Through my work on the Senate Armed Services Committee, I established a Cyber Service Academy scholarship program to create a pipeline of cybersecurity workers and bolster national security.

This program offers up to five-year scholarships for community college, college, and advanced degree students pursuing cyber-related degrees in exchange for a service obligation working in federal cyber roles. Selected students are required to work for the Department of Defense or the Intelligence Community for a minimum of one year for each year of scholarship support they receive.

In effect, it works like an ROTC program for cyber – students attend participating schools for free while training for a cyber or tech career in the civil service. Currently, scholarship participants are eligible for roles within the Department of Defense and the Intelligence Community, but I am working to expand the program so students can also obtain cyber-related jobs across the federal government.

My next goal is to create a brick-and-mortar Cyber Academy, much like West Point, the Air Force Academy and the National Academies. But until that day comes, the program is currently being offered at roughly 200 colleges and universities across the country, including 11 institutions in New York. 

I am confident that this program will greatly expand our nation’s cybersecurity workforce and bring more diverse people and perspectives into the field. And I hope it will make cyber-related educations and careers more accessible to everyone, but in particular, for students from underrepresented communities and those with foreign languages abilities.

When the Soviet Union first launched Sputnik in the fall of 1957, President Dwight D. Eisenhower recognized the national security implications of this new technology and the need to invest in the next generation of scientists and engineers.

Now, in an age of cyber threats, we must make the same calculation. The need to invest in our cybersecurity workforce is clear. As long as our state, local and federal cybersecurity workforce remains understaffed and unsupported, the safety and security of countless innocent Americans could be at risk.