Virginia’s path to shine in cybersecurity: The Commonwealth Cyber Initiative (CyberX)
Virginia’s efforts to grow its cybersecurity sector and cyber workforce received a major boost recently. Virginia’s budget includes $25 million to establish the Commonwealth Cyber Initiative (CyberX).
This initiative is the culmination of years of discussion in Richmond and throughout Virginia on how to make our state a true leader in cybersecurity. In a nutshell, CyberX will bring Virginia’s public universities and colleges together with the private sector to create a consortium that will (1) work together to develop innovative strategies, (2) conduct cybersecurity research and development, and (3) help train future cyber leaders.
The inclusion of commercialized cybersecurity research and development (R&D) under a single umbrella organization will be an important building block in the effort to grow the cybersecurity sector in the commonwealth. Such a collaborative approach to R&D was endorsed a few years ago by the Virginia Cybersecurity Commission, which had as one of its objectives to “identify ways in which the public and private sectors can work together to bolster Virginia’s cybersecurity industry so we can expand Virginia’s economic footprint in cyber technology…”
A public-private effort to pursue collaborative, commercially viable cybersecurity R&D was also evaluated and endorsed in 2015 by the General Assembly’s Joint Commission on Technology and Science (JCOTS) under the leadership of Del. Glenn Davis and then-Chairman Tom Rust.
Even more recently, a February Roanoke Times editorial highlighted a state report on Virginia’s research assets, which identified cybersecurity as one of four areas of “strategic growth opportunities that best align research and industry innovation strengths with growing market opportunities for Virginia.” This report noted that research funding in Virginia has actually been declining, and it concluded that Virginia needs more private industry research, as well as closer connections between its state universities and its business community.
But while there was clearly strong political and intellectual consensus in support of this objective, it was still conceptual. It needed some sort of framework to be established and money had to be found to support it up front. Fortunately, both of these issues were addressed during this year’s budget process, when the CyberX proposal, originally put forward by House Appropriations Committee Chairman Chris Jones, was included in the final budget bill signed on June 7 by the governor.
The budget specifies that the Commonwealth Cyber Initiative will “serve as an engine for research, innovation, and commercialization of cybersecurity technologies.” This is also consistent with the goals of the state’s GO Virginia economic development initiative, which seeks to “create more high-paying jobs through incentivized collaboration between business, education, and government.”
The many cybersecurity companies that already have a presence in Virginia have rich expertise and development capabilities. This is a wonderful opportunity for them to partner with members of Virginia’s higher education community, with their vast research capabilities, without having to reinvent the wheel every time they want to work together. Further, while this consortium will be located in Northern Virginia, public colleges and universities statewide will have the opportunity to participate in this effort. As specified in the budget, there will be “a primary Hub, located in Northern Virginia, and a network of Spokes across the Commonwealth with collaborating public institutions of higher education in Virginia and industry partners to build an ecosystem of cyber-related research, education, and engagement that positions the Commonwealth as a world leader of cybersecurity.”
Make no mistake — the private sector is going to have to step up to be a full partner in this collaboration. While the educational leadership of the consortium has been tasked with quickly developing “a blueprint for the development and operation of the Commonwealth Cyber Initiative,” it will be important for cybersecurity companies in Virginia to support its activities by contributing ideas, technical support and matching funding where appropriate for the R&D they stand to benefit from.
The Commonwealth Cyber Initiative also will help address the statewide cyber workforce shortage. It has been estimated that there are as many as 36,000 unfilled cybersecurity positions in Virginia, and the private sector is finding itself competing not only among themselves but also with the federal government for the limited pool of workers holding the proper credentials. We need to increase the pool of qualified individuals in order to meet the private and public sectors’ needs, and CyberX will give particular focus to enlarging the pool of graduates with advanced and professional cybersecurity degrees.
As I said, there are a lot of details still to be figured out and considerable work remains to be done to get this project going. But with the outlines and funding now provided, I am confident that Virginia will one day look back on this year as a real turning point, as the year the commonwealth began to finally realize its true potential to really lead the way and shine in cybersecurity.