What is a National Center of Academic Excellence in Cybersecurity?
Written by: University of Tulsa • Dec 8, 2023
Many people are aware that hackers destroy hundreds of thousands of vital digital records every single day, shutter businesses and ruin lives. They may even know that the annual global economic impact of cybercrime adds up to $600 billion. What fewer people realize, however, is just how vulnerable our energy, financial, retail, insurance, health and military infrastructure is to attacks by foreign governments, politically motivated cybercriminals and terrorist organizations.
In 2020, a Russian hacking campaign made headlines for its extreme breadth and depth. Victims of the nine month-long Sunburst hack included not only private organizations but also the Pentagon, U.S. Treasury, Department of Homeland Security and other federal agencies. One year later, a single attack took down the largest fuel pipeline in the United States, driving home the fact that enemies of the state can now use computer networks to disrupt physical infrastructure. The Department of Homeland Security has warned that it’s only “a matter of time before a cybersecurity breach on an airline occurs.” The U.S. intelligence community reports that all four of America’s main global military adversaries – Russia, China, North Korea and Iran – invest in cyberwarfare.
Cyberattacks directed at private entities and government agencies are more common, more sophisticated and more dangerous than ever before. Protecting the U.S. and its citizens against these attacks means ensuring that there is a robust cyber research and innovation industry populated by skilled experts. One long-term federally funded initiative designed to ensure the country has the cybersecurity workforce it needs is the National Centers of Academic Excellence in Cybersecurity (NCAE-C) program. Jointly sponsored by the National Security Administration (NSA) and Department of Homeland Security (DHS), it supports colleges and universities as they train the workforce necessary to meet the increasing demand for cybersecurity professionals and promotes research in cyber defense.
The goal of the NCAE-C program is to ensure that programs equip cybersecurity professionals with the skills and knowledge they need to defend the nation and its assets against existing and emerging forms of cybercrime and cyber espionage. Only some institutions of higher learning qualify for the NCAE-C designation, which the NSA awards only to accredited universities that meet rigorous academic cybercrime and research requirements. Pursuing an M.S. in Cyber Security at a school with a current NCAE-C designation, such as The University of Tulsa (which has been a designated Center of Academic Excellence in Cybersecurity for over 20 years), is a way to ensure you get the best possible graduate education in this important field.
Who created the National Centers of Academic Excellence in Cybersecurity program and why? ¶
The NSA launched the Centers of Academic Excellence in Information Assurance Education program in 1999 with an initial goal of helping universities meet the growing demand for cybersecurity expertise in the workforce. The name of the program changed and the program itself evolved over the years, but the focus has largely remained the same: To develop agile cybersecurity professionals qualified to fight cyber threats to the United States. Its core mission is to “create and manage a collaborative cybersecurity educational program with community colleges, colleges, and universities.”
Today, federal partners of the program include the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Institute of Standards and Technology (NIST), National Initiative on Cybersecurity Education (NICE), the National Science Foundation (NSF), the Department of Defense Office of the Chief Information Officer (DoD-CIO) and U.S. Cyber Command (CYBERCOM). Agency partners work in collaboration with the NSA and DHS to establish and update standards for cybersecurity curricula, competency development and academic excellence in M.S. in Cyber Security certificate and degree programs. They also support university efforts related to professional development in the cybersecurity industry and academic research into cybersecurity challenges.
While the NSA does not provide funding to NCAE-C designated institutions, universities with one or more NCAE-C designations can compete for grants from other participating agencies (e.g., the Department of Defense Cybersecurity Scholarship Program, known as the DoD CySP) or apply for the National Science Foundation Scholarship for Service program.
What are the different NCAE-C designations? ¶
There are three types of designations schools with cybersecurity degree programs can pursue:
- Center of Academic Excellence in Cyber Defense (CAE-CD)
- Center of Academic Excellence in Cyber Research (CAE-R)
- Center of Academic Excellence in Cyber Operations (CAE-CO)
To qualify for one or more CAE designations, institutions must ensure their certificate, undergraduate degree and graduate degree programs are closely aligned with cybersecurity-related knowledge units specific to each designation. When an institution applies to become a designated Center of Academic Excellence in Cybersecurity, cybersecurity and information assurance experts validate eligibility by reviewing program curricula, faculty and industry engagement.
CAE-CD designation ¶
Colleges and universities with the CAE-CD designation provide the nation with a pipeline of qualified cybersecurity professionals capable of reducing threats to national infrastructure. The NSA awards this designation to accredited academic institutions with various cybersecurity programs, including those that offer a part-time cybersecurity master’s, provided they meet stringent academic standards established by the NSA and DHS. Coursework in part-time and full-time CAE-CD-designated programs typically covers data analysis, cryptography, cyber threats and defense, information assurance, information systems security, network security, operating systems, programming, risk management and security design principles. Core courses may also cover cybersecurity policy, ethics and compliance.
Schools applying for the CAE-CD designation can also apply for one or more optional CAE-CD focus area designations, including Cyber Investigation, Data Management and Systems Security, Digital Forensics, Health Care Security, SCADA Security, Secure Cloud Computing and Systems Security Engineering. To qualify for focus area designations, cybersecurity degree programs must include instruction in related competencies.
CAE-CO designation ¶
Higher education institutions with the CAE-CO designation broaden the pool of skilled cybersecurity workers critical to intelligence, military and law enforcement. Programs with this designation tend to be highly technical and grounded in computer science, computer engineering and/or electrical engineering. Students in CAE-CO-designated programs gain hands-on experience via required labs and exercises that emphasize the technologies and techniques related to specialized cybersecurity operations and they graduate ready to take part in specialized cyber operations. At TU, for example, the university’s Cyber Corps center trains students in the science of cyberwarfare, preparing them for professional careers with the intelligence community and DoD.
CAE-CR designation ¶
The NSA awards the CAE-CR designation to DoD schools, Ph.D.-producing military academies and accredited degree-granting institutions with research activity rated by the Carnegie Foundation Basic Classification system as R1, R2 or R3. This designation indicates that an institution does research that increases the understanding of robust cyber defense technology, policy and practices that can help the U.S. prevent and respond to catastrophic cyberattacks. Top research specialization areas of CAE-R institutions are hardware security, cryptology, digital forensics and network hardening. Faculty researchers at The University of Tulsa, which has an R1 rating, conduct interdisciplinary research projects funded by AFRL, DHS, DOE and private industry into areas of cybersecurity such as Internet of Things (IoT) security, critical infrastructure protection, security economics and information security (iSec).
How do universities apply for the CAE designation? ¶
To apply, institutions complete a program of study (PoS), which is an in-depth review of each academic program, department and research track related to the target designation. The criteria universities must meet vary by designation. CAE-Cyber Operations programs must be overseen by a computer science department, computer engineering department, school of engineering or degree-granting department of equivalent technical depth. They must also meet faculty, student research and experiential learning criteria. CAE-Cyber Defense programs must be administered by an institution doing work in the cyber defense space, be overseen by a center for cyber defense education and demonstrate program outreach and collaboration efforts. CAE-Cyber Research programs are granted only to colleges and universities doing significant research into cybersecurity technology, security policy and security management practices. Institutions that receive the National Center of Academic Excellence designation hold it for five years, after which they must reapply to retain their NCAE-C status.
How many U.S. institutions hold National Center for Academic Excellence in Cybersecurity designations? ¶
As of 2020, there were 334 NCAE-C-designated institutions across 48 states, the District of Columbia and Puerto Rico. Most universities meet the NCAE-C criteria for just one CAE designation. Some colleges and universities, including The University of Tulsa, hold multiple designations. Forty-eight schools, for example, are designated Centers for Academic Excellence in Cybersecurity in both research and defense education.
TU is one of just 10 universities in the U.S. that hold the CAE-Cyber Defense Education, CAE-Cyber Defense Research, and CAE-Cyber Operations designations. TU stands out as one of just a handful of institutions training the skilled technical workforce needed by the nation in various areas of cyber defense – including homeland security and incident response – to mitigate existing and new risks to our country’s hardware, software and digitally-driven physical infrastructure.
The University of Tulsa’s history as a National Center of Academic Excellence ¶
The University of Tulsa has been a designated Center of Academic Excellence in Cyber Defense since 2000, when it was one of the first 14 institutions awarded this distinction. Since then, TU has held all three NCAE-C designations, and the university’s cybersecurity master’s program alumni have gone on to work in leading roles in the private sector, the public sector and academia.
The university also has a long-standing reputation for excellence in cybersecurity, with on-campus and online programs supported by the federal government, National Security Agency, the U.S. Department of Defense, the U.S. Department of Energy, the U.S. Department of Transportation and the Defense Advanced Research Project Agency. In fact, it offers multiple programs for students who want to advance in cybersecurity at the bachelor’s, master’s and doctoral levels. Students can even pursue a cybersecurity master’s part-time in a 100% online M.S. in Cyber Security program that is technically challenging and gives students the high-level skills and knowledge they’ll need to fill ongoing national and global security shortages.
Currently, there is a significant gap between the number of cyber defense jobs and the number of trained cybersecurity professionals around the world. The active cybersecurity workforce in the U.S. amounts to 800,000 trained professionals, but to fill all the open cyber positions across the country will take at least 500,000 more. Becoming one of these protectors means getting the right education – a daunting prospect given the rigor of NCAE-C-designated programs, but one that’s manageable in TU’s flexible Online M.S. in Cyber Security. In just 20 months of part-time study, you can gain the cyber defense expertise necessary to thrive in cybersecurity and prepare for a lifelong career as a technical and managerial leader in this growing field.
Are you ready to step up and protect the nation’s digital and physical infrastructure? Apply to earn a cybersecurity master’s degree now or visit the Online M.S. in Cyber Security FAQ for more information about admission requirements, financial aid and student resources.