Building a cyber security state is good business

San Diego shows how cities can incubate the next generation of digital warriors

When I joined the US Navy in 1970, the projection of naval sea power was all about strategies to deploy Marines, ships, submarines and aircraft above, below and on the sea. Today, there's a new complication - cyber security - as data has become weaponised and hackers seek to attack all manner of targets - companies, cities, nations, even the ships where I once worked.

At the same time, cyber attackers, and their rising diversity and sophistication, offer an opportunity to innovate and grow new markets. You can see what that looks like in San Diego, where I live and work.

San Diego has long been a centre of America's national defence, and the infrastructure and businesses that support it. The cyber age - and San Diego's savvy response to it -has changed the nature of that defence. San Diego is now home to more than 100 cyber-security companies that employ 4,230 people. That's on top of the 3,390 employees who work at the US Navy's Space and Naval Warfare Command (Spawar). And those numbers are growing rapidly.

In just two years, between 2013 and 2015, information security analysts grew by 13.9 per cent per year on average in San Diego, nearly double the national 7 per cent average, and employers expect their cyber-security workforce to grow by an additional 13 per cent in the coming year, according to a 2016 study for which my non-profit and other San Diego institutions conducted research. The annual economic impact of the industry is already estimated at US$1.9 billion (S$2.7 billion) - the equivalent of hosting four Super Bowls each year - and puts San Diego on a par with sister-cyber hubs in Silicon Valley and Maryland.

This rapid growth is not merely a matter of technological change. It reflects strategic efforts by people and sectors across San Diego - the military and intelligence community, high-tech industries, academia, municipalities, utilities, transportation agencies and the region's various governments - to become a leader in cyber security.

I play a role as leader of the San Diego Cyber Centre of Excellence (CCOE), a non-profit established in 2014 by cyber industry, higher education and government leaders to address cyber-security challenges. To become a centre of this new line of defence, the region has had to tackle three tasks crucial to the sector's success. San Diego is cultivating a cyber workforce, showcasing its successes in cutting-edge technologies and fostering a more secure cyber environment across the region's institutions. (Being a leader in cyber security can make you a bigger target to attack.)

Cyber threats have no geographic or industry bounds, and the need for qualified cyber-security workers is increasing.

These challenges resulted from regional economic planning, in particular the San Diego Regional Economic Development Corporation's cyber-security economic impact study. In some places, regional economic reports get dismissed, but not this report and not here. The report identified a clear top challenge: the sourcing and development of a cyber workforce. This is what drew me to this work and the CCOE - the chance to help find and secure the next generation of cyber warriors was too good to pass up.

To start, our team convened leaders in industry, government and all 15 of the cyber-security, computer science and engineering deans from regional universities, colleges and extended study programmes to discuss greater alignment between academic supply and industry demand.

The collaboration has been highly productive. It helped create a catalogue of courses that universities and programmes offered, or could add, to meet the skill sets sought by the industry. It also generated a regional cyber job board, as well as an internship pipeline and Link2cyber programmes that connect students, recent graduates, veterans and seasoned professionals with career opportunities in the region.

Not only are these cyber- security positions in demand, but the average annual salary for analysts, computer scientists and software developers is six figures, according to that 2016 economic impact study that CCOE helped conduct.

The combination of wages and opportunity has made San Diego a hot spot for talent, investment as well as research and development. The region's universities and colleges annually graduate 3,000 students in computer science and engineering. The University of San Diego and California State University San Marcos recently launched cyber-security master's programmes with industry-driven curricula to help feed the pipelines. The region's higher education sector also supports trailblazing research at facilities such as the Super Computing Centre at UC San Diego and the Advanced Computing Environments Laboratory at San Diego State University.

Demand for talent is being driven by a convergence of commercial security and defence security. This creates a real community around cyber security. Industry leaders such as Qualcomm, ESET, ViaSat and iboss call San Diego home, citing access to clients, customers, vendors, suppliers and proximity to Spawar as the region's greatest strengths.

San Diego is likely to see more growth as the industry moves towards private-sector customers. The share of firms focused primarily on the commercial market (as opposed to military and defence) has grown substantially, now constituting 47 per cent of the sector in San Diego.

This shift reflects the importance of practical applications of cyber security, like protecting healthcare and financial data, and energy and water grids. This is good news in an age where the Internet of Things, electromagnetic pulse blasts, mass grid outages and ransomware attacks are no longer just Marvel Comics storylines.

San Diego as a regional hub is also mobilising to address potential threats to its own infrastructure. The Secure San Diego initiative, launched earlier this year, is, among other things, generating a regional cyber- response map for businesses and a regional incident-response management plan similar to state- of-emergency protocols used in natural disasters.

Sometimes I marvel at how threats and defence strategies have evolved since my time as commander of Spawar, but the one constant of war remains: You can't go it alone. While San Diego has developed a cyber-security sector, cyber threats have no geographic or industry bounds, and the need for qualified cyber- security workers is increasing. My hope is that San Diego can serve as a template to mobilise other regions to adopt best practices and grow our nation's next generation of cyber warriors, defences and innovations.

•Kenneth D. Slaght, a retired US Navy rear admiral, is co-chair and president of the Cyber Centre of Excellence, a non-profit organisation that promotes alignment and collaboration within the cyber community.

•This article first appeared in Zocalo Public Square, a project of the Centre for Social Cohesion at Arizona State University.

A version of this article appeared in the print edition of The Sunday Times on April 09, 2017, with the headline 'Building a cyber security state is good business'. Print Edition | Subscribe