The National Centers of Academic Excellence in Cyber Operations Program (CAE-Cyber Operations) is open to degree granting four-year colleges and graduate-level universities. CAE-Cyber Operations programs must be based within a computer science, electrical engineering or computer engineering department, or a degree program of equivalent technical depth, or a collaboration between two or more of these departments.
Applications are assessed against a specific set of academic requirements and programmatic criteria, listed below, which are intended to measure the depth and maturity of programs of instruction in cyber operations at the graduate and/or undergraduate levels. The criteria and requirements are reviewed annually and strengthened as the program matures, as technology advances and to keep pace with the evolving nature of the cyber operations field.
Applications must clearly demonstrate how their program meets each of the requirements and criteria to obtain designation. Successful applicant programs are designated as a CAE-Cyber Operations for a period of five academic years, after which they must successfully reapply to retain the designation. Designation as a National Center of Academic Excellence in Cyber Operations does not carry a commitment of funding from the CAE-Cyber Operations program sponsor (i.e., the National Security Agency).
Criteria for Measurement for CAE in Cyber Operations Fundamental
Criterion |
Criterion Name |
Requirement |
1 |
Academic Content (includes mandatory and optional content) |
100% of mandatory / 10 of the 17 optional |
2 |
Cyber Operations Recognized via Degree, Certificate or Focus Area |
Cyber operations must be explicitly recognized as a focus area or specialization and students must meet requirements to be awarded such recognition. |
3 |
Program Accreditation/Curricula Review |
Accreditation of the academic program (CS, EE, CE) on which the proposal is based will be considered a significant plus. All programs may undergo an in-person curriculum review. |
4 |
Cyber Operations Treated as an Inter-Disciplinary Science |
Cyber operations concepts must be integrated into foundational curriculum courses as appropriate. |
5 |
Cyber Operations Academic Program is Robust and Active |
Evidence that courses are maintained current and offered frequently (e.g., every 18 months). |
6 |
Faculty Involvement in Cyber Operations-related Research |
Evidence of faculty grants, papers published, conference presentations related to the field of cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response. These technologies and techniques are critical to intelligence, military, and law enforcement organizations authorized to perform these specialized operations). |
7 |
Student Involvement in Cyber Operations-related Research |
Evidence of student work on grant research, papers published, conference presentations related to the field of cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response. These technologies and techniques are critical to intelligence, military, and law enforcement organizations authorized to perform these specialized operations). |
8 |
Student Participation in Cyber Service-Learning Activities |
Evidence of participation in local/regional/national cyber exercises, outreach to community colleges and high schools, etc. |
9 |
Commitment to Support the CAE-Cyber Operations Program |
First application: stated commitment. Renewals: 8 students and 3 faculty members over the course of the 5-year designation window. |
10 |
Number of Faculty Involved in Cyber Operations Education and Research Activities |
At least 2 faculty actively teaching cyber (i.e., non CS/EE/CE core) courses. |
Fundamental Criterion 1: Academic Content
A CAE-Cyber Operations Fundamental program must include "knowledge units" (single or multiple courses, or course modules within single or multiple courses) covering 100% of the mandatory academic content and a minimum of 10 of the 17 optional academic content.
Students meeting the academic criteria for the institution's cyber operations program must complete coursework to meet all ten of the mandatory KUs and at least four of the optional KUs offered by the institution.
Accreditation Board for Engineering and Technology (ABET) accreditation can be used to show satisfaction of required and optional academic content requirements (i.e., knowledge units) for topics explicitly covered by the ABET accreditation process. For academic content requirements not covered by ABET accreditation review and procedures, an on-site, detailed curriculum review, looking at the details of each course contributing to coverage of the knowledge units, will be performed by representatives of the CAE-Cyber Operations program office and the relevant faculty at the applying institution.
Fundamental Criterion 2: Cyber Operations Recognized via Certificate or Focus Area
Students who participate sufficiently in the cyber operations curriculum (i.e., take and pass courses that completely satisfy all of the mandatory knowledge unit requirements and at least four of the optional knowledge unit requirements described in criterion 1) must be distinguished from other students through the awarding of a degree, certificate, or a reference to a focus area or specialization on their transcript and/or degree.
Fundamental Criterion 3: Curricula Review
The CAE-Cyber Operations Fundamental program must be based within a technically deep computer science, computer engineering or electrical engineering program, or a degree program of equivalent technical depth. Representatives of the CAE-Cyber Operations program office may perform a two day on-site, detailed curriculum review focused on course content, course relevance (how current it is), course frequency (how often is the course taught, when was it last taught) with the participation of the faculty members who maintain and teach each course.
When the applying CS/EE/CE program is accredited by the Accreditation Board for Engineering and Technology (ABET), accreditation can be used to show satisfaction of CAE-CO academic requirements for topics explicitly covered by the ABET accreditation process.
Fundamental Criterion 4: Cyber Operations Treated as an Inter-Disciplinary Science
The goal of the CAE-Cyber Operations Fundamental program is to produce graduating students with a well-rounded educational foundation that enables them to better function in the world of specialized cyber operations. To best achieve this, a designated program must expose students to cyber operations in an inter-disciplinary manner. Cyber operations must not be treated as an isolated specialization, with classes focused solely on cyber operations tools, techniques and principles. Instead, a cyber operations student must be exposed to the underlying technologies that make up the cyber domain, as well as the policy, social, legal and ethical aspects of conducting cyber operations. To the greatest extent possible, this should be done by integrating cyber operations information, as appropriate, into the courses of many other academic disciplines (e.g., computer science, engineering, math, IT, business, law), as well as integrating elements of those disciplines into cyber operations classes, when they do exist as stand-alone offerings (which, for some topics, may be appropriate to do so). Thus, a curriculum suitable to satisfy the academic requirements for designation as a cyber operations program may include courses from multiple colleges within a university and from multiple programs and disciplines, or, in the case of a defined cyber operations degree program, it can be demonstrated that the relevant information from these disciplines has been integrated into the cyber operations program courses.
Fundamental Criterion 5: Cyber Operations Academic Program is Robust and Active
To demonstrate that the academic program being submitted for designation as a CAE in Cyber Operations Fundamental is robust and active, the applicant institutions must provide a list of courses (number, title, catalog description) included in meeting the cyber operations academic requirements and provide data showing when each course was last taught. (Note: this is not a detailed mapping of the course content, but rather just the course identification of all courses that significantly contribute to the satisfaction of a knowledge unit requirement).
Institutional policies on updating course materials to remain relevant must be cited and included in the application.
All courses must be identified in the course catalog.
Fundamental Criterion 6: Faculty Involvement in Cyber Operations-related Research
The application should provide evidence that the faculty involved in cyber operations education are also active in research related to cyber operations (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response).
Evidence may be provided in the form of information:
- related to research grants,
- that demonstrates the faculty contributes to the common body of knowledge through the publication of papers, and
- related to attendance and presentations at conferences related to cyber operations.
Fundamental Criterion 7: Student Involvement in Cyber Operations Research
Since hands-on research reinforces the cyber operations curricula, the application should provide evidence that students are involved in cyber operations research (i.e., with a particular emphasis on technologies and techniques related to specialized cyber operations such as collection, exploitation, and response).
Evidence may be provided in the form of information showing:
- student participation in research grant activities,
- student research papers are required as part of cyber related courses,
- student publications related to cyber operations topics, and
- student attendance and presentations of cyber operations related topics at conferences.
Fundamental Criterion 8: Student Participation in Cyber Service-Learning Activities
To encourage the spread of education related to cyber security and cyber operations, students are required to participate in activities that contribute to growing and strengthening the cyber operations community and cyber security for the Nation.
Examples of cyber service-learning activities might include:
- participation in computer science/cyber security/cyber operations clubs and activities,
- participation in cyber exercise activities, at the local, regional, and/or national level,
- outreach activities and/or collaboration with other universities, 2-year schools, or local high schools.
- cyber security/cyber operations presentations at conferences, or
- outreach activities to local or state law enforcement.
Fundamental Criterion 9: Commitment to Support the CAE-Cyber Operations Program
For initial application to the CAE-Cyber Operations Fundamental Program, the applying institution must make a stated commitment to support the CAE-Cyber Operations program. Examples of support could be in the form of student applicants to the CAE-Cyber Operations Summer Internship Program, comprehensive faculty participation in Knowledge Unit review and changes, mentorship of another institution applying for the CAE-Cyber Operations Fundamental designation, and/or faculty support in the form of briefing or teaching during the CAE-Cyber Operations Summer Intern Program.
For renewal applications to the CAE-Cyber Operations Fundamental Program, the applying institution must provide evidence of CAE-Cyber Operations Program support with, at a minimum, eight students and three faculty members, over the course of the five-year designation window.
Fundamental Criterion 10: Number of Faculty Involved in Cyber Operations Education and Research Activities
There must be the equivalent of at least two full-time faculty members teaching relevant cyber operations courses who are also active in relevant cyber operations research.
For the purposes of meeting this criterion, full time is considered to be teaching 3 courses associated with the required knowledge units per semester. Faculty with significant active research clearly and directly associated with cyber operations, or who are advising multiple students at the Master's or Doctoral level on clearly cyber operations research topics, may request that credit for such be allowed for one or two of the required courses.
A biography or curriculum vitae for each faculty member must be provided as part of the program application.