With rapidly evolving and emerging cyber technologies like Artificial Intelligence and Internet-of-Things (IoT), human interaction with the digital domain is now ubiquitous. In parallel, cyber criminals today seek new and sophisticated ways to exploit vulnerabilities, and malicious cyber actors desire to graduate from low-damage cyberattacks to high-profile attacks on critical infrastructure, financial systems, and government institutions.

As nations worldwide come to terms with the concerning rise in cyber threats, which pose significant challenges to individuals, organisations, and governments alike, it is imperative for governments to prioritise cybersecurity measures and collaborate with businesses and academia through national and global-level efforts to combat the growing cyber threats.

To this end, several countries have now evolved frameworks and policies to build a collaborative cyber ecosystem where businesses, governments, and academia can work together for skilling, innovation, training, and national economic growth and development.

This article aims to highlight the efforts made by a handful of pioneer countries in this realm. By chalking a brief overview of such initiatives, the paper draws similarities through these efforts to understand the possibilities for expanding India’s cyber cluster initiative.

Israel: The Cyber Spark

The Israeli Cyber Innovation Arena in Beersheba (the largest city in the Negev desert of South Israel), now popularly known as ‘CyberSpark’, is a non-profit industry initiative and organisation.

CyberSpark is a joint venture between the Israeli National Cyber Bureau in the Israeli Prime Minister’s office, the Beersheba Municipality, the Ben Gurion University (a public research university in Beersheba, Negev), and leading companies in the cybersecurity industry. Conceptualised by the former president of Ben Gurion University, CyberSpark offers a central coordination platform for joint industry initiatives with all stakeholders, encourages joint academia-industry partnerships, and attracts Israeli and international companies to establish regional bases.^[1]

Beginning from an idea which emerged at the Ben Gurion University’s Cyber Security Research Center, the Beersheba Advanced Technologies Park (ATP) was officially inaugurated in 2013 to turn the city into an economic anchor and a national and international centre for cybernetics and cyber security.^[2] By 2020, three completed buildings accommodated more than 70 leading Israeli and international companies like Dell EMC, IBM, Mellanox and Deutsche Telecom, employing over 2,500 engineers and hi-tech personnel, with more buildings in the pipeline.

The park aims to offer 200,000 square meters of office space spanning 15 buildings, with a capacity of more than 40,000 people working on advanced R&D in different technologies, along with residential services.^[3]

Benefitting from the rising status of the initiative, the Israel National Cyber Directorate chose the Negev city as the location of its Computer Emergency Response Center, tasked with handling civil cyber defence capabilities, and Israel’s first government-backed cyber innovation hub – CyberSpark. Thus, it also houses the Israeli Defence Force’s (IDF’s) elite units.^[4]

France: The Campus Cyber

France inaugurated Campus Cyber in February 2022 as the flagship French facility dedicated to cybersecurity, bringing various national and international cybersecurity companies, small and medium enterprises, research players, governmental agencies, training organisations, research establishments, and charitable organisations.

Located in the La Defense district of Paris, the Campus Cyber is a 13-storey building with private and shared workspaces, project and innovation platforms, and dedicated training spaces.^[5]

The Cyber Campus seeks to develop partnerships with the regional Cybersecurity Campuses, aiming to unite the cybersecurity community based on the following values^[6]–

1. Operations – Sharing data to strengthen everyone’s ability to control digital risk.
2. Training – Support for the initial and continuous training of different audiences (state officials, employees, students, retaining staff, etc.) for an increase in the overall skills of the ecosystem.
3. Innovation – Developing synergies between public and private actors to guide technological innovation and strengthen its integration into the economic fabric.
4. Mobilization – a lively and open place dedicated to programming innovative events conducive to exchanges and discovering developments in the digital society of trust.

The Cyber Campus advocates the pooling of resources to respond to cybersecurity threats and established a ‘Cyber Commons Studio’ facilitated by the actors of the Cyber Campus. It aims to –

1. Investigate themes collectively within working groups.
2. Support in R&D and prototyping, e.g., production of knowledge, specifications, data sets, and technological bricks.
3. Set up the governance and operations of the Commons.

The Cyber Campus Working Groups mentioned above focus on identifying the Cyber priorities of French companies, leading a collective reflection on the responses to be provided and creating deliverables called “Commons”, intended to help French companies for protection against cyber risks.^[7] The groups are led by Studio des Communs, a team dedicated to the collaboration of the entities involved with the Cyber Campus.

Further, Campus Cyber seeks to establish itself as a “brand” that embodies the values of excellence, sharing, trust, and the federation of public and private players. While on a national level, it aims to mobilise all territories within a network of Territorial Cyber Campuses to strengthen local cyber ecosystems, on the international level, the goal is to act as a bridge for cooperation.

Sweden: The Cyber Campus

Following the above-highlighted examples, Sweden seeks to establish a ‘Cybercampus’ as a national initiative, to welcome all universities and organisations.

The proposed initiative is founded by the KTH Royal Institute of Technology (Stockholm-based public research university), Research Institutes of Sweden AB or RISE (state-owned research institute collaborating with universities, industry and the public sector), and the Swedish Armed Forces.

The Cybercampus aims to^[8]–

• Identify, execute and coordinate cross-university research on topics important for Swedish civil and military cyber defence and industrial competitiveness.
• Build capacity for cyber workforce training and facilitate new cross-university cybersecurity programmes, taking advantage of the specific teaching expertise from different universities.
• Provide a workplace for academia, agencies, and industry, which, when combined with coordinated educational programs and research initiatives, will form a strong cyber innovation environment in Sweden.
• Establish a unique national research infrastructure for cybersecurity, which will provide synergies with existing research and innovation facilities such as CREATE at the Swedish Defence Research Agency (FOI) and the RISE Cyber Range.
• Provide timely, well-informed, and organizationally neutral advice and expert opinions to decision-makers on cybersecurity and cyber defence-related matters.
• Boost international visibility for Swedish researchers and innovators and attract greater national and international funding for the Swedish cybersecurity sector.

To this end, Sweden is laying down a high-level cybersecurity research and education roadmap, which would serve as a continuously updated live document with specific educational programs and research activities.

China: The Wuhan National Cybersecurity Centre (NCC)

China has taken an active stance toward establishing a similar platform to realise its ambition to become a cyber superpower. Starting in 2017, China has pushed the National Cybersecurity Center in Wuhan (formally known as the National Cybersecurity Talent and Innovation Base) as a flagship cyber focal point.^[9]

By 2021, this project included seven centres for research, talent cultivation, and entrepreneurship, two government-focussed laboratories, and a National Cybersecurity school. The NCC is comprised of 10 components, including –

• National Cybersecurity School – With capabilities to churn out 2500 cyber professionals yearly.
• The Talent Cultivation and Testing Center– with the capacity to teach 6000 cyber trainees each month.
• Non-private laboratories (for government-focussed research) – ‘The Combined Cybersecurity Research Institute’ and ‘The Offence-Defence Lab.’

Split into two parts (or phases) and further segregated into ‘zones’, the NCC is spread over 40 kilometres square area, with phase 1 occupying 4 km sq area with zones for grouping institutions with similar purposes and phase 2 for a Cybersecurity Industrial Park (36 km sq).

The five zones of Phase 1 include^[10]–

1. Education zone – ‘National Cybersecurity School.’
2. On-the-job training zone – ‘Talent Cultivation and Testing Center’ (to focus on providing early and mid-career cybersecurity professionals seeking career-advancing certifications.
3. Research Zone – ‘Offence Defence Laboratory’, ‘Combined Cybersecurity Research Institute’ (nominally public research laboratories for government-directed research on new technologies)
4. Shared Services Zone – Technology Certification Center, Technology Evaluation Center, Conference Center, Exhibition Center, Commercial Center
5. Industrial Development Zone – Supercomputing and Big Data Center

United Kingdom – Cyber Park/Central

The Golden Valley Development project undertaken by Cheltenham (a spa town and borough in Gloucestershire County) has been touted as the home of Cyber Central UK. This site aims to supercharge the UK's cyber sector growth by bringing innovators, businesses and academia together.^[11]

With a well-established and thriving high-tech ecosystem comprising tech giants like Microsoft, Apple and IBM, alongside start-ups and academic institutions, Cheltenham boasts around 600 tech businesses. Among more than 100 cyber businesses in the UK, Cheltenham comprises almost half of these. Further, the region benefits from both Academic Centres of Excellence operated by UK’s IT and intelligence agency GCHQ and leading research and innovation-focused universities which thrive as tech incubators.

The Golden Valley Development scheme includes a National Cyber Innovation Centre, high-quality and affordable accommodations, and spaces for business and academia. The Corporate Plan 2023-27 adopted by the Cheltenham Borough Council, underlines the principles and key priorities toward UK’s cyber central ambitions as –

1. Enhancing Cheltenham’s reputation as the cyber capital of the UK
2. Making Cheltenham net zero by 2030
3. Increasing affordable housing
4. Focus on more jobs and skills
5. Better use of resources and better value for taxpayer money

Among these key priorities, enhancing Cheltenham’s reputation through the Golden Valley Development comes at the top.^[12] This project has been highlighted as vital to the UK’s realisation of objectives in its National Cyber Strategy 2022, aiming to make the UK the safest place for online business.

Like other projects, this also seeks to integrate the community with hi-tech businesses and benefit from a highly accessible location. The Corporate Plan 2023-27 lays down goals toward this priority –

• Work with partners to attract cyber and associated business to Cheltenham and build upon our natural strength in this area
• Ensure the funding, delivery plan and developer are in place for progress
• Ensure environmental sustainability standards.

The Golden Valley project also aims to deliver the National Cyber Innovation Centre to foster the growth of a sustainable and internationally important district focused on cyber-tech, developing pioneering services and products, and driving the UK's ambition to transform into a ‘science superpower’.

Beyond the Cheltenham Cyber Central, the Welsh Government is investing in an Innovation Hub to support Wales becoming a cybersecurity leader.^[13] The new hub was announced in 2022 at the UK’s flagship cyber security conference CYBERUK and is led by Cardiff University in partnership with the University of South Wales and private sector companies like Airbus. The Innovation Hub aims to train more than 1,000 cyber-skilled professionals by 2030, attract more than 20 million pounds in private equity investment, and grow the Wales cybersecurity sector by more than 50 per cent.

Further, the Innovation Hub will serve as a core business partner to major cyber security organisations like the Cheltenham Cyber Central/Park and other such projects outside the UK.

India: The Cyber Clusters and the Way Forward

Established as India’s first cyber security cluster, the Hyderabad Security Cluster was renamed in 2021 as the National Security Cluster (NSC). It aims to evaluate each Indian state’s level of cybersecurity, preparedness to contain cyber threats, and readiness to handle cyber incidents and large-scale cyber catastrophes. The NSC seeks to foster strategic partnership and dialogue between the government, industry, and academia and create an environment conducive to innovation, knowledge-sharing, and proactive cyber risk management. The cluster—expected to be fully functional by 2024—includes on its board government officers, decision-makers with extensive expertise in digital transformation, and hands-on practitioners.^[14]

Further, announced in early 2023, the Jharkhand Cyber Cluster (or Cyber Security Cluster East) is a planned business-academia collaboration on cyberspace and technology-based solutions. The cluster will be operated by the Cyber Peace Foundation (a New-Delhi based Indian non-profit organisation focussed on cyber security) in collaboration with the UK government. The Jharkhand Cyber cluster will collaborate with the UK’s cybersecurity groups and aims to adopt the best practices from the UK’s cybersecurity clusters.^[15]

Considering the case studies from other countries, NSC Hyderabad can aim to establish itself as India’s cyber security hub, which can lead or coordinate the efforts of other clusters which will emerge in other parts of the country. Similar to China, the UK, and Israel, India too prides itself on several industrial IT parks and cities, like the globally renowned Electronics City in Bengaluru, the HITEC City in Hyderabad (Cyberabad), the InfoTech Park in Mumbai, the emerging InfoCity in Gandhinagar, and several other hubs in cities like Noida, Pune etc.

However, these cities/parks mostly follow the model of integrated townships for IT professionals to work and live (with housing colonies, shopping complexes, banks etc., in the vicinity), unlike a carefully planned holistic model of centralising all the aspects of a cyber ecosystem, from early and higher cyber education to industrial application and innovation incubation.

The Software Technology Parks of India (STPI) serve as a premier Science and Technology organisation under the Ministry of Electronics and Information Technology (MeiTY) and engages in promoting the Indian IT industry and startups for innovation in technologies like Blockchain, IoT, AI, Machine Learning, robotics, cybersecurity, and other emerging technologies.^[16] The STPI also focuses on establishing Centres of Entrepreneurship, which serve as technology incubators, aiming to craft India's largest technology startup ecosystem.

For this, STPI is refining a collaborative model with participation from government, industry, academia, and other stakeholders, for end-to-end functionalities from idea conceptualisation to product commercialisation through market connect. Schemes like the Next Generation Incubation Scheme are geared to offer comprehensive incubation support and services like seed funding. Today, STPI prides itself with 63 centres and more than 20 incubators.

Among other functions, STPI seeks to–

• Works closely with state governments and acts as an interface between industry and government
• Work jointly with venture capitalists for financial assistance to the IT industries
• Facilitate specialised training in niche areas.

How to proceed ahead?

The case studies from different countries presented above comprise several commonalities which serve as essentialities for developing a collaborative cyber hub/park/campus or cluster. This includes –

1. Government support – For steering the efforts at both national and regional levels between industry, academia, and various federal/regional security agencies
2. Industry participation – For cutting-edge innovation which can transform from concepts to commercially available or deployable products and services.
3. Role of academia – Both for creating a talent pool to be fed to other parts of the targeted cyber ecosystem and for generating ideas and innovative solutions to existing and future problems.
4. Policy roadmap and goals – For binding the above three essentialities together to benefit the national growth, development, and security goals and objectives.
5. Infrastructure and space for crafting the ecosystem where the above four essentialities can be implemented.
6. Location – For centralising efforts between the different entities of the ecosystem to produce optimal outcomes.

Like the various efforts studied above, the Indian cluster approach can also establish a cybersecurity ecosystem through a hub-and-spoke model, where a national security cluster, in proximity to industry and academia, coordinates efforts from other clusters around the country. As seen in the example of the Cyber Cluster East (Jharkhand), the various regional clusters can also seek to benefit from pioneer countries' experiences and best practices on cyber initiatives, like Israel, France and Sweden. This would mean partnerships with several countries to implement the cluster model nationwide. Through this, India can advance on the various cybersecurity agreements and MoUs signed with different countries. Further, by looping back this decentralised framework to a cluster hub (like NSC Hyderabad), the feedback gathered can help widen India’s international collaboration in cybersecurity, as well as policy development and implementation.

The growing demand for cybersecurity professionals in India has been underlined time and again. According to some estimates, despite strong demand and rising salaries, India faces a significant supply gap of more than 30 per cent in this domain.^[17] An often-cited reason for this has been the gap in India’s education ecosystem to provide recognised cybersecurity training and skilling at a level that can meet the demand scale. While the private education system offers several options, India’s public education system needs strengthening at remote levels to produce cyber-skilled talent.

To solve this issue, various countries (like some seen in this paper) are looking to create talent and capacity-building programmes which are integrated with innovation and industrial ecosystems (e.g., the National Cybersecurity School in Wuhan). With India now looking forward to hosting campuses by foreign universities, a specific focus on cybersecurity can help bridge the gap between the market demand for cyber talent and the supply of skill providers.

Some progress on this front is already afoot, with Australia’s Deakin University emerging as the first foreign university to establish an independent campus in Gujarat’s GIFT City, with cybersecurity-focussed courses scheduled to start in 2024.^[18] As more foreign universities land in India, their output can benefit the regional cyber clusters.

Further, by integrating already existing models for skilling, innovation, and capacity building (like STPI), India can also seek to create a pipeline for feeding talent from the indigenous education and innovation system to the application and commercialisation domains. Further, the model can also be expanded by including a national cybersecurity school and university, training centres, and both government and private laboratories.

Finally, this effort needs to be taken forward with a synchronous long-term policy framework that devotes funding for infrastructural support and coordination mechanisms for drawing the cybersecurity industry and emerging cyber academia sector for the initiative. Altogether, this can propel India’s cyber ambitions into a new era.

Endnotes

^[1] “CyberSpark”, Cybil Portal. https://cybilportal.org/actors/cyberspark/.
^[2] “Gala opening for Beersheba Advanced Technologies Park”, Times of India. September 08, 2013. https://www.timesofisrael.com/gala-opening-for-beersheva-advanced-technologies-park/.
^[3] “CyberSpark”, Cybil Portal. https://cybilportal.org/actors/cyberspark/.
^[4]Aviva Gat,“Cyber sparks in Beersheba”. January 26, 2016. https://www.jpost.com/jerusalem-report/cyber-sparks-in-beersheba-442281.
^[5] “France launches 'cyber city' to pool resources for better digital security”, RFI, February 2022. https://www.rfi.fr/en/france/20220216-france-launches-cyber-city-to-pool-resources-for-better-digital-security.
^[6]Verger, Frédéric, “Cyber Campus: Safran joins the French cybersecurity center of excellence”, February 2022. https://www.safran-group.com/news/cyber-campus-safran-joins-french-cybersecurity-center-excellence-2022-02-16.
^[7]Ibid.
^[8] “Cybercampus Sweden”, Cybercampus.se. https://cybercampus.se/.
^[9]Cary, Dakota, “China’s National Cybersecurity Center.” CSET Georgetown. July 2021. https://cset.georgetown.edu/wp-content/uploads/CSET-Chinas-National-Cybersecurity-Center-1.pdf.
^[10]Ibid.
^[11] “Corporate plan - 2023 to 2027.”, Cheltenham Borough Council. https://www.cheltenham.gov.uk/info/19/corporate_priorities_and_performance/1760/corporate_plan_-_2023_to_2027/3.
^[12]Ibid.
^[13] “£9.5 million new Innovation Hub to support Wales become a global leader in cyber security”, Welsh Government, May2022.. https://www.gov.wales/new-innovation-hub-to-support-wales-become-a-global-leader-in-cyber-security.
^[14] “National Security Cluster”. https://nationalsecuritycluster.com/.
^[15] “India, UK can work jointly to prevent cybercrimes”, Times of India, March 2023 . https://timesofindia.indiatimes.com/city/ranchi/india-uk-can-work-jointly-to-prevent-cybercrimes/articleshow/98575287.cms.
^[16] “About STPI”. https://stpi.in/en/about-stpi.
^[17]Singh, Abhinav, “Why there is still shortage of cybersecurity professionals in India?” June 2023. https://www.theweek.in/news/sci-tech/2023/06/29/why-there-is-still-shortage-of-cybersecurity-professionals-in-the-country.amp.html.
^[18]Kuntamalla, Vidheesha, and Rity Sharma,“Australia’s Deakin University to be the first foreign varsity to set up campus in India”. March 2023. https://indianexpress.com/article/education/australia-deakin-university-first-foreign-varsity-set-campus-india-study-abroad-8469446/.

(The paper is the author’s individual scholastic articulation. The author certifies that the article/paper is original in content, unpublished and it has not been submitted for publication/web upload elsewhere, and that the facts and figures quoted are duly referenced, as needed, and are believed to be correct). (The paper does not necessarily represent the organisational stance... More >>