As Assembly Drive winds its way through a nearly century-old stone gate and along Flat Creek to Montreat College, the path is marked by an abundance of natural splendor. The school sits in a richly wooded cove between two mountain ridges, just outside the Pisgah National Forest; its viewbook for prospective students boasts of 30 miles of hiking and biking trails in the surrounding small town of Montreat alone.
In recent years, however, a significant portion of the college’s attention has shifted to affairs of a decidedly indoor bent. Under the direction of President Paul Maurer, who took leadership of Montreat in 2014, the private, Christian liberal arts school has rapidly become one of North Carolina’s foremost cybersecurity institutions.
In six years, Maurer says, enrollment in Montreat’s cyber programs has gone from zero to 142 — a major surge of strength for an institution that in 2013 had considered merging with Point University in Georgia and closing its local campus altogether. The college’s annual RETR3AT cybersecurity conference has attracted hundreds of attendees since it first convened in 2015, with speakers including Republican Sen. Richard Burr and Max Everett, chief information officer for the U.S. Department of Energy.
And the expansion is far from over, Maurer believes. He expects that additional growth in Montreat’s STEM majors, including cybersecurity, will soon merit hundreds of millions of dollars in investment to build a larger campus on 89 acres currently owned by the college between U.S. 70 and Interstate 40, less than a half mile from downtown Black Mountain. Part of that plan is a $40 million facility to house the school’s cyber program alongside a new, separate initiative called the Carolina Cyber Center, for which the N.C. General Assembly voted to award $20 million in October.
“This is a way for academia and industry and government to work together to solve the economic and security threat of our age in our state,” Maurer says of the center, often abbreviated as the C3. “We’ve been working on this project for two or three years now, and we have found tremendous support from all these sectors, who agree that a P3 [public-private partnership] approach is a really wise and progressive approach to addressing a very complex problem.”
But Maurer has not found support from Democratic Gov. Roy Cooper. On Nov. 8, the governor vetoed House Bill 398, which contained the Montreat funding, calling the money “a substantial capital earmark outside the state’s proven university system.” With the General Assembly adjourned for the rest of the year, it’s unclear when or if the matter might be taken up again.
In the crossfire
The path to Cooper’s veto was itself marked by contentious political maneuvering. Originally, the C3 money was part of House Bill 966, the General Assembly’s comprehensive appropriations act. According to reporting by Carolina Public Press in August, the governor did not object to any local projects in that bill, including the Montreat funding. However, he had vetoed the budget in June due to disagreements with Republican lawmakers over education and health care spending.
Although the House Republicans overrode Cooper’s veto on Sept. 11 — in a vote for which most Democrats were not present, with many claiming they had not been informed of its timing — their colleagues in the Senate were unable to muster the three-fifths supermajority needed to pass the budget into law. In response, lawmakers began passing “mini-budget” bills to fund less controversial portions of the original budget.
On Oct. 23, in his role as senior chair of the House Appropriations Committee, Rep. Jason Saine, R-Lincoln, altered House Bill 398, which originally contained funding for rural broadband that had been moved to a different mini-budget and passed on Oct. 14. He replaced its language with funding requests for the C3 and other information technology needs. By then, according to Rep. John Ager, D-Buncombe, the money had begun to attract negative attention from Democrats.
“The rebellion in my party centered around the large appropriation going to a private institution when there were several cybersecurity programs in our university system,” Ager explained in an email to Xpress. “They found negative data about Montreat’s graduation rates. They felt like the $20 million was a sweetheart deal by North Carolina Republicans to support a conservative Christian school.”
Rep. John Autry, D-Mecklenburg, formalized that opposition on Oct. 24 by proposing an amendment to the bill that would have removed the C3 money and replaced it with the same amount “for the continuing upgrade of statewide cybersecurity capabilities.” The amendment failed in a tie vote that same day; Ager was the only Democrat to cross party lines in opposition to the change.
“I still believed [the C3] was a worthy project that was really bigger than Montreat College. It would have created a high-tech hub in Buncombe County and spin off companies that would benefit the region,” Ager said of his vote. “It would work with the university system, the community college system and the new [N.C. School of Science and Mathematics] in Morganton.”
The bill proceeded to pass both the House and Senate mostly along party lines, with Ager again the only Democrat breaking ranks to lend his backing, before receiving Cooper’s veto. “Republican leaders want to provide a multimillion-dollar earmark without explanation while shortchanging the entire state’s cybersecurity department,” wrote Cooper spokesperson Ford Porter in response to an Xpress request for comment. “That’s not the way this process is supposed to work.”
Cooper’s office did not respond to a follow-up question asking why the governor had switched his position on local projects since August. But Ager believes that the $20 million for the C3 — well over three times as much as the roughly $5.5 million Montreat raises annually, and more than twice the college’s total endowment — stood out more glaringly in October compared to other allocations in the mini-budget. The next largest earmark in the bill was $5 million for the NC HealthConnex health information exchange.
“As long as the Montreat appropriation was in the general budget, I think [Cooper] was OK to not challenge it. Putting it in a small mini-budget highlighted all the reasons to be against it. In hindsight, that was a political mistake,” Ager wrote.
Matter of faith?
Following Cooper’s veto, Sen. Ralph Hise, R-Mitchell, who in April sponsored a separate bill that would have given $2 million to Montreat for the C3, issued a statement suggesting how at least some Republicans interpreted the move. “Vetoing this legislation puts the state’s most critical information at risk and signals to hackers that the state is vulnerable,” he wrote. “Gov. Cooper seems to have put our information in danger just because he doesn’t like the religious choices of some of the administrators at a college.”
Neither Hise nor Saine responded to multiple requests for further comment on the Montreat allocation or Cooper’s veto. However, the college has drawn attention in the past for its Community Life Covenant, adopted in 2017, that all staff must sign as a condition of employment. The document includes positions drawn from the school’s Reformed Christian tradition such as affirming “chastity among the unmarried and the sanctity of marriage between one man and one woman” and “the God-given worth of every human being, from conception to death.”
Ager confirmed that his party colleagues were concerned by those religious statements: “Democrats did not like the oath Montreat professors were required to subscribe to,” he recalled. The Buncombe representative did not mention sharing those concerns; he wrote that personal meetings with Maurer had convinced him that Montreat “was the only institution in N.C. that stepped up with a matured vision” for cybersecurity training.
Maurer focused on the political fight between Republicans and Democrats as driving the failure of House Bill 398. “Unfortunately, the portion of that bill to come to Montreat College had gotten politicized in the weeks prior, and what is really a completely bipartisan issue and problem became a partisan issue,” he said. When asked for his take on Hise’s remarks about specifically religious motivations, Maurer offered no response.
But David Thompson of RBX Solutions, a lobbying firm that represents Montreat’s cybersecurity programs at both the state and federal levels, believes that Democrats did not respect the planned division between Montreat College and the C3, which he says college staff would establish but then spin off as an independent nonprofit. He emphasizes that employees of the new center would not be bound by the same covenant as Montreat workers.
“We’re not talking about standing up a regional training center that’s going to be a Christian training center. That’s not at all what we’re proposing,” Thompson says. “It’s a very important distinction that again has been lost in the discussion here.”
Ethics and network protocol
While a proverbial firewall would be placed between the C3 and Montreat’s religious beliefs, both Maurer and Thompson say that the college’s desire to impart lessons beyond raw technical skills make it the right choice to catalyze the training center. As a liberal arts college informed by a moral code, Thompson argues, the school shapes graduates who are more than glorified hackers — a philosophy that would remain central to the new nonprofit, which lists “a focus on ethics and character-based learning” on its webpage.
“What Montreat brings to this discussion, that a state university does not bring in any meaningful way, is that we have to consider the human side of cyber,” Thompson says. “You’re really weaponizing students if you are not providing guardrails for the ethical treatment of cybersecurity.”
One such public cybersecurity program is the Davis iTEC Cyber Security Center at Forsyth Technical Community College in Winston-Salem, which currently teaches over 300 students. Janet Spriggs, president of Forsyth Tech, said in response to Thompson’s statement that the college “looks forward to finding ways to partner with Montreat in this very important area.”
Spriggs added, “We recognize our program focuses on a different aspect of cybersecurity defense than Montreat’s program. However, we believe our program, the programs at other community colleges and universities and the Montreat program are all important in preparing IT security professionals.”
Maurer draws parallels between his school’s approach and that of the U.S. military academies, which he says are the only higher education institutions besides faith-based colleges to integrate personal character and ethics into their curricula. It’s no surprise, he continues, that Montreat’s message has resonated with partners in the federal defense complex.
In 2017, the National Security Agency certified Montreat as a National Center of Academic Excellence in Cyber Defense Education. Although eight other North Carolina schools, including Forsyth Tech, have also received that designation, Montreat remains the only religiously affiliated college in the state to be certified. Earlier this year, the school became one of just five institutions to sign a memorandum of understanding with the U.S. Army for cyber education.
Maurer notes that Montreat was also asked this year to take “a leadership role at a national level” in the NSA’s cybersecurity training work. NSA spokesperson Mike Dusak said his organization had no comment on who specifically requested Montreat’s leadership, why the college was chosen from among other Centers of Academic Excellence or what its responsibilities entail.
By popular demand
Montreat’s boosters are confident that funding for the C3 will materialize soon, even if Cooper and the General Assembly fail to reach an agreement over state support. They believe a pressing need for skilled, ethically responsible workers — Thompson says that 13,000 cybersecurity jobs are currently unfilled in North Carolina alone, and the nonprofit Center for Cyber Safety and Education estimates that 1.8 million cybersecurity jobs will be unfilled globally by 2022 — will lead employers both private and public to back a training center.
“A lot of our seniors are getting three to six job offers. Their starting salaries are nothing like what I got coming out of college, I can tell you that,” Maurer adds. “They’re at high-profile Fortune 500 companies; they’re with the FBI; they’re in county governments. … We could have three times the number of students in the program, and I don’t think the demand would shrink one bit.”
In contrast to the college’s current programs, Maurer explains, the training offered through the C3 would be shorter in duration and more flexible in curriculum, regularly changing to meet industry certification needs. Not only would this approach make the center more appealing to businesses that may not be able to send employees to get traditional degrees, he says, but it would also support time-crunched workers transitioning from other jobs.
Additionally, a third of the space would be dedicated as an incubator for technological entrepreneurship. “We see this as a way of really helping develop the economic footprint of the future,” Maurer says. “As we’ve worked with the economic development thinkers of Western North Carolina, they’re very interested in this project because it helps diversify the workforce, which currently is really focused on hospitality and manufacturing.”
Maurer notes that Montreat has already received $2 million in state funding for the C3 in the fiscal 2018-19 budget and is currently searching for its executive director. Once that person is hired, he says, the college will formally establish a separate nonprofit for the center and develop more detailed plans.
“I think that we’re in this for the long term, and we’re in this in a meaningful way for how to solve a really serious problem,” emphasizes Maurer about the need for cybersecurity workers of character. “The veto is unfortunate, but it’s not the end of the journey.”