Last Thursday the White House signed an executive order that was meant to boost the federal government’s cybersecurity workforce. It will standardize and incentivize cybersecurity education and most importantly create a more uniform system so that everyone is in essence on the same “cyber page” and work with a common cybersecurity language. This will be accomplished with help from the National Institute of Standards and Technology (NIST).
“Protecting America’s national security and promoting the prosperity of the American people are top priorities for my Administration,” said President Donald J. Trump in a statement. “More than 300,000 cybersecurity job vacancies exist in the United States today. They must be filled to protect our critical infrastructure, national defense, and the American way of life. These jobs represent an incredible economic opportunity for America’s workers – and my Administration is working to ensure they have the skills they need to seize it.”
To ensure that these workers maintain the necessary skills, the order will create a rotational program for cybersecurity workers with the federal government, so that these individuals can work at different agencies and hone their skills. This allows workers at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to swap out similar staff at other federal agencies. That program is in line with one that is in a bill recently passed in the Senate.
The executive order calls for the government to enhance the workforce mobility of America’s cybersecurity practitioners to improve America’s national cybersecurity. The President called for the creation of a government policy that must facilitate seamless movement of cybersecurity practitioners between the public and private sectors, maximizing the contributions made by their diverse skills, experiences, and talents to our nation.
In addition the federal government must support the development of cybersecurity skills and encourage ever-greater excellence so that America can maintain its competitive edge in cybersecurity; and it must also recognize and reward the country’s highest-performing cybersecurity practitioners and teams.
“This executive order will promote both our national and economic security,” added President Trump. “It requires the Federal Government to do more to provide access to cybersecurity skills training, to identify the most-skilled cybersecurity workers, and to advance career opportunities in the public and private sectors. It also requires the Federal Government to strengthen America’s cybersecurity workforce by making the best use of individuals’ cybersecurity knowledge, skills, and abilities and by enhancing their education and training opportunities. These actions will enable more Americans to secure well-paying jobs that grow our nation’s wealth and increase our security.”
Identifying the Cybersecurity Workforce for the 21st Century
Last week’s executive order also called for the creation of the President’s Cup Cybersecurity Competition, an annual event that will identify the best and brightest who are in school today but could be those on the frontlines of cybersecurity in the years to come.
It will include award programs for primary and secondary school educators as a way to foster cybersecurity talent. The goal of the program is to “identify, challenge, and reward the United States Government’s best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines.”
The order mandates that such a contest, which would be open to both civilians and those in the military, and winners could earn up to $25,000.
Why Cybersecurity Matters
Trying to get qualified people to fill cybersecurity openings has been a challenge across all sectors, not just with the federal government.
“We Americans tend to go about our business daily without thinking of the constant ways our information is vulnerable,” said Colonel Laurie Moe Buckhout, U.S. Army (Retired), CEO and president of D.C. area consulting firm Corvus
“That means all information, not just our bank accounts and Social Security numbers, but all our industrial information as well, the secrets in our manufacturing base that keep us highly competitive by enabling us to produce goods and services that others want to buy,” she told ClearanceJobs.”This information really is the lifeblood of our nation’s economy, and this information, when related to defense, is the lifeblood of our nation’s security.”
Cybersecurity is something considered from the highest levels of government for its impact on the individual citizen, said Brendan Walsh, senior vice president of partner relations at Virginia-based 1901 Group. “There is concern, rightfully so, about the exposure of personally identifiable information (PII) in systems at all levels of government that can impact almost all aspects of an individual’s life including: financial, medical, professional, and personal. Every online transaction or digital transmission is impacted by either good or bad cybersecurity, so cyber will continue to properly garner top priority across the country and the globe.”
Walsh added that there is the potential impact on the country. “Election systems, food supply chain safety system, and veterans’ healthcare systems, just to name a few, are critical to our country’s success, and these IT systems are the responsibility of our government at large.
Finally, there is the ongoing issue of talent supply, noted Walsh. “It is widely recognized that the supply of cybersecurity talent lacks behind its demand. Since our government’s general mission is to serve and protect its citizens, which requires IT systems and connectivity, our government is correct to help promote and grow cybersecurity talent across the country from urban technology hotspots to rural America.”
However, there are a number of factors that need to be considered in overcoming the nation’s shortfall in skilled cybersecurity professionals.
“For the last couple of decades, the cybersecurity workforce has not been regarded as especially sexy, as it mostly seemed to be people sitting behind desks, making sure we didn’t plug bad thumb drives into our computers,” added Buckhout. “However, we have all seen the rise of near peer and nation-state virtual warfare capabilities, and an unprecedented capability for them to obtain data and impact computer systems critical to our nation’s economic and military security.”
The Cyber Provisions in National Defense Authorization Act of FY18 went a long way in directing the services to secure installations and weapons systems, but this executive order amplifies that considerably by raising the stature of the cybersecurity workforce.
“The president’s executive order places new responsibilities on government agencies to recognize, retain and promote cybersecurity professionals, and significantly recognizes their criticality in defending our economy and our nation,” said Buckhout. “I expect this to continue to reverberate not just inside the cyber community, but in manufacturing, all business as a matter of fact, defense, energy, and other national infrastructure areas as well. I consider it a long-overdue value statement for cyber security professionals who have often labored in relative anonymity. It is long past time to recognize their contributions to our nation’s success.”