President Donald Trump signed an executive order that was issued on May 2, with an objective to bolster the cybersecurity workforce of America. The order highlighted plenteous sorely required federal initiatives. The Trump administration announced a few steps to deal with the issue of cybersecurity personnel shortage across the federal government. The administration publicized sponsorship of a national competition and allowing rotation of cyber experts from one agency to another.
The major federal initiatives highlighted in the order are:
- Instituting job listings to help cybersecurity personnel more easily move around government
- Developing a rotational employment program between the Department of Homeland Security and other agencies
- Establishing awards for elementary and secondary school instructors who foster cybersecurity talent
- Incentivizing people to learn and understand hacking skills through new awards and decorations
- Supporting the adoption of the NICE framework in evaluating the Federal workforce, hiring contractors for IT and cybersecurity support, and in education
“America built the internet and shared it with the world; now we will do our part to secure and preserve cyberspace for future generations,” said President Trump.
The order directed two main departments, the Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), to collaborate with each other to develop a rational program with an objective to “serve as a mechanism for knowledge transfer” across agencies. They have only 90 days to produce a report on this rational program. The Cybersecurity and Infrastructure Security Agency, part of DHS, along with OMB and other agencies are directed to arrange an annual cybersecurity competition named, “President’s Cup Cybersecurity Competition,” for federal employees. It is the most interesting part of the bill, and the very first competition will be held in 2019. The order added that the winner will be awarded at least $25,000.
The order states, “shall be to identify, challenge, and reward the United States Government’s best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines.”
According to DHS, these initiatives are envisioned to overcome the shortage of as many as 300,000 cybersecurity experts in the different departments of the federal government. All these steps are proposed to attract cyber professionals from the private sector to consider working for the government. Also, it is intended to assess the aptitude and skills of the workers who are not currently working in cybersecurity to analyze if they can switch their jobs.
Last week, the bill – acknowledged as the Federal Rotational Cyber Workforce Program Act – supported by Sens. Gary Peters and John Hoeven, presented the idea of rotating cybersecurity personnel across the federal government. This administration move was long overdue as the lawmakers have been urging the DHS for years to address the shortage of cybersecurity workers. The executive order relates all of its initiatives to the National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) framework, and the adoption of the framework is also anticipated to increase job mobility.
As the order states, “During their careers, America’s cybersecurity practitioners will serve in various roles for multiple and diverse entities. United States Government policy must facilitate the seamless movement of cybersecurity practitioners between the public and private sectors.”
Langevin, a co-founder of the Congressional Cybersecurity Caucus, said in a statement: “We have a serious deficit in the number of skilled cyber defenders to protect our critical assets in cyberspace, a deficit compounded by the growing threats we face. I give full credit to the Trump Administration for recognizing this gap and taking steps to close it, both within the federal government and across the private sector.” He added that the president’s move will help fill the shortage of cybersecurity workers in both the government and private-sector.
Interestingly, the bill also aims to reward teachers across the nation by introducing a “Presidential Cybersecurity Education Award.” This award is envisioned for one elementary and one secondary school teacher every year “who best instill skills, knowledge, and passion with respect to cybersecurity and cybersecurity-related subjects,” as per the order states.
Games are highly appreciated and effective way to develop, retain, and reward talent. For proof, have a look at another cybersecurity competition, the 2019 National Collegiate Cyber Defense Competition. The members of the winning team, Jake Smith and Daniel Chen reported that another competition CyberPatriot held at high school level is the main reason they became interested in the cybersecurity in the first place.
While data breaches were a big concern in 2018, 2019 is anticipated as the worst year because companies are increasingly digitizing to drive efficiency and simultaneously move into the “target zone” of cyber attacks. This bad news is compounded by another harsh reality: Shortage of cybersecurity experts. Between September 2017 and August 2018, American employers posted more than 300,000 jobs for cybersecurity experts. According to the National Initiative for Cybersecurity Education, if those posts could be filled, that would boost the current cyber workforce of the country by more than 40 percent. According to recent research by (ISC)2, the shortage of cyber workforce hits almost 3 million globally. The research added that 63 percent of the respondents have reported that their organizations have a shortage of IT staff dedicated specifically to cybersecurity. The American government has taken a strong and effective initiative to address this cyber workforce shortage. However, it isn’t still clear how well the efforts will thrive, as there is no information mentioned in the bill or any statement regarding additional funds for testing, recruiting or holding competitions. Until or unless the bill is backed up by additional funds, the visualization of betterment is vague. The budget requirement and details are still being worked out.