There needs to be “immediate and sustained improvements” in the country’s cybersecurity workforce, said a report that released Wednesday.
The report, called for by the 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, includes findings and recommendations that address both public- and private-sector needs.
“Ensuring the security of our interconnected global networks is one of the defining challenges of our era,” said Secretary of Commerce Wilbur Ross. “A skilled cybersecurity workforce is necessary for our nation so that we can fully reap the benefits of the 21st-century digital economy.”
A 2017 Center for Cyber Safety and Education report projects a global cybersecurity workforce shortage of 1.8 million by 2022.
In addition, there were an estimated 286,000 active openings for cybersecurity jobs in the United States as of November 2017, according to CyberSeek, an interactive tool that is funded through the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology.
Executive Order 13800 directed the secretaries of commerce and homeland security to “assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education.”
The assessment found significant opportunities to expand the pool of cybersecurity candidates by retraining those employed in non-cybersecurity fields and by increasing the participation of women, minorities and veterans, as well as students in primary through secondary school. It also found an apparent shortage of knowledgeable and skilled cybersecurity teachers at the primary and secondary levels.
“Employers increasingly are concerned about the relevance of cybersecurity-related education programs meeting the needs of their organizations,” the report said.
To combat these challenges, the report recommends the administration set an ambitious vision and action plan to “Prepare, grow, and sustain a national cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.”
The administration should also focus on “long-term authorization and sufficient appropriations for high-quality, effective cybersecurity education, and workforce development programs.”
The report also recommends the private and public sectors strengthen “hands-on, experiential, and work-based learning approaches,” including apprenticeships, research experiences, cooperative education programs and internships. Both sectors should “align education and training with employers’ cybersecurity workforce needs, improve coordination, and prepare individuals for lifelong careers.”
The assessment found quite a few of the report’s recommended actions are already being pursued by multiple federal agencies under existing authorities and resources. These activities include making greater use of the NICE Cybersecurity Workforce Framework, a resource that uses a common and consistent lexicon to categorize and describe cybersecurity work irrespective of where or for whom the work is performed, and implementing the Federal Cybersecurity Workforce Strategy and Federal Cybersecurity Workforce Assessment Act of 2015.
Click here to read the full report entitled, “Supporting the Growth and Sustainment of the Nation’s Cybersecurity Workforce: Building the Foundation for a More Secure American Future.”