Washington, DC - In a report released by the White House, the U.S. Departments of Commerce and Homeland Security urge immediate and sustained improvements in the country’s cybersecurity workforce. The report, which was called for by the 2017 Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (link is external), includes findings and recommendations that address both public- and private-sector needs.
“Ensuring the security of our interconnected global networks is one of the defining challenges of our era,” said Secretary of Commerce Wilbur Ross. “A skilled cybersecurity workforce is necessary for our nation so that we can fully reap the benefits of the 21st-century digital economy.”
A 2017 Center for Cyber Safety and Education report projects a global cybersecurity workforce shortage of 1.8 million by 2022 (link is external). There were an estimated 286,000 active openings for cybersecurity jobs (link is external) in the United States as of November 2017, according to CyberSeek, an interactive tool that is funded through the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology.
Executive Order 13800 directed the secretaries of commerce and homeland security to “assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education.”
The assessment found significant opportunities to expand the pool of cybersecurity candidates by retraining those employed in non-cybersecurity fields and by increasing the participation of women, minorities and veterans, as well as students in primary through secondary school. It also found an apparent shortage of knowledgeable and skilled cybersecurity teachers at the primary and secondary levels.
According to the report, “employers increasingly are concerned about the relevance of cybersecurity-related education programs meeting the needs of their organizations.”
To combat these challenges, the report recommends the administration set an ambitious vision and action plan to “Prepare, grow, and sustain a national cybersecurity workforce that safeguards and promotes America’s national security and economic prosperity.” It states that the administration should also focus on “long-term authorization and sufficient appropriations for high-quality, effective cybersecurity education, and workforce development programs.”
The report also recommends that the private and public sectors strengthen “hands-on, experiential, and work-based learning approaches,” including apprenticeships, research experiences, cooperative education programs and internships. Both sectors should “align education and training with employers’ cybersecurity workforce needs, improve coordination, and prepare individuals for lifelong careers.”
The assessment found that many of the report’s recommended actions are already being pursued by multiple federal agencies under existing authorities and resources. These activities include making greater use of the NICE Cybersecurity Workforce Framework, a resource that uses a common and consistent lexicon to categorize and describe cybersecurity work irrespective of where or for whom the work is performed, and implementing the Federal Cybersecurity Workforce Strategy and Federal Cybersecurity Workforce Assessment Act of 2015.
The private sector is also advancing cybersecurity workforce programs and initiatives in ways consistent with the report’s findings and recommendations.
Multiple federal agencies and private sector organizations contributed to the assessment through a Request for Information and an August 2017 workshop.