In a recent executive order, President Donald Trump declared the country’s cybersecurity workforce a strategic asset to protecting citizens, and emphasized the importance of developing the necessary skills to strengthen the national cybersecurity talent pool.
“It is great to see the administration showcasing the need to address significant cyber workforce issues,” said retired Brig. Gen. Gregory Touhill, president of Cyxtera Federal Group and the first federal chief information security officer.
In the Executive Order on America’s Cybersecurity Workforce, Trump outlines policy to enhance the workforce mobility of cybersecurity practitioners to ultimately improve national cybersecurity. This includes enabling cybersecurity personnel to serve in various roles for different organizations between the public and private sectors, diversifying their skills and experience.
This policy includes developing cybersecurity skills so America can stay competitive in cybersecurity, and creating the training opportunities, organizational and technological tools to maximize talents and capabilities.
“The Nation is experiencing a shortage of cybersecurity talent and capability, and innovative approaches are required to improve access to training that maximizes individuals’ cybersecurity knowledge, skills, and abilities,” according to the executive order.
However, Touhill was surprised to see the statement that places responsibility on the government to create those technological tools.
“Frankly, I see the creation of technological tools to be the role of industry and academia,” he said. “Government should help clear barriers to the creation of new and innovative technologies rather than try to create them itself.”
The second section of the executive order focuses on strengthening the federal cybersecurity workforce. Trump calls on the secretary of Homeland Security, the directors of the Office of Management and Budget and the Office of Personnel Management to establish a cybersecurity rotational assignment program as a knowledge transfer and developmental program for federal cybersecurity personnel.
And within 90 days of the executive order, those mentioned are tasked with providing Trump with a report of the proposed program. The report should include the IT and cybersecurity employees who will be serving at DHS, experienced cybersecurity employees at DHS reassigned to other agencies to improve cyber risk management, and an incorporation of the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework — among other requirements.
They’re to also establish a list of cybersecurity aptitude assignments for agencies to use and identify current employees with the potential to learn new cybersecurity skills and enter reskilling programs.
Trump also tasks the secretaries of Homeland Security and Defense and the directors of the Office of Science and Technology Policy and OMB with creating a plan for an annual cybersecurity competition for federal, civilian and military employees. The goal is to identify and reward the government’s best cybersecurity practitioners — and to hold the first competition no later than December 31.
Trump also hopes it’ll help identify skill and training gaps in cybersecurity, and in a year, establish a Presidential Cybersecurity Education Award given to one elementary and one secondary school educator annually.
The final objective of the executive order refers to strengthening the nation’s cybersecurity workforce as a whole, by having the secretaries of Commerce, Homeland Security and Education execute recommendations from their May 2018 report “Supporting the Growth and Sustainment of the Nation’s Cybersecurity Workforce.”
Under the executive order, the secretaries will develop a process that includes federal, state, territorial, local and tribal governments, academia, private sector stakeholders and other partners, to assess and address national cybersecurity workforce needs. Part of this report is to make a nationwide call to action to mobilize public and private sector resources, and to align education and training with employers’ cybersecurity workforce needs.
And while Touhill thinks the executive order is a good start and directs a series of studies and reports, he added that “measurable efforts to address reskilling and retraining personnel to address immediate needs as well as developing a sustainable pipeline of qualified talent are essential.”