This post was originally published here by (ISC)² Management.
An Executive Order signed by United States President Donald Trump aims to grow the government’s cybersecurity capability, improve integration of the cybersecurity workforce between federal departments, and strengthen the skills of individual cybersecurity practitioners.
The order, titled Executive Order on America’s Cybersecurity Workforce and signed by the president on May 2, creates measures to help federal agencies retrain workers interested in cybersecurity and requires agencies to adopt the National Initiative for Cybersecurity Education (NICE) Framework in government contracts.
It includes an incentive component, creating an annual competition with cash rewards of at least $25,000 “to identify, challenge, and reward the United States Government’s best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines.”
The order’s primary goal is to ensure continued American economic prosperity and national security. “The United States Government must support the development of cybersecurity skills and encourage ever-greater excellence so that America can maintain its competitive edge in cybersecurity,” it says.
In making the NICE Framework the basis for cybersecurity skill requirements, the order seeks to establish standards in federal cybersecurity hiring and work practices. It requires using the NICE Framework lexicon and taxonomy on IT and cybersecurity contracts. Contracts, the order says, will include reporting requirements to let agencies evaluate whether workers have knowledge and skills consistent with the NICE Framework.
“America’s cybersecurity workforce is a diverse group of practitioners who govern, design, defend, analyze, administer, operate, and maintain the data, systems, and networks on which our economy and way of life depend,” the order says. “Whether they are employed in the public or private sectors, they are guardians of our national and economic security.”
Under the order, the Department of Homeland Security and the Office of Personnel Management (OPM) have 90 days to deliver a report on the rotational program for cybersecurity workers. Under the program, DHS will train cybersecurity workers from other federal agencies while sending its own cybersecurity professionals to other agencies for mentoring and knowledge transfer.
The OPM also has 180 days to identify and evaluates skills gaps in cybersecurity personnel and training gaps for specific critical infrastructure sectors and provide “a list of cybersecurity aptitude assessments for agencies to use in identifying current employees with the potential to acquire cybersecurity skills for placement in reskilling programs to perform cybersecurity work.”
Movement Between Sectors
Acknowledging the need for cybersecurity professionals to move between the public and private sectors, the order aims to facilitate that movement. “During their careers, America’s cybersecurity practitioners will serve in various roles for multiple and diverse entities. United States Government policy must facilitate the seamless movement of cybersecurity practitioners between the public and private sectors.”
Photo:Computer Business Review