The National Initiative for Cybersecurity Education, led by the National Institute of Standards and Technology (NIST), is seeking Information, ideas, and views about the scope and sufficiency of efforts to educate and train the nation’s workforce to meet current and future private and public sector cybersecurity needs.
The Request for Information (RFI) is part of NICE’s effort (on behalf of the Department of Commerce and NIST) with the Department of Homeland Security (DHS) and several other federal departments and agencies to fulfill a May 11, 2017, executive order issued by President Trump on strengthening cybersecurity. NICE expects the RFI to be published in the Federal Register on July 12, 2017. Text is already available on the NICE website at: https://www.nist.gov/itl/applied-cybersecurity/nice/request-information
In part, the order states that it is U.S. policy “to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.” It directs the Secretary of Commerce and Secretary of Homeland Security to:
1) “assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education”; and
2) “provide a report to the President…with findings and recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors.”
The report, due to be delivered to the President on September 8, 2017, will reflect private and public sector input gathered from responses to the Request for Information, a public workshop, and previous assessments and recommendations.
Comments and information are requested about current, planned, or recommended education and training programs aimed at strengthening the U.S. cybersecurity workforce. Questions posed are wide-ranging and include, but are not limited to:
- What current metrics and data exist for cybersecurity education, training, and workforce developments, and what improvements are needed in the collection, organization, and sharing of information about cybersecurity education, training, and workforce development programs?
- Is there sufficient understanding and agreement about workforce categories, specialty areas, work roles, and knowledge/ skills/abilities?
- Are appropriate cybersecurity policies in place in your organization regarding workforce education and training efforts and are those policies regularly and consistently enforced?
- What types of knowledge or skills do employers need or value as they build their cybersecurity workforce? Are employer expectations realistic?
- Which are the most effective cybersecurity education, training, and workforce development programs being conducted in the United States today and what makes them effective?
- What are the greatest challenges and opportunities facing the Nation, employers, and workers in terms of cybersecurity education, training, and workforce development?
- How will advances in technology or other factors affect the cybersecurity workforce needed in the future?
- What steps or programs should be continued, modified, discontinued, or introduced to grow and sustain the nation’s cybersecurity workforce?
NIST anticipates conducting a workshop on August 2, 2017, from 8:30 am - 4:00pm CT in Chicago, Illinois, to gain further public input to the assessment and recommendations regarding the cybersecurity workforce.
Information about the executive order, request for information, and public workshop is available at https://www.nist.gov/nice/cybersecurityworkforce.