Governance & Risk Management , Training & Security Leadership
Trump Order Aims to Boost Federal Cybersecurity WorkforceExecutive Order Creates a 'Cybersecurity Competition' to Offer Rewards
The White House is hoping a mix of new incentives and programs can bolster the federal government's cybersecurity workforce.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
On Thursday, President Donald Trump signed an executive order that offers a mix of incentives and new guidelines aimed at hiring and retaining more security pros to work within the federal government. The order creates a President's Cup Cybersecurity Competition as a way to reward top professionals. It also enables federal employees to take on temporary assignments at other agencies to gain knowledge of cybersecurity issues.
There are more than 300,000 open cybersecurity position the U.S., and the administration believes that a public-private sector initiative can help bridge that gap, Trump said in a statement.
"Government and private-sector action is urgently needed to grow and sustain our cybersecurity workforce, which is a strategic asset to our country," Trump said. "An inadequate cybersecurity workforce jeopardizes our critical infrastructure, national defense and modern economy,"
Building a Cybersecurity Workforce
The executive order is designed to increase the federal cybersecurity workforce through changing existing rules about hiring as well as creating incentives to bring more people into the workforce and then retain them.
For instance, the White House is creating a rotational program where federal employees can increase their knowledge of cybersecurity issues through temporary reassignments to other agencies within the government.
A bipartisan bill passed in the U.S. Senate last week offers a similar program that would allow security pros to rotate between different agencies to learn more and gain important expertise. This legislation now moves onto the House for consideration.
The order also calls for the wider adoption within the federal government of the National Initiative for Cybersecurity Education, a framework for identifying, recruiting, developing and retaining cybersecurity talent. It also includes new guidelines for how those with cybersecurity skills can move between public and private sector jobs in order to help fill the skills gap.
The administration is also looking to offer rewards for top performers through the President's Cup competition. The specifics of that effort are still being worked on, but it will likely mirror other cyber competition programs.
"The goal of the competition shall be to identify, challenge and reward the United States government's best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines," according to the executive order. The secretary of the Department of Homeland Security will oversee the competition.
This focus on cybersecurity and responding to the skills gap in the federal government comes at a time when DHS is asking federal agencies to speed up their response to vulnerabilities in software that attacks could exploit. Earlier this week, DHS issued new guidelines that require federal IT departments to patch "critical" vulnerabilities within 15 calendar days and remediate "high" vulnerabilities within 30 days (see: DHS: Federal Agencies Need to Patch Vulnerabilities Faster).
The biggest idea that the executive order offers is the use of aptitude testing to increase the ranks of cybersecurity professionals, says Alan Paller director of research at the SANS Institute, which offers cybersecurity training and certificates. Paller sees the U.S. borrowing some thinking from the U.K. to help identify two types of potential cybersecurity workers.
"One is adults who are already employed in the workforce but not in IT roles but who have extraordinary aptitude for solving cybersecurity problems," Paller says. "The second is students in college or high school who never got introduced to tech but who also have that curiosity and tenacity and problem-solving and quick learning that separates the great cybersecurity professionals from the ones who just keep doing what doesn't work."
Aptitude identification programs for both groups have been tested in the United States, and preliminary data finds it will work as well here as it has in the United Kingdom, Paller says. "The feds are front and center in making these programs work and the executive order shines a bright light on their promise," he adds.
The executive order drew praise from Rep. Jim Langevin, D-RI, co-founder and co-chair of the Congressional Cybersecurity Caucus and a senior member of the House Armed Services and Homeland Security Committees.
In a statement, Langevin credited the Trump administration with attempting to close the cybersecurity skills gap.
"I believe the President's Cup Cybersecurity Competition, if it builds on the many successful competitions that are a hallmark of cyber conferences, will further build this culture within the government in a way that encourages cybersecurity professionals to thrive," Langevin says.