The latest executive order on cybersecurity from the White House puts even more emphasis on the necessity to grow and sustain the nation’s cybersecurity workforce with new training programs that cover both private and public sector needs.
Since 2015, the shortage of cybersecurity professionals in the U.S. has increased by more than 50 percent, with about 314,000 unfilled positions today, according to a report by the Center for Strategic and International Studies. Globally, the shortage stands at about 1.8 million positions, the report states.
President Trump’s executive order, issued on May 2, aims to allow cybersecurity professionals to move more easily between public and private sectors and between government agencies. Among the programs it proposes are:
- A “rotational assignment program” that will temporarily move IT and cybersecurity professionals to the Department of Homeland Security to help improve their skills, and moved DHS employees to other agencies to beef up their capacities
- A new, annual President’s Cup Cybersecurity Competition to find and reward the best cybersecurity workers in the federal government
- The use of aptitude assessments to find current federal workers who might have the talent for cybersecurity
- The incorporation of the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (the NICE Framework) into programs designed to find new cybersecurity workers, new contracts for IT and cybersecurity solutions and efforts by state, local, private and other enterprises who are searching for new cybersecurity workers.
“Government and private-sector action is urgently needed to grow and sustain our cybersecurity workforce, which is a strategic asset to our country,” reads a statement accompanying the executive order. “An inadequate cybersecurity workforce jeopardizes our critical infrastructure, national defense, and modern economy.”
Executive Order Expands Existing Directives
The executive order also includes several deadlines: Agencies must identify the aptitude assessments they will use by the end of the year. They must report by next May how they’ve incorporated the NICE Framework. The first President’s Cup competition must be held by the end of the year.
Trump’s proposed rotational program is similar to one included in the Federal Rotational Cyber Workforce Program Act, passed by the Senate on April 30. Introduced by Sen. Gary Peters, D-Mich., and Sen. John Hoeven, R-N.D., the bill would create a civilian personnel rotation program for cybersecurity professionals at federal agencies.
This would enable employees to serve across multiple government agencies and offer experience beyond their primary assignments, says Kami Capener, a spokesperson for Hoeven.
Military Provides Examples of Cyber Reskilling
In a Feb. 13 statement introducing the legislation, Peters said the proposed rotational program was based on similar joint duty programs for the military services and intelligence communities.
“By offering these kinds of dynamic and rewarding opportunities, this legislation will help retain highly talented cyber professionals and strengthen our government’s own security by developing greater inter-agency awareness and collaboration,” he said.
The legislation, which must still be passed by the House of Representatives, should help with recruitment and retention of federal cybersecurity employees as well as foster a collaborative, cross-agency network of professionals better equipped to deal with increasingly sophisticated threats, Capener says.
“We appreciate the president including a rotational program in his executive order, and we will continue working to advance our legislation to help the federal government better fulfill its need for cybersecurity professionals,” she says.
Peters is pleased with Trump’s executive order and says he will continue to push for the legislation he sponsored to be signed into law.
“This program is an important first step to help minimize our cybersecurity vulnerabilities, fortify our existing networks and systems, and build new and innovative infrastructure that puts safety and security front and center,” Peters said in a statement.