About | HeinOnline Law Journal Library | HeinOnline Law Journal Library | HeinOnline
LOG IN
LOG IN

1 1 (May 16, 2017)

handle is hein.crs/govcfww0001 and id is 1 raw text is: &~ ~ riE SE ~$rCh &~ ~ ~ May 16, 2017 Challenges in Cybersecurity Education and Workforce Development Increasing awareness of cyberattacks-and the increasing connectedness of cyber and cyberphysical systems-have led to concerns about whether U.S. homes, businesses, and government are prepared to secure themselves in a digitally integrated world. One of the most frequently raised concerns pertains to the sufficiency of cybersecurity education, training, and workforce development in the United States. Federal policymakers have raised questions about the quality and quantity of U.S. postsecondary education graduates with cybersecurity credentials (in general) and have raised concerns about the civilian and military workforce needs of the federal government (in particular). A number of federal programs across several agencies have been implemented in an attempt to address what many believe to be a nationwide skill shortage in the public and private cybersecurity workforces. Some of these programs have focused on offering education benefits, such as scholarships or specific training, as a tool for attracting cybersecurity workers. Others have focused on enhancing or certifying the quality of cybersecurity education programs, or on expanding interest in cybersecurity careers among youths. There is a widespread general perception that a shortage of qualified and highly skilled cybersecurity personnel exists in the United States and abroad. This perception is supported by results from the 2017 Global Information Security Workforce Study (GISWS), which predicts a worldwide shortage of 1.8 million cybersecurity professionals by 2022. A broad consensus exists over the need to train and hire cybersecurity professionals in response to increased threats of cyberattacks; however, whether or not this need constitutes a shortage is debated by various researchers and stakeholders. For example, the 2015 study Hackers Wanted carried out by the RAND Corporation suggests that existing federal initiatives, combined with natural market forces, are sufficient to supply the necessary quantity and quality of cybersecurity workers for the public and private sectors in coming years. A number of challenges exist in successfully hiring and retaining cybersecurity professionals. This is especially true in the federal government, where often cited concerns include the rigidity of the federal pay scales, higher salaries for comparable jobs in the private sector, time-consuming and opaque hiring processes, and identifying and articulating the full range of cybersecurity positions and needed skillsets across the government. General challenges in the training of cybersecurity workers include the rapidly changing nature of the cybersecurity field and the need to continually maintain and enhance the skill levels of incumbent workers within the field. Private employers and federal agencies have experienced difficulty in identifying the specific skills and types of positions required to successfully protect their systems from cyberattacks. In response to this, the National Initiative for Cybersecurity Education (NICE), authorized by the Cybersecurity Enhancement Act of 2014, created the NICE Cybersecurity Workforce Framework. The purpose of the framework is to develop a common language (for private industry, government, and academia) that both categorizes cybersecurity jobs and describes the knowledge, skills, and abilities necessary to perform them successfully. In particular, the NICE Cybersecurity Workforce Framework created a high-level grouping of common cybersecurity functions into seven categories that are shown in Figure 1. This organizing structure is based on extensive job analyses and groups together work and workers that share common major functions, regardless of job titles or other occupational terms. These seven categories are further subdivided into specialty areas and work roles that more precisely define the specific knowledge, skills, and abilities required to perform cybersecurity tasks. According to the 2017 GISWS, approximately 30% of the cybersecurity professionals responding to the survey stated that their organizations have partially or fully adopted the NICE Cybersecurity Workforce Framework and used it to match skills and content between training and employment. Figure I. Cybersecurity Work Categories Under the NICE Cybersecurity Workforce Framework Source: National Initiative for Cybersecurity Education (NICE), http://csrc.nist.gov/nice/frameworl/. .O 'T gognpo goo , q 'S a X 11LULKWALiN,

What Is HeinOnline?

HeinOnline is a subscription-based resource containing thousands of academic and legal journals from inception; complete coverage of government documents such as U.S. Statutes at Large, U.S. Code, Federal Register, Code of Federal Regulations, U.S. Reports, and much more. Documents are image-based, fully searchable PDFs with the authority of print combined with the accessibility of a user-friendly and powerful database. For more information, request a quote or trial for your organization below.



Short-term subscription options include 24 hours, 48 hours, or 1 week to HeinOnline.

Purchase Access

Already a HeinOnline Subscriber?

Log In

profiles profiles most