Cybersecurity Order Neglects the Workforce

Directive makes little mention of the people who protect our computer systems.

President Obama last week issued his long-awaited executive order authorizing new policies to improve critical infrastructure and cybersecurity. But surprisingly, the order makes little mention of one issue that’s at the core of protecting our cyber networks: the workforce.

Hord Tipton, executive director of (ISC)2, said Monday that while the executive order demonstrates that the president is on the right track by trying to get the “most mileage out of existing cyber regulations,” it is lacking in its requirements for organizations to meet security standards and hire qualified cybersecurity personnel.

Several comprehensive cybersecurity bills introduced in Congress over the past several years have included provisions to improve the cybersecurity workforce, such as language to beef up cybersecurity scholarship programs and require federal agencies to develop strategic cybersecurity workforce plans.

The 2013 Global Information Security Workforce study, scheduled to be released by ISC(2) on Feb. 25, found an expected increase of 3.2 million cybersecurity workers lobally by the end of 2013 and an expected growth of 11 percent in the cyber workforce annually over the next five years, Tipton said.

“No one can argue that the most serious threat is the ‘people’ threat -- what is done and not done by personnel to protect our nation’s systems,” Tipton said. “Given the current shortage of qualified personnel around the globe, it is disturbing that the executive order has overlooked such a provision.”