Tougher Standards for Cyber Training?

The federal government must create robust training standards for cybersecurity workers and continually validate that those standards are effective, an expert on cybersecurity issues told a Senate committee on Tuesday.

At a hearing before the Senate Homeland Security and Governmental Affairs Committee, Alan Paller, director of research at the SANS Institute, noted that while comprehensive cybersecurity legislation introduced in the Senate on Monday would help the government make great strides to secure the talent necessary to combat cyber attacks, it does nothing to ensure such workers are trained with the hands-on specialized skills necessary to do the job.

"For too long people could read a book, pass a test and call themselves certified information security professionals," Paller said. "Accepting unskilled people for important roles was a major cause of the nation becoming vulnerable."

Paller recommended that the legislation (S. 3480) include a requirement that validates the skills of each cybersecurity employee or contractor and proves those skills are the ones needed for each specialized job.

Meanwhile, Phillip Reitinger, deputy undersecretary for the Homeland Security Department's National Protection and Programs Directorate, testified that a special hiring authority given to DHS to hire up to 1,000 cybersecurity specialists already has helped DHS make improvements to its National Cyber Security Division. In fiscal 2009, for example, the NCSD tripled its federal workforce from 35 to 118, and the agency hopes to more than double that number to 260 in fiscal 2010, he said. "We are moving aggressively to build a world-class cybersecurity team, and we are focusing on key priorities that address people, processes and technology," he said.