recommended reading

Panel to recommend certifications for cybersecurity workforce

A commission established to advise the Obama administration on cybersecurity issues will release a report with recommendations for establishing a more skilled, abundant cyber workforce in federal government through a certification process.

The Commission on Cybersecurity for the 44th Presidency, which the Center for Strategic and International Studies created in October 2007, is finalizing a draft report on ways to expand the pool of qualified job candidates. The recommendations also will ensure federal employees and contractors receive the ongoing training needed to effectively protect computer networks and systems.

"We're recommending that this be a continuous learning and demonstration of skill," said Karen Evans, commission member and former administrator for e-government and information technology at the Office of Management and Budget. Evans, who spoke at the Digital Government Institute's Cybersecurity Conference and Expo on Thursday, also is leading the U.S. Cyber Challenge, which is a nationwide talent search and training program designed to identify 10,000 young Americans qualified to fill cybersecurity positions in and outside government.

The administration should define a core set of skills cybersecurity workers must possess, Evans said, and encourage individuals to build upon those core talents in specialized areas that more closely match their responsibilities. For example, employees could focus on offense to weed out potential threats before they penetrate the computer networks and systems, or defense to minimize vulnerabilities and make cyberattacks more difficult. Training should extend beyond the cyberwarriors hired specifically to prevent attacks, Evans noted, to include the network operators, who need to balance security with performance, and developers, who should bake security into software applications from the start.

Among the report's primary recommendations is for the administration to establish an independent certifying body that would develop standards to test cybersecurity skills and create career paths based upon those certifications. Federal agencies also could require contractors providing products and services to meet the same certification requirements.

"This is not just about creating a standard for those on the federal payroll, but using the certification to ensure those selling to government are held to that same standard," said Frank Reeder, commission member and former director of the White House Office of Administration. The certifying body would play the same role for cybersecurity that the National Board of Medical Examiners plays for health care, he added.

But driving certification requirements is not government's job, said an Air Force employee attending the conference.

"Government doesn't train doctors and lawyers -- they hire them," he said. "Why should government pay for [cybersecurity] certifications, and why should I take another exam to prove I know what I know? It seems [this is] making it more hard for talent to come in."

Both Reeder and Evans noted the goal of a certification process would be to leverage talent and training, not start over.

"There's nothing that suggests the federal government create a training machine," Reeder said. "But [Veterans Affairs Department] hospitals expect physicians to meet certain levels of training and, where applicable, have certifications and licenses to practice; that's the model."

He said he hopes the certifications would mature to the point where a licensing process could be established, but that's still a long way off.

"Licensing specifically involves the state using its authority to state 'You must not do X unless you meet a certain standard,' " Reeder said. "At this point, while that may be a vision or pipedream, we're not there yet."

In addition, the report will recommend that the administration classify cyber roles that require targeted education and training, and require academic institutions that receive federal funding for cybersecurity programs to revamp the curriculum to address those defined skill sets.

Threatwatch Alert

Social Media Takeover

Qatar News Agency Says Hackers Published Fake Stories

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.