recommended reading

Panel to recommend certifications for cybersecurity workforce

A commission established to advise the Obama administration on cybersecurity issues will release a report with recommendations for establishing a more skilled, abundant cyber workforce in federal government through a certification process.

The Commission on Cybersecurity for the 44th Presidency, which the Center for Strategic and International Studies created in October 2007, is finalizing a draft report on ways to expand the pool of qualified job candidates. The recommendations also will ensure federal employees and contractors receive the ongoing training needed to effectively protect computer networks and systems.

"We're recommending that this be a continuous learning and demonstration of skill," said Karen Evans, commission member and former administrator for e-government and information technology at the Office of Management and Budget. Evans, who spoke at the Digital Government Institute's Cybersecurity Conference and Expo on Thursday, also is leading the U.S. Cyber Challenge, which is a nationwide talent search and training program designed to identify 10,000 young Americans qualified to fill cybersecurity positions in and outside government.

The administration should define a core set of skills cybersecurity workers must possess, Evans said, and encourage individuals to build upon those core talents in specialized areas that more closely match their responsibilities. For example, employees could focus on offense to weed out potential threats before they penetrate the computer networks and systems, or defense to minimize vulnerabilities and make cyberattacks more difficult. Training should extend beyond the cyberwarriors hired specifically to prevent attacks, Evans noted, to include the network operators, who need to balance security with performance, and developers, who should bake security into software applications from the start.

Among the report's primary recommendations is for the administration to establish an independent certifying body that would develop standards to test cybersecurity skills and create career paths based upon those certifications. Federal agencies also could require contractors providing products and services to meet the same certification requirements.

"This is not just about creating a standard for those on the federal payroll, but using the certification to ensure those selling to government are held to that same standard," said Frank Reeder, commission member and former director of the White House Office of Administration. The certifying body would play the same role for cybersecurity that the National Board of Medical Examiners plays for health care, he added.

But driving certification requirements is not government's job, said an Air Force employee attending the conference.

"Government doesn't train doctors and lawyers -- they hire them," he said. "Why should government pay for [cybersecurity] certifications, and why should I take another exam to prove I know what I know? It seems [this is] making it more hard for talent to come in."

Both Reeder and Evans noted the goal of a certification process would be to leverage talent and training, not start over.

"There's nothing that suggests the federal government create a training machine," Reeder said. "But [Veterans Affairs Department] hospitals expect physicians to meet certain levels of training and, where applicable, have certifications and licenses to practice; that's the model."

He said he hopes the certifications would mature to the point where a licensing process could be established, but that's still a long way off.

"Licensing specifically involves the state using its authority to state 'You must not do X unless you meet a certain standard,' " Reeder said. "At this point, while that may be a vision or pipedream, we're not there yet."

In addition, the report will recommend that the administration classify cyber roles that require targeted education and training, and require academic institutions that receive federal funding for cybersecurity programs to revamp the curriculum to address those defined skill sets.

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.