Analysis
Attacks and Vulnerabilities
Critical infrastructure
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Technology & Solutions
The Skills Gap - Training & Development
Threat Landscape

Homeland committee says ‘robust’ cybersecurity workforce must to mitigate risk across federal networks, critical infrastructure

June 23, 2023
Homeland committee says ‘robust’ cybersecurity workforce must to mitigate risk across federal networks, critical infrastructure

The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection led by Chairman Andrew Garbarino, a Republican from New York, held on Thursday a hearing on growing the national cybersecurity workforce. The witnesses to the meeting include Anjelica Dortch, senior director for U.S. Government Affairs at SAP America; Will Markow, vice president of applied research at Lightcast; Tara Wisniewski, executive vice president for advocacy, Global Markets, and Member Engagement at ISC2; and Col. Chris Starling (Ret.), executive director for California at NPower.

In a hearing entitled, ‘Growing the National Cybersecurity Talent Pipeline,’ Garbarino identified that a robust cybersecurity workforce is needed to mitigate risk across federal networks and critical infrastructure. He outlined that over the last several months, the Subcommittee has taken a broad look at the Cybersecurity and Infrastructure Security Agency (CISA) development since 2018 and its increasingly important role in mitigating risk across federal networks and critical infrastructure. 

“But in order for CISA, and any public or private entity for that matter, to be successful in executing its important mission, it must have a robust cybersecurity workforce,” Garbarino said.

Some estimates say that the United States currently has more than 755,000 cyber job openings nationally, according to data provided by Garbarino. In addition to the overall shortage of cyber professionals, 61 percent of those who are employed say they are burned out after triaging years of major cyber incidents. Research from ISACA, a notable nonprofit organization that conducts an annual study of the state of the cyber workforce, shows that 54 percent of government and military stakeholders believe a lack of skills and training is the top obstacle to attaining digital trust in an organization.

“I have said it before and I will reemphasize my belief that we need not only enough people but the right people with the right skills in the right jobs to meet the growing cyber threat,” Garbarino highlighted. “In April, the FBI Director testified to Congress that even if all FBI cyber agents and intel analysts focused on the China threat, Chinese hackers would still outnumber our FBI cyber personnel at least 50 to 1. That is extremely concerning.”

Garbarino added that it is clear that the shortage of talent and burnout are issues that both the public and private sector face, therefore, it is an issue we must tackle together. “Our nation’s cyber workforce challenges are widespread and must be addressed through a strategic and crosscutting approach that avoids duplication. It is important for Congress to evaluate the appropriate roles and responsibilities for federal agencies and the private sector to develop the cyber workforce.”

“I’m pleased to welcome four expert witnesses who can shed light on private sector efforts to move the needle forward. I hope to hear about what cyber workforce initiatives are successfully developing private sector talent and where improvements could be made,” Garbarino said at the hearing. “I’m specifically interested in hearing about creative models of education and training, like apprenticeships and community college programs, and also about some of the efforts to quantify the challenges we face and provide scalable solutions.”

Garbarino added that “these creative models, from our witnesses and other leaders in the field, will be key as we see increased demand for skillsets in emerging technology such as AI. I encourage CISA to leverage the innovative initiatives of the private sector to grow the national cyber workforce at all levels via both traditional and non-traditional pathways.”

“This hearing will be a starting point for our Subcommittee to evaluate the current state of the national cybersecurity workforce and discuss solutions,” Garbarino added. “As we anticipate the Office of the National Cyber Director’s National Cyber Workforce and Education Strategy, I hope to tease out specific areas where Congress can complement and build upon existing lines of effort across the federal government.”

Dortch outlined in her written testimony that with growing demands for cybersecurity talent, Congress has an opportunity to drive impactful reforms that can give Americans multiple pathways into cybersecurity careers. “The United States has a tremendous opportunity to engage, employ, and develop a more inclusive and diverse workforce into high-demand, high-paying cybersecurity jobs that can strengthen our national security and economic prosperity.” 

On behalf of SAP, Dortch submits four recommendations and actions for consideration by Congress. These include passing the ‘Jumpstart Our Businesses by Supporting Students Act of 2023 (or the JOBS Act),’ cosponsored by Representatives Bill Johnson, Lisa Blunt Rochester, Michael Turner, and Miki Sherrill that would extend Pell grant eligibility to short-term job training programs for high demand occupations like cybersecurity. 

Dortch also suggests scaling and centralizing successful job training and employment programs that transition veterans more easily into cyber and national security roles. She also proposes identifying and highlighting best practices for providing neurodiverse Americans a pathway to join the cybersecurity workforce.

Lastly, Dortch put forward shifting the U.S. federal government away from ‘homegrown’ human capital management solutions and towards trusted and robust commercial solutions that can reduce the time-to-hire and improve the user experience for cybersecurity professionals seeking to join the civil service.

The subcommittee meeting comes amid the Office of the National Cyber Director (ONCD) remaining vacant since February after Chris Inglis, the first-ever Senate-confirmed national cyber director, stepped down. He helped develop the new national cyber strategy released in March this year, which imposes additional mandates on organizations that control the majority of the nation’s digital infrastructure, with an enhanced government role in upsetting hackers and state-sponsored entities. 

U.S. President Joe Biden has not yet nominated a replacement to fill the post.

The ONCD said in October that it is developing, in collaboration with fellow White House and interagency partners, a national strategy focused on the cyber workforce, cyber training and education, and digital awareness in a three-phase approach. In line with this, the agency asked for insights and expertise on the cyber workforce, training, and education, as the nation counts on reliable and resilient critical infrastructure and functions supported by its cyber professionals.

Last week, a Russian ransomware group targeted federal agencies with a cyberattack. The Russian ransomware group CloP gained access to data from federal agencies, including the Department of Energy, in an attack that exploited file transfer software to steal and sell users’ data. The CISA also re-released an earlier cybersecurity advisory covering that the CL0P ransomware gang is reportedly exploiting a previously unknown structured query language (SQL) injection vulnerability (CVE-2023-34362) in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure