Analysis
CISA
Critical infrastructure
News
The Skills Gap - Training & Development

National Cyber Director office calls for insights, expertise in cyber workforce, training, education   

October 05, 2022
National Cyber Director office calls for insights, expertise in cyber workforce, training, education  

The Office of the National Cyber Director (ONCD) is developing, in collaboration with fellow White House and interagency partners, a national strategy focused on the cyber workforce, cyber training and education, and digital awareness in a three-phase approach. The ONCD has asked for insights and expertise on the cyber workforce, training, and education, as the nation counts on reliable and resilient critical infrastructure and functions supported by its cyber professionals.

“Our Nation continues to face a significant shortfall in cyber talent, with estimates of approximately 700,000 open positions,” Camille Stewart Gloster, deputy National Cyber Director for technology and ecosystem security, wrote in a post on Tuesday. “While the cyber workforce deficit constitutes a near- and long-term threat to our national and economic security, it also represents a significant opportunity to employ a more diverse and inclusive workforce in good-paying jobs that offer strong career possibilities.” 

Gloster said to help close this gap and maximize cyber-related employment opportunities, “we need to ensure that cybersecurity training, education, and career pathways are available to everyone in our society with the passion and potential to do the work. We also must ensure that every American is empowered with the skills they need to safely thrive in our interconnected society.”

In June, the U.S. Cyberspace Solarium Commission released a blueprint for the National Cyber Director to strengthen the federal cyber workforce. The outline provided a path forward for the National Cyber Director to grow and strengthen the federal cyber workforce and coordinate federal support for national cyber workforce development. It also recommended actions for Congress to support efforts to grow the workforce.

Last month, the EU Agency for Cybersecurity (ENISA) also released details of a European Cybersecurity Skills Framework (ECSF) to create a common understanding of the relevant roles, competencies, skills, and knowledge. It also looks to facilitate cybersecurity skills recognition and support the design of cybersecurity-related training programs. It summarizes all cybersecurity-related roles into 12 profiles, individually analyzing the details of the responsibilities, skills, synergies, and interdependencies it corresponds to.

To kick off this effort, the current ONCD initiative convened a White House Cyber Workforce and Education Summit in July with government, industry, non-profits, and academia leaders. As it builds on the Summit’s momentum, the ONCD issued this week a Request for Information (RFI) to enable diverse stakeholders to provide input that will inform the development of the strategy. Using the RFI, the initiative seeks public and private sector input as federal leadership develops its strategy and action plan and undertakes initiatives and pilot efforts to strengthen the nation’s cyber workforce.

The ONCD suggested that instead of responding to every topic, it sought inputs in those areas where special expertise exists. “We are seeking the most impactful best practice insights and recommendations as to how the Federal government can lead, assist, or encourage other key (whole-of -nation) stakeholders to advance progress,” it added.

The RFI seeks input in cyber workforce recruitment and hiring, career development and retention, and data. It also looks into Diversity, Equity, Inclusion, and Accessibility (DEIA) in the cyber workforce and in cyber training, education, and awareness. It also focuses on training and post-secondary education, K-12 education, digital awareness, and online safety. 

Apart from the written responses, the ONCD is also seeking a limited number of speakers who may present a topic or topics, from the list to a body directly involved in the formulation of the strategy, including an interagency committee, an associated workshop, or directly to senior government leaders in ONCD and other relevant government entities. 

In the first phase of the national strategy, the government will distribute this RFI, post it on the White House website, and address questions from potential respondents. Potential respondents, such as industry, non-profit entities, academic institutions, training and certification providers, and consulting firms, to review the document. The topics may identify any questions that they have about the context of the government’s request, the processes described, or the topics by contacting the ONCD by Oct.12. “By October 19, 2022, after having processed your questions, the Government will post responses to select questions with the RFI on whitehouse.gov/oncd,” it added.

In the next phase, interested respondents will submit their written responses to the RFI for consideration by the government by Nov. 3, 2022. The written response must be submitted in MS Word PDF format, summarizing their recommendations for questions on which they have expertise and insights for the government in no longer than ten pages typed in size eleven font. The inputs that are easy for executives to review and understand, expertise, clearly worded/not vague, actionable, cost-effective and impactful, and cover the Gordian Knot solutions and ideas will be considered most valuable.

In the final phase, the government will review RFI inputs received, evaluate them, and potentially select some respondents, chosen based on the level of knowledge and expertise demonstrated within the written RFI, to engage with the RFI project team, the interagency working group, an associated workshop, or senior leaders from ONCD and other relevant government entities. The purpose of these sessions would be to engage in Q&A about the material submitted for Phase II and engage in a dialogue about how the insights might inform the National Cyber Workforce and education strategy or related initiatives.

The government review will complete by Jan. 6, next year. It will invite selected RFI respondents to participate in a Virtual Reverse Stakeholder Day (VRSD) event. The VRSD will be conducted as a series of virtual sessions. These sessions will allow the government to engage in dialogue with selected RFI respondents to ask clarifying questions. 

During these sessions, the respondents may present or share additional relevant information. Each selected respondent will be provided about 30 minutes for presentation and time for an interactive Q&A with the government. Virtual participants may include the RFI team, representatives from departments and agencies, attendees at associated workshops, or senior government leaders in ONCD. The government may invite proposed speakers to present at future Workforce Summits.

The ONCD intends to wrap up the VRSD sessions by Feb. 3. 

Last month, the Cybersecurity and Infrastructure Security Agency (CISA) rolled out Tuesday its 2023-2025 Strategic Plan, which provides a comprehensive plan of action to focus on and guide the agency’s efforts over the next three years. The Strategic Plan also identified that it is essential to address workforce shortages in the U.S. cyber ecosystem to ensure that the cybersecurity workforce reflects the diversity of the nation and it is ready to meet the breadth of challenges ahead. 

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
MITRE confirms breach on NERVE network, suspected foreign nation-state actor involved
Radiflow helps customers achieve NIS2 compliance, spurring growth in Europe
Radiflow, Exclusive Networks partner to elevate OT cybersecurity
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
MITRE plans to enhance cybersecurity in 2024 with ICS sub-techniques and multi-domain integration
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
New bill introduced to set up Water Risk and Resilience Organization to secure water systems from cyber threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
CISA, FBI, Europol, and NCSC-NL issue joint cybersecurity advisory on Akira ransomware threats
Mandiant exposes APT44, Russia's Sandworm cyber sabotage unit, targeting global critical infrastructure
Mandiant exposes APT44, Russia’s Sandworm cyber sabotage unit, targeting global critical infrastructure
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Hexagon and Dragos announce technical alliance to boost industrial cybersecurity, reduce overall OT cyber risk
Armis
Armis acquires Silk Security for $150 million to enhance AI-driven cybersecurity capabilities
Nozomi discovers five vulnerabilities in AMI MegaRAC SP-X BMC, exposing OT, IOT devices to RCE attacks
Nozomi secures US$1.25 million US Air Force contract to boost DoD critical infrastructure security
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape
Industrial Cybersecurity Buyers’ Guide 2024 navigates complex industrial landscape