With a new executive order, the Trump administration hopes to standardize and promote cybersecurity workforce development in government, the private sector and the educational system.
The order includes the launch of a rotational assignment program that allows federal employees to more easily take on cybersecurity roles at other agencies and in particular at the Cybersecurity and Infrastructure Security Agency. The program bears many similarities to a bill sponsored by Sens. Gary Peters (D-Mich.) and John Hoeven (R-N.D.) that unanimously passed the Senate this week. "This program is an important first step to help minimize our cybersecurity vulnerabilities, fortify our existing networks and systems, and build new and innovative infrastructure that puts safety and security front and center," said Peters, who added he still hopes to see his bill signed into law.
The order also establishes a "President's Cup Cybersecurity Competition" that tests and rewards the best cybersecurity practitioners across civilian and military agencies. In a press briefing on the order, a senior administration official told reporters the structure and format of the competition is still being worked out, but pointed to other national competitions like the National Collegiate Cyber Defense Competition and the Atlantic Council's Cyber 9/12 Strategy Challenge as potential models for the government to emulate.
The order also standardizes much of the cybersecurity language and taxonomy across federal purchasing, directing OMB and the General Services Administration to ensure all contracts for IT and cybersecurity services draw from the National Initiative for Cybersecurity Education Framework. Agencies must evaluate each contract to determine whether their assigned personnel have the necessary tech or cyber experience to carry out their tasks and an interagency panel will develop a list of cybersecurity aptitude assessments for agencies to use. "This really looks to reskill and upskill those that might be looking to get into a different line of work within the federal agency, giving them new opportunities, but really first and foremost identifying folks that have the basic raw skills that could easily train up to go fill these thousands of open cybersecurity positions," an administration official said.
The federal government has struggled to develop a whole of government strategy to recruit and retain cybersecurity talent at a time when national security and intelligence agencies are warning that threats to federal systems and networks from nation state and criminal hacking groups has never been higher. Officials have consistently flagged restrictive government pay scales and an inability to compete with private sector compensation packages as major contributing factors to the cybersecurity workforce shortage. Over the past few years, federal agencies have rolled out a number of piecemeal programs, such as special retention bonuses for cybersecurity employees, a Cyber Reskilling Academy to retrain federal employees with IT and non-IT backgrounds.
More recently, CISA officials sought $11.4 million in the Fiscal Year 2020 budget for a Cyber Talent Management System that includes special hiring authorities that would allow them to exempt cyber employees from certain hiring and compensation requirements.
"We're looking at that to then identify what we may want to do from a legislative standpoint, because solving this [problem] more broadly will require legislative action…so we think [the DHS pilot] will likely be a proving ground and something we can build on going forward," said a senior administration official.