US Agencies Cultivate Next-Gen Cyberpolice Force

Children often focus on neighborhood role models as their first glimpse of what they want to be when they grow up. School nurse, perhaps. Or firefighter. Or police officer.

In a future increasingly consumed by information technology, who will be the first responders to provide first aid for a computer scrape, douse a virtual IT fire, or catch a cybercriminal?

The National Institute of Standards and Technology (NIST) and the U.S. Department of Education are cooperating on an initiative to promote programs for the training of the next generation of cybersecurity professionals. The two government agencies are working with the private sector through the National Cyber Security Alliance (NCSA) to build a link to the business community for developing information technology security specialists.

The agencies agreed to a cooperative venture in late October with the NCSA, as the representative for the National Cyber Security Education Council (NCEC), to formally institute and promote cybersecurity education programs in K-12 schools, higher education, and career and technical education environments nationwide.

The initiative will bring together government, industry, nonprofit and academic organizations to make recommendations and suggest guidelines on cybereducation. The collaboration will also include an effort to identify the cybereducation needs of all young people and the foundational knowledge, skills and competencies needed by government and industry to build a workforce that can protect the country’s IT infrastructure.

Career Field Is Wide Open

“With cyberthreats on the rise, career opportunities in cybersecurity will continue to grow, and students need to have access to the necessary foundational education and other prerequisites needed to pursue them,” said NIST’s Ernest McDuffie, lead manager for the National Initiative for Cyber Security Education (NICE).

“The need for cybersecurity is only increasing. It is imperative that we develop a nation of cybersavvy citizens and a strong workforce to support and protect our digital economy and our national security,”Michael Kaiser, executive director of the NCSA, told CRM Buyer.

The requirement for cybersecurity professionals is both great and urgent. More than 700,000 new information security professionals will be needed in the Americas by 2015, said NIST, citing a study sponsored by the International Information Systems Security Certification Consortium, released earlier this year by Frost & Sullivan.

The U.S. Labor Department projects the creation of 295,000 new IT jobs in the U.S. between 2008 and 2018, and many of them will require cybersecurity expertise, said NIST.

Public and Private Sector Support

In a related development, NIST issued a draft “Cybersecurity Workforce Framework” in early November on behalf of the NICE program. The document is meant to define professional requirements in cybersecurity, similar to those in accounting, medicine or law. The document classifies the typical duties and skill requirements of cybersecurity workers.

“One thing NICE has found is that there has not been a consistent way to define or describe cybersecurity work across the federal workforce,” said McDuffie. Cybersecurity professionals previously have not fit into the standard occupations, job titles, position descriptions and federal job classifications. NIST is seeking comment on the draft from both government and private sector sources.

Information from the private sector is welcome in helping to define federal positions, McDuffie noted.

“The draft document is out for public comment to ensure that we have not missed anything and so the public can provide feedback to help us ensure that important aspects of the cybersecurity workforce that exists outside of federal government are not over looked,” he told CRM Buyer.

While primarily aimed at the federal workforce, the framework will likely be helpful to the private sector as well.

“By defining some common language about the workforce, it will be easier for all sectors to understand their own needs and requirements and better communicate them to educators and trainers so they can better prepare the future workforce for the actual needs of all sectors public and private,” McDuffie said.

In fact, in developing the framework, NIST discovered that the private sector also has been challenged with establishing models for creating a professional standard for cybersecurity workforce positions.

“Part of the mission of NICE is to discover such models if they exist, and then consider them in light of the work already done on the federal side. So far, we have seen nothing as comprehensive as the framework document we have produced. There appears not to be a single ‘true professional position’ in cybersecurity. The field is much more layered and complex than a single position could possibly encompass,” he said.

In other words, cybersecurity duties, whether in the public or private sector, are often grafted onto an existing IT job as an extra function.

Comments are due on the NIST/NICE cybersecurity workforce document by Dec. 16, 2011.