The White House issued an executive order Thursday that is intended to bolster the nation’s cybersecurity workforce.
The order includes provisions geared toward the federal government’s employees, as well as education and career development initiatives for the U.S. workforce in general. The goal is to build a “superior cybersecurity workforce,” one senior administration official told reporters on a call about the order Thursday.
The White House wants to create a President’s Cup Cybersecurity Competition that “will identify, challenge, and reward the government’s best personnel supporting cybersecurity and cyber excellence,” one official said on the call. Other elements include allowing cybersecurity employees to rotate among agencies and using new cybersecurity aptitude tests as part of efforts to reskill federal workers.
The employee-rotation idea already has bipartisan support on Capitol Hill, with Senate passage earlier this week of a bill that would put a similar initiative into action. The Trump administration has embraced reskilling for awhile, too; a program to train existing federal employees to fill cybersecurity jobs is looking to fill its second cohort.
The order also aims to reward teachers across the nation by establishing a “Presidential Cybersecurity Education Award” for one elementary and one secondary school teacher per year “who best instill skills, knowledge, and passion with respect to cybersecurity and cybersecurity-related subjects,” the order states.
There are currently approximately 320,000 open cybersecurity jobs in the U.S., according to CompTIA. This order comes at a time when the Federal Bureau of Investigation is reportedly bleeding talent just as Director of National Intelligence Dan Coats and other officials have noted that cyberthreats from foreign nations are increasing. The U.S. departments of Commerce and Homeland Security assessed last year that the U.S. “needs immediate and sustained improvements in its cybersecurity workforce situation.”
The details of the President’s challenge and how it will work are still in gestation phases, the officials said, although the order clarifies the challenge is for federal civilian and military employees. One of the goals of the challenge is to incentivize federal workers, and in order to do that the government is assessing whether it can establish cash awards worth at least $25,000 for the competition, according to the order.
“Cybersecurity competition events are often the most heavily anticipated events at cybersecurity conferences across the country and the globe,” one senior administration official told CyberScoop. The White House wants to harness “the inherent competitive drive of the cybersecurity community” to improve the cyber posture of the nation, the official said.
It is possible that the challenge will include non-federal participants, but that remains under assessment; the order directs the Secretary of Homeland Security, the Secretary of Defense, the Director of the Office of Science and Technology Policy, and the Director of Office of Management and Budget to weigh the challenges and benefits of expanding the challenge beyond federal workers. In the meantime, the government will examine how other challenges on the collegiate and national scale, for instance, organize similar cybersecurity competitions, one official said.
The order calls on the Office of Personnel Management to give federal agencies a list of “cybersecurity aptitude assessments” that federal agencies may use to identify and reskill current employees with “cybersecurity potential” and “basic raw skills,” as one official put it. One official said the National Institute of Standards and Technology and the Office of Management and Budget would work to develop their own aptitude test that should be coming out in the “very near term.”
President Trump’s goal of creating of a federal rotational cybersecurity program is “consistent” with the Senate-passed legislation, one official said. The goal of the program is to “ensure that we have consistency in training and standardization in the federal workforce across the federal government,” one official said.
The executive order links all of its goals to the National Institute of Standards and Technology’s (NIST) National Initiative for Cybersecurity Education (NICE) framework, which delineates the differences between different kinds of cybersecurity jobs. The order encourages adoption of the NICE framework to help people identify what they need to do to get the cybersecurity job they want, senior administration officials said. The adoption of the framework is also intended to increase job mobility, per one senior administration official.