President Donald Trump singed an executive order May 2 directing components of the federal government to pursue training, education and standards-setting initiatives to expand the federal and countrywide cybersecurity workforce.
“This executive order will promote both our national and economic security. It requires the federal government to do more to provide access to cybersecurity skills training, to identify the most-skilled cybersecurity workers and to advance career opportunities in the public and private sectors,” Trump said in a statement.
“It also requires the federal government to strengthen America’s cybersecurity workforce by making the best use of individuals’ cybersecurity knowledge, skills and abilities and by enhancing their education and training opportunities.”
The order impacts the federal workforce by setting the Office of Personnel Management and the Department of Commerce as responsible for developing an assessment tool that can be used to determine whether feds have any cyber aptitude that could be expanded in the future.
According to a senior administration official who spoke on a call with reporters May 2, the planned assessment would mirror cybersecurity evaluation efforts that are already in place under the White House’s cyber reskilling academy, which takes current federal employees in non-cyber jobs and trains them to be rehired in a cyber position.
The order also creates a cybersecurity rotational program that will enable employees to learn skills at a variety of agencies, including the Department of Homeland Security.
“What this will enable us to do is ensure that we have consistency of training and standardization of the cybersecurity workforce across the federal government,” said another senior administration official on the call.
“I’m really excited about bringing other folks from departments and agencies within the civilian interagency into my shop. You know what to expect out of DHS and we know what to expect out of other departments and agencies. This is as much about getting cybersecurity professionals from other departments and agencies into DHS CISA, but also getting my folks out of the Cybersecurity Infrastructure Security Agency doing rotational assignments out in other departments and agencies.”
According to the official, the rotational program resembles legislation that has already been passing around Congress.
“I give full credit to the Trump administration for recognizing this gap and taking steps to close it, both within the federal government and across the private sector,” said Rep. Jim Langevin, D-R.I., in a statement.
“Just two days ago, I asked Cybersecurity and Infrastructure Security Agency Director [Chris] Krebs about how to ensure our federal workforce is up to the challenge of protecting our networks. I am pleased that the EO reflects Krebs’s strategy of ensuring that personnel across the government have a chance to rotate through DHS and be better integrated into CISA’s coordinating role. Investments in the public servants that are on the front lines of the fight in cyberspace are essential to keep their skills current in the rapidly evolving technology landscape. I also commend the direction to develop awards and decorations to recognize our cybersecurity workforce and their too often unheralded work keeping us safe.”
DHS, the Office of Management and Budget and OPM officials will be required to submit a proposal for that program within the next 90 days.
Feds already in cybersecurity positions may also have the opportunity to compete in the President’s Cup Cybersecurity Competition, established by the executive order, which will “identify, challenge and reward the government’s best personnel supporting cybersecurity and cyber excellence,” according to the first official.
The shape of that challenge, which is still in the planning phase, has yet to be determined, but the official said that the administration was looking at a variety of other cybersecurity competition challenges as the basis for the President’s Cup.
“I’m a shameless thief when it comes to good ideas and best practices, and we want to make sure that whatever we’re doing is built on a good set of practices that have been tried and tested,” the official said.
The order also requires DHS, Commerce and other agencies to develop a workforce report that calls the private sector to action in mobilizing the resources needed to boost the cyber workforce, aligns education imperatives with the needs and skills gaps of both the public and private sector and encourages a set of standards and practices that better establish cybersecurity career paths for the upcoming workforce.
According to a third administration official, the focus on both federal and private sector cybersecurity workforces “raises the level of performance nationally” and helps everyone to fill vacant cyber positions with the best talent.