In their efforts to help shrink the cyber workforce shortage, officials from the Office of the National Cyber Director (OCND) and the Cybersecurity and Infrastructure Security Agency (CISA) are emphasizing the need for collaboration and creation of a more robust culture of cybersecurity – starting with K-12 education on up.
Leaders from OCND and CISA talked about those efforts on Feb. 2 after the National Academy of Public Administrators’ (NAPA) recent report on the need for a national cyber workforce development strategy. ONCD Chief of Staff John Costello and CISA Chief of Staff Kiersten Todt spoke of how they plan to build that strategy, and their ongoing work to address the workforce shortage.
NAPA’s report recommends that ONCD create a national cyber strategy in concert with CISA and other partners that includes using education to encourage more people to choose cyber careers, using education and training to build alternative pathways to cyber careers, overcoming barriers to talent recruiting and matching, and assessing performance and innovation in workforce development practices.
“The recommendation that we had around strategy is essentially to provide a North Star for all of the different efforts that are ongoing in the government now and to really build on those efforts,” said Dan Chenok, one of the report’s authors, during the Feb. 2 panel discussion. He is a NAPA Fellow and Executive Director of the IBM Center for The Business of Government. Many of those different efforts he said, “were foundational to the development of a strategy across the government.”
Costello emphasized the need for collaboration with stakeholders across the Federal government, as well as in state and local governments and industry, in the creation of the national strategy. NAPA’s report similarly called for collaboration with CISA and other government stakeholders in building out a national strategy.
“[National Cyber Director] Chris [Inglis] has I think a favorite saying that has become a something that we say very frequently here which is, ‘If you want to go fast, go alone if you want to go far, go together,’” Costello said.
“As we look to find and to coordinate and to develop a strategy that can tackle a lot of these issues, that means we have to work across each of those lines,” he added. “Now for anybody who has worked in cyberspace so to speak, for the last few decades, that is not uncommon. The stakeholders are myriad … and they’re everywhere. And everybody has a role to play.”
Costello added that part of the work to start getting kids more accustomed to what cybersecurity careers look like begins with imparting good cyber hygiene and cybersecurity practices upon them starting at the elementary school level – especially as this next generation will be entirely made of digital natives.
“Just from a cybersecurity perspective, we need to make sure that our children in K-through-12 are understanding the elements of basic cyber hygiene and basic elements of how the systems and the software that they use works,” Costello said.
“From a basic perspective, children need to have an understanding of cyber hygiene and a basic understanding of how it works the same way we would say, ‘This is how an internal combustion engine works’ or [explaining how] our car works,” he added. “We need to be able to get to that point with kids.”
Todt said that while programs like CISA’s new Cyber Talent Management System and other workforce initiatives – which NAPA identified in its report as generally performing well – will be helpful tools to battle the workforce shortage, it will be incumbent upon CISA and others to build a greater culture of cybersecurity.
“We have the short-term goals with workforce, which is ‘what do we have right now? How do we build up the workforce in this moment?’” Todt said. “But what’s also really important is how we create the culture of cybersecurity. And I think we have a unique opportunity right now because all young children in elementary school are using technology.”
“It should be incumbent upon our educational system that as soon as the child gets an iPad issued to them in school to learn how to read or a Chromebook or whatever the device is … that the basics of cyber hygiene are educated to them, but that also this culture of cybersecurity is created,” she added.
“When you ask kids what they want to be, second and third graders talk about the people in their sphere – a doctor, a teacher, a construction worker, the checkout person at the grocery stores – what they see in their sphere. So if we’re able to bring cybersecurity into their sphere at an early age, then we create this culture of cybersecurity and importantly, this cultural workforce,” Todt concluded.
Todt said CISA is currently building out annual individual performance plans to help measure the success of its workforce development programs, but said success will also be measured by the agency’s outreach to institutions, and the engagement it sees.
Costello said that for ONCD’s part, success is a little more difficult to measure. One key to that, he said, will be making sure the office has the right data it needs to measure success and build good policies. The sprouting of statistical agencies now forming at larger Federal agencies will be helpful to that end, he added.