President Trump today signed an executive order intended to “create the organizational and technological tools required to maximize the cybersecurity talents and capabilities of American workers ” while facing a shortage of 30,000 cyber specialists, “especially when those talents and capabilities can advance our national and economic security.”
“America’s cybersecurity practitioners — whether working in the private sector or serving in the federal, state, local, tribal, or territorial governments — constitute a core element in our country’s frontline defense, and we must urgently bolster them in the face of a myriad of cybersecurity threats,” Acting Homeland Security Secretary Kevin K. McAleenan said in a statement.
“DHS and this administration are committed to bold action,” he added. “From enabling movement between the private and public sectors to supporting our workforce’s training, education, and development, the president’s action today sets the course to expand and sustain the workforce and ensure America keeps its competitive edge in the critical field of cybersecurity.”
The order directs the Department of Homeland Security, in consultation with the directors of the Office of Management and Budget and Office of Personnel Management, to “establish a cybersecurity rotational assignment program, which will serve as a mechanism for knowledge transfer and a development program for cybersecurity practitioners.”
Within 90 days, the president must receive a report detailing “the non-reimbursable detail of information technology and cybersecurity employees, who are nominated by their employing agencies, to serve at the Department of Homeland Security” as well as DHS employees sent to other agencies “to assist in improving those agencies’ cybersecurity risk management.”
The National Initiative for Cybersecurity Education Cybersecurity Workforce Framework (NICE Framework) will be used in contracts for information technology and cybersecurity services, the order continues, and those contracts will include reporting requirements on the skill level of personnel involved.
Within 180 days, the OPM director, working with the secretary of Commerce and DHS secretary, “shall identify a list of cybersecurity aptitude assessments for agencies to use in identifying current employees with the potential to acquire cybersecurity skills for placement in reskilling programs to perform cybersecurity work.”
“Agencies shall incorporate one or more of these assessments into their personnel development programs, as appropriate and consistent with applicable law. Agencies shall ensure that existing awards and decorations for the uniformed services and civilian personnel recognize performance and achievements in the areas of cybersecurity and cyber-operations.”
DHS and the Defense Department will also have to develop the annual President’s Cup Cybersecurity Competition, open to federal civilian and military employees. The first competition will have to take place before the end of the year, and the president wants “cash awards of not less than $25,000” offered to winners.
Trump also ordered the creation of a Presidential Cybersecurity Education Award to be awarded to one elementary and high-school teacher each year “who best instill skills, knowledge, and passion with respect to cybersecurity and cybersecurity-related subjects.”
The order also directs the launch of “a national Call to Action to draw attention to and mobilize public- and private-sector resources to address cybersecurity workforce needs” as part of a “consultative process that includes federal, state, territorial, local, and tribal governments, academia, private-sector stakeholders, and other relevant partners to assess and make recommendations to address national cybersecurity workforce needs and to ensure greater mobility in the American cybersecurity workforce.”
The secretaries of Homeland Security, Defense, Energy, Transportation and Labor, along with OPM, must submit a report to the president within 180 days identifying cyber skills and training gaps, recommending “curricula for closing the identified skills gaps for federal personnel.”
The Cybersecurity Pressure Cooker: Industry Burnout Runs Rampant