White House Unveils National Cyber Workforce StrategyPlan Includes Boosting Cyber Professional Skills, Plus Cyber Literacy for All Jobs
The Biden administration on Monday released a national strategy addressing cyber workforce shortages, calling long-standing vacancies a national security imperative.
One study cited by the strategy estimates that unmet demand for cybersecurity workers in 2022 added up to more than 400,000 jobs.
The plan is the product of over a year of work, including a National Cyber Workforce and Education Summit at the White House in July 2022, said Camille Stewart Gloster, deputy national cyber director of technology, during a White House briefing announcing the strategy.
"The strategy is truly reflective of that collective effort and is the first step to securing and unleashing the next generation of American innovation," Gloster said.
Cybersecurity practitioners have long decried a chronic lack of workers and the effect that shortage has had on the government's and the private sector's ability to build resilient defenses. Federal attempts to cultivate a steady training pipeline date back to the late 1990s, but demand has outstripped supply as more of the economy has come to depend on digital intermediaries such as cloud computing services.
Hackers have also become more sophisticated and numerous. During a congressional hearing in April, FBI Director Christopher Wray estimated that Chinese hackers outnumber bureau cyber personnel "by at least 50 to 1."
Kemba Walden, acting national cyber director, said 34 federal agencies will participate in the execution of the strategy, which is being spearheaded by the Office of the National Cyber Director.
Besides technology and protocol, personnel are a critical component of effective cybersecurity, and the strategy addresses that important aspect, Walden told Information Security Media Group on Monday afternoon.
Bringing more diverse segments of the U.S. population into the cyber workforce is vital to backfilling shortages. That means looking for workers in rural communities and underrepresented populations as well as looking at parents and veterans who are reentering the workforce, she said.
"A nimble and adaptable workforce is critical," said Walden. "We’re at an inflection point."
Rob Shriver, deputy director of the Office of Personnel and Management, reiterated that theme during a panel about the cyber workforce strategy hosted by the Atlantic Council think tank.
"We have to make sure our agencies can compete for filling these jobs," he said. Federal agencies are holding job fairs and offering educational programs, and they are seeking new pathways to make it easier to bring people into the federal government, he said.
The private sector also plays a vital role in the national strategy.
Rob Duhart, vice president and deputy CISO at Walmart, said the retail giant is doing more to attract cybersecurity professionals, including by not demanding that candidates have four-year college degrees. "Lifelong learning is essential. How do we reskill people in operations - a store manager or warehouse worker who wants to reskill into cybersecurity?" he said. To support such transitions, Walmart helps nontechnical workers obtain professional security certificates, he said, adding, "Our geniuses are in our own backyard."
The strategy includes two main pillars that the White House said are focused on developing cyber skills in the workforce and in society. That means that there is not only a need to increase the number of cyber professionals, but to also to augment cyber skills and literacy in jobs throughout the economy.
"Cyber education and workforce development have not kept pace with demand and the rapid pace of technological change," says the strategy document. "Moreover, skills in demand in the cyber workforce are evolving."
Developments in artificial intelligence and machine learning may change how workers at all levels of experience perform their jobs, the document says.
The two main pillars of the strategy are guided by three imperatives, including leveraging collaborative workforce development ecosystems to meet cyber workforce demands, enabling the lifelong pursuit of cyber skills and strengthening the cyber workforce through greater diversity and inclusion.
Biden's national cyber strategy also calls for two major shifts, the document says. "First, responsibility for defending cyberspace should be shifted from individuals and small businesses to the most capable actors in cyber space. Accordingly, cybersecurity must be built into education and workforce development programs relevant to sustaining the digital environment."
The second shift seeks to alter incentives across public and private sectors to favor long-term investments in security, the White House said. "Consistent with this shift, we focus on foundational cyber skills, changes in education, and collaborative cyber education and workforce development ecosystems."
A model cyber education and workforce development ecosystem should include several key elements, the White House said.
They include the involvement of diverse stakeholders, multisector partners, strategies and long-term plans, career opportunities, continuous assessment, widespread communication, and experiential learning.
"Every American should have the skills needed to efficiently and confidently use computers and the internet to accomplish a growing list of daily activities. We must also make cyber training and education more broadly available so that even those persons currently underrepresented in the cyber workforce are qualified to pursue well-paying, fulfilling cyber jobs. Many of these jobs do not require four-year degrees and offer pathways to acquire cyber skills in high demand," the strategy states.
Expanding and enhancing the national cyber workforce involves collaborating with a wide range of stakeholders, adopting a skills-based approach to recruitment and development and increasing access to cyber jobs for all Americans, including underserved and underrepresented groups, the White House said.
The plan also involves strengthening the federal cyber workforce, in part by communicating the benefits of careers in public service among both job seekers and current employees and lowering the barriers associated with hiring and onboarding, the strategy says.
White House officials involved in the rollout did not immediately offer an estimate of how much it would cost to fully execute the strategy. Already existing stimulus laws, including the Bipartisan Infrastructure Law and the CHIPS and Science Act, include workforce funding that can help in the efforts, Walden said.
The White House said stakeholders - including educators, industry and government - have already demonstrated commitment to the strategy.
The National Science Foundation said it will invest over $24 million in CyberCorps for scholarships awards over the next four years. The National Security Agency’s National Center of Academic Excellence in Cybersecurity program released four grants to support a pilot initiative to develop four new Cyber Clinics at accredited U.S. colleges and universities in Nevada, Minnesota, Louisiana and Virginia. The National Institute of Standards and Technology awarded up to $3.6 million for Regional Alliances and Multistakeholder Partnerships to Stimulate Cybersecurity Education and Workforce Development projects. The Department of Labor announced a $65 million award in formula and competitive grants to 45 states and territories to develop and scale registered apprenticeship programs in cybersecurity and other critical sectors.
Update July 31, 19:52 UTC: This story has been updated throughout.