Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure:

Similar documents
Views on the Framework for Improving Critical Infrastructure Cybersecurity

Information Collection Request: The Department of Homeland. Security, Stakeholder Engagement and Cyber Infrastructure

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

THE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER

THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Notification of Issuance of Binding Operational Directive and Establishment of. AGENCY: National Protection and Programs Directorate, DHS.

National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management

The Department of Homeland Security, National Protection. and Programs Directorate, National Initiative for

New Information Collection Request: The Department of. Homeland Security, Office of Cybersecurity and

Section One of the Order: The Cybersecurity of Federal Networks.

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

CyberSecurity Apprenticeships

The President s National Security Telecommunications. AGENCY: National Protection and Programs Directorate,

National Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Cybersecurity Risk Management:

National Policy and Guiding Principles

Which Side Are You On?

Input on Proposals and Positions for 2016 World Telecommunication Standardization

Department of Homeland Security Updates

AGENCY: National Weather Service, National Oceanic and Atmospheric Administration, U.S.

Security in Today s Insecure World for SecureTokyo

Statement for the Record

Build Your Cybersecurity Team: Create a Strong Cybersecurity Workforce Using Best Practices in Development

Cybersecurity Workshop: Critical Cybersecurity Education & Professional Development

Navigation and Vessel Inspection Circular (NVIC) 05-17; Guidelines for Addressing

Cybersecurity and Data Privacy

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Breaking Out the Cybersecurity Workforce Framework

Request for Information Strategies to Improve Maritime Supply Chain Security and Achieve 100% Overseas Scanning

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

National Initiative for Cybersecurity Education

Withdrawal of Notice of Intent to Temporarily Place Mitragynine and 7- AGENCY: Drug Enforcement Administration, Department of Justice

2017 SPRING INTERNSHIP PROGRAM OPPORTUNITY

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Agency Information Collection Activities: Proposed Collection; Comment Request

IMPROVING CYBERSECURITY AND RESILIENCE THROUGH ACQUISITION

Commission for Environmental Cooperation (CEC) Sponsored Workshop on Environmental Assistance Programs and Resources for Automotive OEMs and Suppliers

Discontinuing the Metallic Handcuffs Compliance Testing Program and Request for

Statement of Organization, Functions, and Delegations of Authority: Office of the

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Programs that Work. March 7,

The National Initiative for Cybersecurity Education (NICE) The NICE Workforce Framework, NIST SP , Overview October 4, 2017

ACTION: Notice of modification to existing systems of records. General and Customer Privacy Act Systems of Records. These modifications are

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

Center for Devices and Radiological Health Premarket Approval Application Critical to Quality

The U.S. Manufacturing Extension Partnership - MEP

Presidential Documents

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Media Kit. California Cybersecurity Institute

Collaboration on Cybersecurity program between California University and Shippensburg University

CALIFORNIA CYBERSECURITY TASK FORCE

Implementation Strategy for Cybersecurity Workshop ITU 2016

Security and Privacy Governance Program Guidelines

National Science and Technology Council. Interagency Working Group on Digital Data

Cybersecurity in Higher Ed

IT Specialist Program Format 5, page

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

National Cybersecurity Center of Excellence

NSA s Centers of Academic Excellence in Cyber Security

Innovative Public/Private Partnership Approaches for Cybersecurity Workforce Development

Knox Technical Center CNC Machinist Certification

Academic Program Review Cyber Security College of Southern Nevada 2017

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Mapping to the National Broadband Plan

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Testimony. Christopher Krebs Director Cybersecurity and Infrastructure Security Agency U.S. Department of Homeland Security FOR A HEARING ON

2011 North American SCADA & Process Control Summit March 1, 2011 Orlando, Fl

NERC Staff Organization Chart Budget 2019

Subject: University Information Technology Resource Security Policy: OUTDATED

If you have any questions or concerns about this Privacy Policy, please Contact Us.

CYBERSECURITY FEDERAL UPDATE. NCSL Cybersecurity Task Force

CYBER APPRENTICESHIP. Dr. Leigh Armistead, President

Government-Industry-Academic Partnerships UW Bothell Cybersecurity Pilot

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

ISAO SO Product Outline

Continuing Professional Education Policy

NERC Staff Organization Chart Budget 2018

Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations

A Global Look at IT Audit Best Practices

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Privacy Breach Policy

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

NERC Staff Organization Chart Budget 2019

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Cityspan Technical Manual. Request for Proposals. Summer 2016 and School Year New providers only

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

DHS Election Task Force Updates. Geoff Hale, Elections Task Force

PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

Department of Defense Fiscal Year (FY) 2014 IT President's Budget Request Defense Media Activity Overview

Quality Auditing Institute, Ltd.: Grant of Expansion of Recognition and. Modification to the List of Appropriate NRTL Program Test Standards

Updates to the NIST Cybersecurity Framework

CLOSING IN FEDERAL ENDPOINT SECURITY

CyberUSA Government Cyber Opportunities for your Region: The Federal Agenda - Federal, Grants & Resources Available to Support Community Cyber

Transcription:

This document is scheduled to be published in the Federal Register on 07/12/2017 and available online at https://federalregister.gov/d/2017-14553, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket Number 170627596-7596-01] Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure: Workforce Development AGENCY: National Institute of Standards and Technology (NIST), Department of Commerce. ACTION: Notice; Request for Information (RFI). SUMMARY: Executive Order 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (the Executive Order ), directs the Secretary of Commerce, in conjunction with the Secretary of Homeland Security, and in consultation with other Federal Departments and Agencies, to assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education; and provide a report to the President with findings and 1

recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors. The National Institute of Standards and Technology (NIST) is seeking information on the scope and sufficiency of efforts to educate and train the Nation s cybersecurity workforce and recommendations for ways to support and improve that workforce in both the public and private sectors. Responses to this RFI which will be posted at https://nist.gov/nice/cybersecurityworkforce - will inform the assessment and report of the Secretaries of Commerce and Homeland Security to the President. DATES: Comments must be received by 5 p.m. Eastern time on [INSERT DATE 21 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]. ADDRESSES: Online submissions in electronic form may be sent to cybersecurityworkforce@nist.gov. Please include the subject heading of Cybersecurity Workforce RFI. Attachments to electronic comments will be accepted in Microsoft Word or Excel, or Adobe PDF formats only. Written comments may be submitted by mail to Cybersecurity Workforce RFI, National Institute of Standards and Technology, 100 Bureau Drive, Stop 2000, Gaithersburg, MD 20899. Comments containing references, studies, research, and other empirical data that are not widely published should include copies or electronic links of the referenced materials. 2

All submissions, including attachments and other supporting materials, will become part of the public record and subject to public disclosure. Sensitive personal information, such as account numbers or Social Security numbers, or names of other individuals, should not be included. Submissions will not be edited to remove any identifying or contact information. Do not submit confidential business information, or otherwise sensitive or protected information. Please do not submit additional materials. All comments received in response to this RFI will be made available at https://nist.gov/nice/cybersecurityworkforce without change or redaction, so commenters should not include information they do not wish to be posted (e.g., personal or confidential business information). Comments that contain profanity, vulgarity, threats, or other inappropriate language will not be posted or considered. FOR FURTHER INFORMATION CONTACT: For questions about this RFI, contact: Danielle Santos at 301-975-5048 or Danielle.Santos@nist.gov. Please direct media inquiries to the NIST Public Affairs Office at 301-975-2762 or Jennifer.huergo@nist.gov. SUPPLEMENTARY INFORMATION: Executive Order 13800 of May 11, 2017, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, directs the Secretary of Commerce and the Secretary of Homeland Security to consult with the Secretaries of Defense, Labor, and Education, the Director of the Office of Management and Budget, and other agencies identified jointly by the Secretary of Commerce and the Secretary of Homeland Security, in conducting an assessment and 3

making recommendations regarding the nation s cybersecurity workforce. 1 Specifically, these departments are to: (A) jointly assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education; and (B) within 120 days of this order, provide a report to the President through the Assistant to the President for Homeland Security and Counterterrorism, with findings and recommendations regarding how to support the growth and sustainment of the Nation's cybersecurity workforce in both the public and private sectors. 2 The Commerce Department s National Institute of Standards and Technology is soliciting comments from the public that will aid the Department of Commerce (DOC) and the Department of Homeland Security (DHS) in preparing the assessment and report to the President. For the purposes of this RFI, education and training of the American cybersecurity workforce does not include general workforce cybersecurity awareness efforts. Rather, education and training refers to curriculum- or practicum-based programs to increase the effectiveness of the workforce addressing cybersecurity challenges. As the Executive Order states, comments are sought on the cybersecurity workforce in both the private and public sectors. 1 Exec. Order No. 13800, Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, 82 FR 22391 (May 16, 2017). 2 https://www.federalregister.gov/d/2017-10004 4

NIST may conduct workshops to gain further public input to the assessment and recommendations regarding the cybersecurity workforce. Information will be made available at https://nist.gov/nice/cybersecurityworkforce This RFI does not address additional aspects of the cybersecurity workforce that are included in the Executive Order. Request for Information Given the nature and importance of the Executive Order, NIST requests information from the public about current, planned, or recommended education and training programs aimed at strengthening the U.S. cybersecurity workforce. Respondents are encouraged but are not required to respond to each question and to present their answers after each question. The following questions cover the major areas about which NIST seeks comment. They are not intended to limit the topics that may be addressed. Respondents may address related topics and may organize their submissions in response to this RFI in any manner. Responses may include estimates; please indicate where the response is an estimate. All responses that comply with the requirements listed in the DATES and ADDRESSES sections of this RFI will be considered. Comments containing references, studies, research, and other empirical data that are not widely published should include copies or electronic links of the referenced materials. Do not include in comments or otherwise submit proprietary or confidential information, as all comments received in response to this RFI will be made available publicly at 5

https://nist.gov/nice/cybersecurityworkforce. Comments that contain profanity, vulgarity, threats, or other inappropriate language will not be posted or considered. General Information 1. Are you involved in cybersecurity workforce education or training (e.g., curriculum-based programs)? If so, in what capacity (including, but not limited to: community college or university faculty or administrator; official with a non-profit association focused on cybersecurity workforce needs; manufacturer or service company that relies on cybersecurity employees; cybersecurity curriculum developer; cybersecurity training institute; educator in a primary grade school; government agency that provides funding for cybersecurity education; or student or employee enrolled in a cybersecurity education or training program)? Note: Providing detailed information, including your specific affiliation is optional and will be made publicly available. Commenters should not include information they do not wish to be posted (e.g., personal or confidential business information) and are strongly encouraged not to include Personally Identifiable Information in their submissions. Growing and Sustaining the Nation s Cybersecurity Workforce 1. What current metrics and data exist for cybersecurity education, training, and workforce developments, and what improvements are needed in the collection, organization, and sharing of information about cybersecurity education, training, and workforce development programs? 6

2. Is there sufficient understanding and agreement about workforce categories, specialty areas, work roles, and knowledge/skills/abilities? 3. Are appropriate cybersecurity policies in place in your organization regarding workforce education and training efforts and are those policies regularly and consistently enforced? 4. What types of knowledge or skills do employers need or value as they build their cybersecurity workforce? Are employer expectations realistic? Why or why not? Are these expectations in line with the knowledge and skills of the existing workforce or student pipeline? How do these types of knowledge and skills vary by role, industry, and sector, (e.g. energy vs financial sectors)? 5. Which are the most effective cybersecurity education, training, and workforce development programs being conducted in the United States today? What makes those programs effective? What are the goals for these programs and how are they successful in reaching their goals? Are there examples of effective/scalable cybersecurity, education, training, and workforce development programs? 6. What are the greatest challenges and opportunities facing the Nation, employers, and workers in terms of cybersecurity education, training, and workforce development? 7. How will advances in technology (e.g., artificial intelligence, Internet of Things, etc.) or other factors affect the cybersecurity workforce needed in the future? How much do cybersecurity education, training, and workforce development programs need to adapt to prepare the workforce to protect modernized cyber physical systems (CPS)? 8. What steps or programs should be continued, modified, discontinued, or introduced to grow and sustain the Nation s cybersecurity workforce, taking into account needs and trends? What steps should be taken: 7

i. At the Federal level? ii. At the state or local level, including school systems? iii. By the private sector, including employers? iv. By education and training providers? v. By technology providers? Kevin Kimball NIST Chief of Staff [FR Doc. 2017-14553 Filed: 7/11/2017 8:45 am; Publication Date: 7/12/2017] 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback