Valuable Federal Cybersecurity Training for Critical Infrastructure Organizations
May 7, 2015
Jon Oltsik originally published on 5-5-15
Last week I wrote two blogs about cybersecurity, critical infrastructure organizations, and the US government.
In the first blog, I mentioned some ESG research stating that 76% of cybersecurity professionals working at critical infrastructure organizations were somewhat or very unclear about the US government’s cybersecurity strategy (note: I am an ESG employee). In spite of this confusion, 83% of these same cybersecurity pros want to see the feds become more active with cybersecurity programs and defenses.
In my subsequent blog, I went a step further by providing additional ESG research that asked these same cybersecurity professionals working at critical infrastructure organizations to identify the specific federal cybersecurity actions they’d like to see from Washington. As part of the list of suggestions, 37% said that the federal government should provide funding for cybersecurity professional training and education.
Now I’ve been somewhat critical of federal cybersecurity education programs in the past for a number of reasons. While Washington has come up with a few good ideas such as the National Initiative for Cybersecurity Education (NICE) and the NSA’s information assurance program for academia, I’ve seen a lot more talk than action from DC. When the feds have been willing to spend, they typically treat cybersecurity education as a Pork Barrel initiative, spreading meager funds across a multitude of education programs.
In my humble opinion, the US is lacking a cybersecurity education strategy which nurtures and funds national centers of cybersecurity excellence. Undeterred, the State of MD has done a great job building a standout cybersecurity education program on its own and I hope my own State of Massachusetts can replicated this model, lead by higher educational institutions, private companies, State funding, and the Advanced Cybersecurity Center.