President Donald Trump on Thursday issued an executive order to strengthen the cyber security work forces of the federal government and the private sector and boost cyber education at the elementary and secondary education levels.
The directive cobbles together ideas and legislation that have been circulating around Washington, D.C., for the past few years or more and would also create an annual federal cyber competition, the President's Cup Cybersecurity Competition, for federal civilian and military employees, to reward the government's top employees and teams in offensive and defensive operations.
The first annual President's Cup will be held by the end of this year and plans for the competition are due to Trump within 90 days.
A key provision in the order calls directs the Department of Homeland Security, working with the Offices of Management and Budget and Personnel Management, to establish a program to enable cyber security personnel to rotate assignments throughout the federal government, diversifying the experiences of these practitioners and also helping to bring about more common and standard approaches to cyber security across the government.
Chris Krebs, the director of the DHS Cybersecurity and Infrastructure Security Agency, told a House panel on Wednesday that one of his priorities is to essentially get everyone on the same page in the federal government when it comes to cyber security. He wants to establish a baseline of cyber security capabilities and practices throughout federal civilian agencies.
The rotational program tracks with bipartisan legislation that passed the Senate on Wednesday. The Federal Rotational Cyber Workforce Program Act (S. 406) would rotate civilian cyber security professional across government agencies, providing them opportunities to enhance their careers and experience, while also promoting networks of cyber professionals.
The bill must be approved by the House.
Another feature of the executive order establishes the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework as the foundation for skill requirements for participants. It also establishes the "lexicon and taxonomy" from the NICE Framework as a standard for "knowledge and skill requirements used in contracts for information technology and cybersecurity services," says the order, marking another step to more common practices.
Within six months, the OPM is required to deliver aptitude assessments to help federal agencies identify current employees that may have potential cyber security skills that can be enhanced so that they can take on cyber security work.
To strengthen the nation's cyber security workforce, Trump is ordering DHS and the Department of Commerce to work with all levels of government as well as academia and the private sector to make recommendations on national cyber security workforce needs.
Priorities under this effort include a "national Call to Action" to mobilize efforts and resources, "transform, elevate, and sustain the cybersecurity learning environment," and measure the effectiveness of investments in the workforce.
"More than 300,000 cybersecurity job vacancies exist in the United States today," Trump said in a statement. "They must be filled to protect our critical infrastructure, national defense, and the American way of life. These jobs represent an incredible economic opportunity for America's workers, and my Administration is working to ensure they have the skills they need to seize it."