White House Plans Cyber Workforce Development Summit
The Office of the National Cyber Director (ONCD) is planning a cyber workforce development summit that could take place as early as June, and it could be accompanied by a White House strategy on cyber workforce development, reports Joyce Corell, senior technical advisor to the national cyber director.
The ONCD was formed on January 1 of last year under the National Defense Authorization Act for Fiscal Year 2021. It was initially recommended by the Cyberspace Solarium Commission, a panel authorized by Congress.
ONCD officials are working with the secretaries of labor, education and homeland security as well as congressional offices and other “government stakeholders” on the workforce development summit, Corell reported.
The office also is working with academic institutions, including historically black colleges and universities and with the private sector, especially companies that have invested in cyber education. Corell cited MasterCard, IBM and Cisco. The latter company, she said, recently started a program aimed specifically at children who are aging out of foster care.
The summit may be accompanied with the release of a White House strategy on the issue. “That [summit] will be our launch platform for sort of a national cyber workforce strategy. I’d like everyone here to join us on that journey. Ideally, we’ll have a strategy signed by the president that will then be able to align areas of priority along with resources to act,” she said.
“That [summit] will be our launch platform for a national cyber workforce strategy."--Joyce Corell, senior tech advisor to the national cyber director #CERTS2022
— George Seffers (pronounced See furs) (@gseffers) May 9, 2022
Corell outlined some of the priorities for the ONCD. “We have four outcomes that we’re focusing on in the ONCD. One area is federal coherence, our federal agencies operating together effectively,” she said.
She indicated that the office will evaluate how agencies are resourced and what authorities they have and will attempt to ensure decisions are made as quickly and seamlessly as possible. “We will attend to seams or gaps. Those are areas we’re going to focus on to strengthen federal coherence across the board.”
A companion piece to that, she said, is what “we diplomatically refer to as aligning resources with aspirations.” She noted that the ONCD has statutory authority to look at agencies’ budgets and the “soft power of budget efficacy.”
“Because money talks. That is a power we will most definitely use as we look to help agencies improve their cybersecurity posture,” she added.
“That is a power we will most definitely use as we look to help agencies improve their cybersecurity posture.”--Joyce Corell, senior technical advisor, Office of the National Cyber Director#CERTS
— George Seffers (pronounced See furs) (@gseffers) May 9, 2022
Public-private collaboration and partnerships is another focus area. Chris Inglis, the national cybersecurity director, envisions a social contract affecting public-private collaboration, she reported. “The way he characterizes this is that the ability to manage risk or the responsibility to mitigate risk for the past 20 years has been placed on the shoulders of those who are not really equipped to mitigate that risk or don’t have the resources to mitigate that risk,” Corell said.
She noted that large companies are the ones whose cyber defenses are most often breached, but the consumers or users do not have the necessary resources to mitigate risks to themselves. “Chris characterizes this using military vernacular that really it’s industry that is the supported command and government the supporting command. When we look at cyber attacks on our country and on our infrastructure and where the adversary may seek to hold our infrastructure at risk, these are private companies that are doing this work. The fight is on their doorstep.”
She suggested that critical infrastructure companies consider a shift in priorities. “Some of the conversation we’re having with critical infrastructure operators is that when it comes to cybersecurity, instead of calculating your cyber investment as an operational expense, maybe it should be a capital expense. Prioritize that investment.”
The government’s role is to provide information. The Colonial Pipeline breach serves as an example. When the company faced a ransomware attack it shut down more of its network than was really necessary in an abundance of caution, according to Corell. White House officials called in about 20 chief executive officers from oil and gas companies and explained how they could better prepare for cyber attacks. Those CEOs took the conversation seriously and continue to remain involved in shoring up cyber defenses.
Present and future resilience is another priority for the ONCD. “This is not just resilience of our infrastructure. It’s not just resilience of federal and government systems. It’s also resilience of our nation, of our economy,” she said, recalling the supply chain issues caused by the COVID-19 pandemic. “We all realize now how important a resilient economy is to our standard of living and to our ability to be a competitive nation,” she said.
