Bill Newhouse Two Government Cybersecurity Initiatives NIST Agenda 1. An overview of the National Initiative for Cybersecurity Education (NICE) including - What is your role in it? 2. An overview of the soon-to-released "Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program" - Why it matters to you? Interagency Process led by NIST Component 1: Cybersecurity Awareness Component 2: Formal Cybersecurity Education Component 3: Cybersecurity Workforce Structure Component 4: Cybersecurity Workforce Training and Development National Initiative for Cybersecurity Education (NICE) NICE Accomplishments • Completed the public review period on October 3rd for the draft Strategic Plan which identifies goals and objectives of the initiative. • Introduced the NICE Cybersecurity Workforce Framework for public comment until December 2011. The framework can be overlaid onto any organization’s existing occupational structure and is designed to baseline capabilities, identify skill gaps, develop cybersecurity talent in the workforce, and prepare the pipeline of future talent. • Hosted 2nd Annual NICE Workshop, “Shaping the Future of Cybersecurity Education – Engaging Americans in Securing Cyberspace”, with over 300 attendees from academia, government and industry. National Initiative for Cybersecurity Education Draft Strategic Plan 1. Raise awareness among the American public about the risks of online activities. 2. Broaden the pool of skilled workers capable of supporting a cyber-secure nation. 3. Develop and maintain an unrivaled, globally competitive cybersecurity workforce http://csrc.nist.gov/nice/documents/nicestratplan/Draft_NICE-Strategic-Plan_Aug2011.pdf National Initiative for Cybersecurity Education Future Plans Promote the NICE Cybersecurity Workforce Framework Seven high-level categories, each comprising several specialty areas. Organizing structure is based on extensive job analyses and groups together work and workers that share common major functions, regardless of actual job titles or other occupational terms. As the job analysis information regarding these specialty areas is extensive, only the framework is published here. Additional details regarding each specialty area, as well as more information about the framework in general, is available online. http://csrc.nist.gov/nice/framework/ Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program As a research and development strategy, this plan defines four thrusts: Inducing Change: utilizing game-changing themes to understand the underlying root causes of existing cybersecurity deficiencies with the goal of disrupting the status quo Developing Scientific Foundations: minimizing future cybersecurity problems by developing the science of security Maximizing Research Impact: catalyzing coordination, collaboration, and integration of research activities across Federal agencies for maximum effectiveness Accelerating Transition to Practice: expediting improvements in cyberspace from research findings through focused transition programs Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program Themes for Inducing Change: Tailored Trustworthy Spaces Supporting context specific trust decisions Moving Target Providing resilience through agility Cyber Economic Incentives Providing incentives to good security Designed-in Security Developing and evolving secure software systems