A new executive order released today by the White House establishes a rotational assignment program for Federal cybersecurity personnel, requires agencies to incorporate cybersecurity aptitude assessments into their personnel development programs, and emphasizes the adoption of the National Initiative for Cybersecurity Education (NICE) Framework in government contracts, among other measures.
Titled the Executive Order on America’s Cybersecurity Workforce, the EO supports a variety of new efforts across government, including:
- Establishes a program for cybersecurity employees to rotate in and out of the Department of Homeland Security (DHS);
- Supports the adoption of the NICE Framework in assessing the Federal workforce, hiring contractors for IT and cybersecurity support, and in education;
- Identifies cybersecurity aptitude assessments and incorporates them into personnel development programs;
- Creates the President’s Cup Cybersecurity Competition for Federal employees, with a $25,000 prize for the winner;
- Awards an annual Presidential Cybersecurity Education Award to elementary and middle-school teachers;
- Ensures military personnel have opportunities to earn awards and decorations for cybersecurity.
“America built the internet and shared it with the world; now we will do our part to secure and preserve cyberspace for future generations,” said President Trump.
The EO establishes a rotational program for Federal cybersecurity personnel – an idea that also is also being considered on Capitol Hill. It’s not immediately clear whether today’s White House order renders the legislative effort redundant.
According to the White House order, DHS and the Office of Personnel Management (OPM) have 90 days to produce a report on the rotational program. The program itself will focus on allowing workers from other Federal agencies to serve at DHS and go through cybersecurity training, while at the same time experienced DHS cyber personnel will be detailed out to other agencies and participate in peer mentoring programs.
On reskilling, the EO gives the Director of OPM 180 days to identify cyber aptitude assessments and require agencies to incorporate them “as appropriate and consistent with applicable law.”
For the NICE Framework, the head of the General Services Administration (GSA) will report within one year on the effectiveness of incorporating the NICE Framework into IT and cybersecurity service contracts. In addition, the heads of the Departments of Commerce, Labor, Education, and Homeland Security “shall encourage the voluntary integration of the NICE Framework into existing education, training, and workforce development efforts” at the state and local level.
Regarding the President’s Cup Cybersecurity Competition, the contest will be run by DHS, with help from the Department of Energy and its national laboratories. The competition will test teams “across offensive and defensive cybersecurity disciplines,” with the first competition slated to take place before the end of 2019.
The EO also recognizes the need to allow cyber personnel to move in and out of government.
“During their careers, America’s cybersecurity practitioners will serve in various roles for multiple and diverse entities. United States Government policy must facilitate the seamless movement of cybersecurity practitioners between the public and private sectors,” the EO states.