All News

Cybersecurity workforce standards finalized

DHS issues baseline for 14 competencies

Federal News Network Staff

October 3, 2008 6:50 am

3 min read

By Jason Miller
Executive Editor
FederalNewsRadio

The Homeland Security Department Thursday issued its final version of cybersecurity workforce standards.

The Essential Body of Knowledge for the Information Technology Workforce Development (EBK) lays out baseline skills and knowledge cybersecurity employees must have based on their roles and responsibilities.

Greg Garcia, DHS’s assistant secretary for cybersecurity and communications, says the final version of the EBK changed little from the version released in May.

“We got a lot of mostly positive feedback and we got a lot of very constructive feedback,” says Garcia after an event in Washington kicking-off National Cybersecurity Awareness Month.

“Human resources departments can look at what types of security expertise they need in organization, gives them titles and job descriptions and it really uses a lot of IT security training and education tools that already are out there and puts them together into a common uniform package.”

DHS says the EBK is an effort to advance IT security training and certification and help ensure the most qualified and appropriately trained IT security workforce.

The document breaks down 14 competency areas that address manage, design, implement and evaluate functions.

Some of the competency areas include data security, IT systems operations and maintenance, incident management and IT security training and awareness.

DHS plans to update the EBK every two years to keep it current and useful.

Garcia says DHS is talking to state chief information officers on how they would use the EBK to improve their security infrastructure. He says a few pilots could start in the near future.

This effort comes as the federal CIO Council is working on certification requirements for IT security professionals.

The council is developing specific requirements for certain IT security jobs in government. The certification requirements will be similar to what the council did in developing project management certification.

The EBK is one way DHS is focusing education and training.

Garcia says since 2002, 750 students have graduated from the Scholarship for Service program to bring more cybersecurity professionals into the government. Those graduates are working at 100 agencies across the government.

The department also is working with 94 academic centers of excellence in 38 states to educate cybersecurity workers.

Garcia says DHS also has supported statewide cyber exercises in Delaware, Massachusetts and Vermont.

Education and training is not limited to non-federal entities. Garcia says DHS’s U.S. Computer Emergency Response Team (U.S.-CERT) has received 71,000 incident reports from agencies in 2008.

“That is a sign of increased awareness and a sign of increased threats,” he says.

U.S.-CERT also has set up a secure portal with 4,300 federal and industry members to share sensitive information about vulnerabilities and threats on networks.

“This lets us be better prepared to deal with adversaries in real time,” Garcia says. “It is about protecting your networks in milliseconds and having a secure portal will get word out in quick and secure way. It is working quite well.”

The portal is part of a key focus area for DHS to share meaningful information. Other key areas include developing enhanced response capabilities, creating tools to evaluate cybersecurity preparedness and strengthening federal networks.

“Over the past several years we have progressively enhanced our efforts,” Garcia says. “Those attacking us are more sophisticated than ever before.”

—–
On the Web:

FederalNewsRadio – DHS Announces New Cybersecurity Chief

FederalNewsRadio – DHS wants to keep cyber role

Homeland Security Department – Essential Body of Knowledge for IT Security Workforce Development (pdf)