DHS Needs to Clarify Cybersecurity Education Goals, Landrieu Says
The Department of Homeland Security views improved cybersecurity workforce training as one of its top cyber priorities, said Phyllis Schneck, DHS deputy undersecretary-cybersecurity, during a Senate Appropriations Homeland Security Subcommittee hearing Wednesday. Subcommittee Chairwoman Mary Landrieu, D-La., and several industry witnesses also highlighted the need for more rigorous cybersecurity workforce training, but said they believe DHS needs to delineate specific training requirements. Secretary of Homeland Security Jeh Johnson has emphasized cybersecurity education since he took over DHS in late December, and brought Schneck on his first cyber recruiting trips to Georgia Tech and Morehouse College, she said. DHS is working to improve cyber training by identifying necessary skills, current cybersecurity curricula and introducing scholarships involving federal cybersecurity service, Schneck said.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
DHS has set a goal of teaching cybersecurity to 1.7 million students by 2021, but the Obama administration’s FY 2015 budget cut funding for cybersecurity education by 52 percent, Landrieu said. She expressed concerns that the DHS response on cyber education has been too general thus far, noting that the Department of Defense has very specific requirements for its own cybersecurity workforce. She suggested DHS collaborate with DOD and the Department of Education to issue a cyber education framework. Landrieu said she supports improving cybersecurity education, but “I'm not going to invest money in programs that I'm not sure get a result.” She later said she would continue to press the requirements issue “until I can get a clearer understanding."
Specific cybersecurity education requirements are necessary because seeking to increase the cybersecurity workforce is helpful only if “we know precisely what kind of background those professionals need,” said Jonathan Katz, director of the University of Maryland-College Park’s Maryland Cybersecurity Center. Those requirements will vary widely depending on the type of job each cyber professional will perform, so “breaking that out further and understanding that would be a big step forward and would allow the nation’s academic institutions to better prepare to meet that need,” he said.
DHS’s cybersecurity programs are beneficial, but it should consider changing its information sharing model, said CenturyLink Chief Security Officer David Mahon. Most of DHS’s information sharing model is “one size fits all,” which collects broad-based information and disseminates it in a form that’s not tailored to entities of a specific size or function, which tend to be less helpful to large companies and critical infrastructure entities, Mahon said. “We have very specific collection requirements,” and DHS would be better able to satisfy those requirements under an improved information sharing model, he said.
Subcommittee ranking member Dan Coats, R-Ind., urged the Senate to move forward with “sensible legislation” on cybersecurity issues like information sharing and public-private partnerships, saying “this is something that is urgent.” The Senate Intelligence Committee is circulating a discussion draft of its cyber information sharing bill, which is widely seen to be analogous to the House-passed Cyber Intelligence Sharing and Protection Act (HR-624) but includes more privacy protections.
Sen. Chris Coons, D-Del., suggested there might be a need for legislation that clarifies agencies’ jurisdiction over cybersecurity matters. DHS currently operates its cybersecurity programs under authorities provided in the Homeland Security Act of 2002 and other legislation, but further clarification could improve the department’s ability to speed up the cybersecurity information sharing and response process, Schneck said.