As we reported back in May of this year, a survey of federal workers found that 59 percent believe their agencies are having issues understanding how their own systems could be breached by a cyber attack, and 40 percent reported they were unaware of where their key assets were located.
Additionally, a surprising 65 percent said they felt the government in general is not able to detect ongoing cyber attacks from outsiders.
Shortly thereafter, the White House released its first-ever Cybersecurity Workforce Strategy, identifying the recommendations and actions that need to be taken to secure the information held by the government as well as much of the private sector from domestic and international hackers.
During a gathering of the US Government Advisory Council (USGAC) in June of this year, council members were tasked to develop specific actions, while keeping in mind the transition of the upcoming presidential election.
The International Information Systems Security Certification Consortium (ISC)2 has just released a letter written to Federal chief information security officer (CISO) Brigadier General (retired) Gregory J. Touhill, government officials at the White House and the Office of Personnel Management, outlining the group’s recommendations.
To address the needs of both the cyber workforce and the general workforce, the group recommended funding the ongoing work that the NIST is doing to identify cybersecurity knowledge, and setting aside training dollars for non-cybersecurity personnel.
Additionally, the cybersecurity consultants say resources must be allocated to conduct rigorous cyber hygiene training and simulation drills, along with practical exercises for users of all levels.
They also recommend enhanced communication concerning cyber attacks and how the agencies handled the attacks, informing the general workforce about these issues and how successful the cyber force was in dealing with such attacks.
Finally, ISC2 stressed the need to address the shortage of the cyber security workforce and the demand for specialized training, as well as waning employee morale.
“Based on our research, advancing an organization’s security agenda no longer rests upon educating its cyber workforce: rather, it must educate its entire workforce, across all departments, in cyber,” added Dan Waddell, CISSP, CAP, PMP, USGAC chair, (ISC)² managing director, North America Region, and director, U.S. Government Affairs.
“Our goal in delivering these recommendations to Brig. Gen. Touhill is to support workforce prioritization and facilitate dialogue among those in the federal CISO community as critical decisions are being made during the upcoming presidential transition period, and beyond.”
A copy of the letter can be found here.