The mission of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is to lead the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure. An important part of CISA’s mission is enhancing education, training, recruitment, and retention of a world-class cybersecurity workforce. CISA’s cyber training and workforce planning efforts are managed through the coordinated efforts of CISA’s Cyber Defense Education and Training; the Office of the Chief Human Capital Officer; CISA Strategy, Policy, and Plans; and the Office of the Chief Learning Officer. CISA partners with other federal agencies; state, local, tribal, and territorial (SLTT) governments; industry; and academia to accomplish its work.
As part of the FY 2021 Consolidated Appropriations Act, Congress appropriated funding for a review of CISA’s program to build a national cybersecurity workforce. CISA contracted with the Academy to:
The Academy appointed a Panel of five expert Fellows to oversee and guide this study. The Academy examined the government-wide cybersecurity workforce development strategy and CISA’s strategy for developing the nation’s cybersecurity workforce and its partnership models. The study was informed through documentary research and interviews with experts at CISA, other Federal agencies, and experts in SLTT, industry, higher education, and other entities.
The Panel finds that CISA and other agencies have made progress on individual cybersecurity workforce development programs. However, the absence of a government-wide cybersecurity workforce development strategy and lack of clarity about federal agency roles and responsibilities has hindered the federal government’s ability to tap the capabilities and resources in the private sector, academia, and other levels of government. The Panel offers recommendations related to this government-wide strategy and the governance structure required.
This report also presents the results of the Panel’s review of CISA’s cybersecurity workforce development programs.
In total, the Panel report provides five findings and eight recommendations supporting the development of an effective cybersecurity workforce that is equipped to handle the cybersecurity challenges of today and the future.