The White House has issued a road map to developing a cyber security work force that it says will "provide a path to a more secure digital nation," Nextgov.com reports.
The document was created by the National Initiative for Cybersecurity Education, or NICE, a branch of the Commerce Department. The document provides a strategy for measuring cyber security work force development efforts.
For example, by 2012, agencies must adopt cyber security competency models. By 2015, the government will produce an estimate of the competency of the national cyber security work force. By then, federal contractors also must comply with standard cyber work force descriptions. The government expects a 20 percent increase in the cyber security labor pool nationwide by then as well.
A 28-page strategy deals with developing qualifications for cyber pros. It calls for working with universities and private companies on identifying essential skills for dealing with ever-evolving threats. A baseline of skills is to be developed by 2013 and a way to access skills of those working at federal, state and local levels.
Much of the framework is open for comment until Sept. 12.
In a separate Nextgov.com piece, however, Alan Paller, director of the SANS Institute, says the plan has one fatal flaw:
There's no plan for developing the hands-on teachers or for using the existing hands-on people as teachers. It would be like having pilots trained by non-pilots; it would be scary.
Paller advocates for a plan that focuses on developing programming skills in middle school; security programming and networking management skills in high schools; and other advanced skills, such as script development and automation, reverse engineering, exploit analysis and forensics, in colleges and universities.
Paller wrote in a piece submitted to NICE leaders:
Development of those skills requires an educational model much like that used for pilots and doctors. Teaching hospitals and flight training schools are the central ingredients. They are staffed by skilled pilots and skilled doctors with thousands of hours of hands-on experience - not by academics who learned their medicine or piloting from books.
The NICE document also deals with ways to test the effectiveness of government campaigns to raise public awareness of cyber threats.