I recently had the privilege of testifying at a field hearing of the House Oversight and Government Reform Subcommittee on Information Technology on the President’s Cybersecurity National Action Plan (CNAP). The CNAP aligns well with the three-legged stool of technology, process and people that Intel Security believes is foundational to strong security, so the hearing was a good occasion to point out some of the synergies.
Specifically, the CNAP supports the technology leg of the stool with a $19 billion investment in federal cybersecurity budgets, in addition to a $3.1 billion Information Technology Modernization Fund to retire and replace many aging federal IT systems still in operation. At a broader level, the updated 2016 Federal Cybersecurity R&D Strategic Plan ensures continued focus on longer term opportunities for industry, government, and academia to collaborate on technological and systems innovation to keep pace with evolving threats. In addition, the CNAP asks government and industry to jointly develop a Cybersecurity Assurance Program to test and certify networked devices within the “Internet of Things,” whether they be refrigerators or medical infusion pumps. Intel firmly believes that global, industry-led security standards and best practices will be key to the program’s ability to achieve its objectives.
The CNAP strengthens the process leg of the stool by encouraging the creation of federal capabilities like the National Center for Cybersecurity Resilience, which would enhance the development of accurate and repeatable processes to assess and mitigate system vulnerabilities in private industries. The CNAP further supports strong cyber processes through the administration’s commitment to developing and implementing international cyber norms, allowing American companies to operate with more predictability and assurance in a global economy. The Plan also seeks to expand awareness of good cyber hygiene and more effective security processes by leveraging the National Cyber Security Alliance – where we are on the board – and engaging the private sector to assist in the widespread adoption of multifactor authentication technologies. And importantly, recognizing the importance of privacy to creating strong security processes, the Plan establishes a Council of Federal Privacy Officers.
Finally, and of particular interest to Intel Security, is the people leg of the stool. The CNAP takes important steps to reverse the cyber talent shortage with the inclusion of a $62 million increase to the President’s Budget to bolster cybersecurity personnel programs. As one example, the Plan would establish the CyberCorps Reserve program, providing cyber education scholarships to Americans seeking to serve their country in the federal civilian government. Other examples include the development of a Cybersecurity Core Curriculum, an increase in the number of participating academic institutions in the NSA Centers for Academic Excellence in Information Assurance Education program, and an expansion of student loan forgiveness programs for cyber professionals joining the federal workforce.
These education and workforce investments, in particular, will make a vital down payment to help close the cybersecurity skills gaps in government and the private sector. With more than 209,000 cybersecurity jobs in the U.S. unfilled last year, and predictions of 1.5 million more cyber jobs than takers by 2019, Intel is committed to supporting the CNAP’s cyber workforce efforts and expanding initiatives like the CyberCorps Reserve program. The CNAP is a great step forward, but to remedy our alarming cyber talent deficit and address what is now a crisis for the civilized world, we must recruit more than a million Americans trained in cybersecurity and information assurance. Only the federal government can lead the response. By offering young STEM graduates immediate employment protecting government and other critical assets, the government could stand up a Cyber National Guard that would quickly produce a trained workforce with practical experience and security clearances. After serving their country for five years in the public sector, they would find private companies like mine eager to hire them – and pay them what they’re worth.
While the CNAP contains many significant investments in technology, process, and people, my testimony also encouraged additional investment at the state and local levels, and provided recommendations for the CNAP’s Commission on Enhancing National Cybersecurity. Testifying at the hearing provided a great opportunity to see how government leaders are dealing with issues that matter to those of us on the ground every day with customers. I was pleased to see the many synergies between what we’re doing and what the government is working on. This, I guess, is one of the many manifestations of public-private cooperation.