Cybersecurity educationNew partnership to promote cybersecurity education

Published 31 October 2011

There will be a need of more than 700,000 new information security professionals in the United States by 2015; the U.S. Bureau of Labor Statistics estimate that there will be 295,000 new IT jobs created in the United States by 2018 — many of which will require cybersecurity expertise; new partnership focuses on cybersecurity training and education

The National Cyber Security Alliance (NCSA), a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens, announced Friday that on behalf of the National Cybersecurity Education Council (NCEC) it has signed a memorandum of understanding (MOU) with the U.S. Department of Education (DE) and the National Institute of Standards and Technology (NIST) formally to institute and promote cyber security education programs in K-12 schools, higher education, and career and technical education environments nationwide.

The NCSA says the new agreement paves the way for the continuation of the recently established public private partnership known as the National Cybersecurity Education Council (NCEC) to build a consensus on the future of cyber education in the United States. The effort will bring together government, industry, nonprofit, academia, and other educational organizations to make recommendations and suggest guidelines on cyber education.  The collaboration will also include all parties participating in a working group to identify the cyber education needs of all young people and the foundational knowledge, skills, and competencies needed by government and industry to build a workforce that can protect America’s vital digital assets.

The MOU’s partnership supports many of the educational efforts responding to President Obama’s 2009 Cyberspace Policy Review, which called for the United States to “build an education system that will enhance understanding of cybersecurity and allow the United States to retain and expand upon its scientific, engineering, and market leadership in information technology.”

Toward this end, in the spring of 2010, the National Institute of Standards and Technology (NIST), within the U.S. Department of Commerce, led a team involving many departments and agencies from across the U.S. government in launching the National Initiative for Cybersecurity Education (NICE). The goal of NICE is to establish an operational, sustainable, and continually improving cybersecurity education program for the United States to use sound cyber practices that will enhance U.S. security. NICE includes four focus areas, or tracks: cybersecurity awareness, formal cybersecurity education, cybersecurity workforce structure, and cybersecurity workforce training and professional development. The public/private partnership, which the MOU fosters, will advance efforts of the formal education track, particularly responding to the needs identified in the Cyberspace Policy Review for a K-12 cybersecurity education program for digital safety, ethics, and security and for expanded university curricula.

NCSA says that NCEC members are also aware of the inherent demand for improved cybersecurity education in bolstering America’s future workforce. Today, the United States faces a deficit in the number of cybersecurity professionals, and predictions of our future needs are worrisome. Estimates from a recent study by (ISC)2 and Frost and Sullivan reveal a need of more than 700,000 new information security professionals in the Americas by 2015. What is more, the U.S. Bureau of Labor Statistics estimate that there will be 295,000 new IT jobs created in the United States between 2008 and 2018 — many of which will require cybersecurity expertise. This data points out a great responsibility within the U.S. education system and other industry groups to help produce cyber capable citizens.

Cyber education is also critical to the U.S. economic growth as evidenced by a recent survey, conducted by Zogby International for NCSA and Symantec, of U.S. small business owners that shows a high portion of businesses need employees with cybersecurity skills. When employers were asked to rate skills necessary for new hires, U.S. small businesses report the following skills are very relevant or essential:

— Understanding privacy (51 percent)
— Importance of protecting intellectual property (49 percent)
— Basic knowledge of using technology ethically (47 percent)
— Basic knowledge of Internet security practices (passwords, identifying secure websites) (44 percent)

In addition, NCSA and Microsoft recently conducted research on the state of cybersecurity education and the results make clear better cyber education is needed in America’s K-12 classrooms.

— More than one-third of U.S. K-12 teachers (36 percent) received zero hours of professional development training by their school districts in issues related to online safety, security and ethics in the past year (86 percent received less than six hours of related training)
— Only 51 percent of teachers agree their school districts do an adequate job of preparing students for online safety, security and ethics
— Few K–12 educators are teaching topics that would prepare students to be cybercapable employees or cybersecurity-aware college students. In the past year, a mere 4 prcent taught about careers in cybersecurity; 20% taught about knowing when it is safe to download files; 23 percent taught about using strong passwords; and just 7 percent taught about the role of the Internet in the U.S. economy.