Increasing the effectiveness of the federal role in cybersecurity education
The nation’s critical infrastructure is increasingly reliant on information technology, while cyberattacks continue to get worse. A well-trained cybersecurity workforce is essential to both government and private industry. With cyber threats growing, however, the United States faces a severe shortage of properly trained and equipped cybersecurity professionals.
Cybersecurity education programs
Two programs that seek to enhance cybersecurity education at the nation’s colleges and universities are at the center of the federal effort to alleviate the shortage: The National Centers of Academic Excellence in Information Assurance/Cyber Defense (CAEs), a program managed by the National Security Agency (NSA) and the Department of Homeland Security (DHS), and the CyberCorps®: Scholarship for Service (SFS) program managed by the National Science Foundation (NSF). The CAE designation was created to promote higher education in information assurance, with the expectation that it would ultimately result in a greater number of highly skilled cybersecurity professionals. The NSF program was introduced in 2001 to alleviate the shortage in the federal cybersecurity workforce by offering scholarships to students in return for commitments to work in the federal sector after graduation. The NSF program also offers capacity building grants to participating schools for additional faculty, facilities, and research projects.
After reviewing the features and operation of both programs, conducting an extensive literature review and a large number of interviews with program administrators, participants, academic specialists, and cybersecurity experts in both the private and public sectors, the Panel formulated four major recommendations for improving the CAE and SFS programs:
- Strengthen the hands-on education component in both the CAE and SFS programs.
- Identify, track, and use performance indicators for both the CAE and SFS programs.
- Expand the SFS program to address the entire public sector (federal, state, local, tribal, and territorial governments) by default as opposed to special permission and include qualified two-year programs regardless of their association with a four-year institution.
- Emphasize to the Department of Defense (DOD) senior leadership, including the Secretary of Defense, the importance of the CAE program for growing the federal cybersecurity workforce.