The federal government is struggling with a lack of skilled cybersecurity employees and the problem will only get worse in the future. But the government is taking action to alleviate the crisis and one way it is doing so is by launching a cyber sprint. The sprint focuses on quickly achieving a number of quick wins in order to help build a more robust cybersecurity practice. In the cyber sprint, Office of Management and Budget “OMB” is directing federal agencies to deploy the Department of Homeland Security’s “DHS” EINSTEIN 3A, dramatically accelerate implementation of two-factor authentication, review and tightly limit the number of privileged users with access to authorized systems, and report back on progress within 30 days.
Another effort to address the growing shortage of cybersecurity employees is a new 120-day apprenticeship sprint. The sprint, which was launched in July, is a partnership between the Department of Labor and several other departments and agencies. The sprint is aimed at encouraging employers, industry associations, labor unions and training providers to explore Registered Apprenticeship as a recruitment, training and retention strategy for the field of cybersecurity and connect them with DOL’s Office of Apprenticeship to develop their own apprenticeship programs or join existing ones.
The sprint has resulted in 194 new cybersecurity-related Registered Apprenticeship programs. It has also added 120 cybersecurity-related occupations to pre-existing cybersecurity Registered Apprenticeship programs. It is a significant increase from the 714 programs that existed before the sprint was launched.
Adding more workers to the workforce is important because it will improve the ability of companies to identify cyberattacks and respond to them promptly. This can reduce recovery time from days to just a few hours and help ensure that business operations are not disrupted or shut down during a cyberattack.
Other efforts to improve cybersecurity include implementing a system known as security information and event management SIEM, which will provide a single dashboard for monitoring and detecting threats across the organization’s network. This will allow organizations to better defend against the latest types of cyberattacks by allowing them to detect and stop attacks in their early stages.
Another important security tool is the work of cyberthreat researchers, who uncover emerging vulnerabilities and expose them to the public. Their work helps to protect the entire Internet ecosystem, including businesses, individuals and open source tools.
The cyberattacks that caused the problems at the Office of Personnel Management, Colonial Pipeline and meat producer JBS have brought the issue of cybersecurity into the mainstream. The public, the media and many private sector companies are aware that there is a need for increased cybersecurity proficiency and resilience.
But it will take a concerted effort to maintain these improvements and prevent any further setbacks. The sprints that the administration is promoting are a good start, but it will take more than just these efforts to address the ongoing crisis. The next step must be to develop a long-term national strategy that will help create a workforce capable of protecting the United States from cyberattacks and other threats.